Installation and Upgrade Guide for Cisco Secure Access Control System 5.5
Installing and Configuring Cisco Secure Access Control System with Cisco SNS 3415 and Cisco SNS 3495 Appliances
Downloads: This chapterpdf (PDF - 172.0KB) The complete bookPDF (PDF - 7.54MB) | Feedback

Table of Contents

Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco SNS-3495

Installing ACS on the Cisco SNS-3415/3495 Appliance

Downloading the Cisco Secure ACS 5.5 ISO Image

Installing the ACS Server

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Remotely Using CIMC

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Using the USB Drive

Creating a Bootable USB Drive

Running the Setup Program

Verifying the Installation Process

Resetting the Administrator Password

Reimaging the Cisco SNS-3415/3495 Appliance

Regulatory Compliance

Installing and Configuring the Secure Access Control System with the Cisco SNS-3415 and Cisco SNS-3495

This chapter describes how to install and initially configure the Cisco SNS-3415 or Cisco SNS-3495 and the ACS 5.5 server.

This chapter contains:

Installing ACS on the Cisco SNS-3415/3495 Appliance

The Cisco SNS-3415 or Cisco SNS-3495 appliance is preinstalled with the ACS 5.5 software. This section gives you an overview of the installation process and the tasks that you must perform before installing ACS.

Before you begin installing ACS 5.5, you must:

1. Open the box and check the contents. See Chapter7, “Unpacking and Inspecting the Server”

2. Read Chapter6, “Introducing the Cisco SNS-3415 and Cisco SNS-3495 Hardware Appliances” .

3. Read the general precautions and safety warnings in Chapter7, “Preparing to Install the Cisco SNS 3415 and Cisco SNS 3495 Hardware Appliances”

4. Install the appliance in the rack. See Chapter7, “Preparing for Server Installation”

5. Connect the Cisco SNS-3415 or Cisco SNS-3495 to the network and appliance console. See Chapter8, “Connecting Cables”

6. Power up the Cisco SNS-3415 or Cisco SNS-3495 appliance. See Chapter8, “Connecting and Powering On the Cisco SNS-3415/3495 Appliance”

7. Power up the Cisco SNS-3415 or Cisco SNS-3495 appliance to the network and appliance console. See Chapter8, “Connecting Cables”

8. Run the setup command at the CLI prompt to configure the initial settings for the ACS server. See Running the Setup Program. The setup can be done by using the appliance console or CIMC.

You can use the Cisco UCS Server Configuration Utility, Release 3.0 User Guide to configure the
Cisco SNS-3415 or Cisco SNS-3495 appliance. You can also see the Cisco UCS C-Series Rack Server guides for more information on Cisco SNS-3415 or Cisco SNS-3495 appliance.

Downloading the Cisco Secure ACS 5.5 ISO Image

You can download the Cisco Secure ACS 5.5 ISO image from Cisco.com


Step 1 Go to http://www.cisco.com/go/acs . You must already have a valid Cisco.com login credentials to access this link.

Step 2 Click Download Software.

The Cisco Secure ACS Release 5.5 software image appears on the Cisco.com page. You can test all the Cisco ACS services once your installation and initial configuration are complete.


 


Note You can download the ACS 5.x software images from Cisco.com only when you have a valid Software Application Support (SAS) contract for a previous version of ACS 5.x software. If you do not have a valid SAS contract for a previous version, you must contact your Sales Engineer (SE), Accounts Manager (AM), or Cisco partners to publish the software image on Cisco.com to the specific customers account.


Installing the ACS Server

After you download the Cisco Secure ACS 5.5 ISO image, you can use any of the following options to install and set up the Cisco Secure ACS 5.5 software on your appliance:

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Remotely Using CIMC

After you have configured the CIMC for your appliance, you can use it to manage your Cisco SNS-3415 or Cisco SNS-3495 appliance. You can perform all operations including BIOS configuration on your Cisco SNS-3415 or Cisco SNS-3495 appliance through the CIMC.


Step 1 Connect to the CIMC for server management. Connect Ethernet cables from your LAN to the server, using the ports that you selected in NIC Mode setting. The Active-active and Active-passive NIC redundancy settings require you to connect to two ports.

Step 2 Use a browser and the IP address of the CIMC to log in to the CIMC Setup Utility. The IP address is based upon your CIMC config settings that you made (either a static address or the address assigned by your DHCP server).


Note The default user name for the server is admin. The default password is password.


Step 3 Use your CIMC credentials to log in.

Step 4 Click Launch KVM Console .

Step 5 Click the Virtual Media tab.

Step 6 Click Add Image to select the ACS 5.5 ISO from the system running your client browser.

Step 7 Check the Mapped check box against the virtual CD/DVD drive that you have created.

Step 8 Click the KVM tab.

Step 9 Choose Macros > Ctrl-Alt-Del to boot the Cisco SNS-3415 or Cisco SNS-3495 appliance using the ISO image.

Step 10 Enter F6 to bring up the boot menu. A screen similar to the following one appears.

 

 

Step 11 Select the CD/DVD that you mapped and press Enter . The following message is displayed.

Welcome to the Cisco Secure ACS 5.5 Recovery

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS Installation (Keyboard/Monitor)

[2] Cisco Secure ACS Installation (Serial Console)

[3] Recover administrator password (Keyboard/Monitor

[4] Recover administrator password (Serial Console)

<Enter> Boot existing OS from hard disk.

Enter boot option and press <Enter>

boot:

Step 12 At the boot prompt, enter 1 and press Enter .

Step 13 After you enter the network configuration parameters in the Setup mode, the appliance automatically reboots, and returns to the shell prompt mode.

Step 14 Exit from the shell prompt mode. The appliance comes up.

Step 15 Continue with Verifying the Installation Process.


 

Installing ACS 5.5 on the Cisco SNS-3415/3495 Appliance Using the USB Drive

To install ACS 5.5 on the Cisco SNS-3415 or Cisco SNS-3495 appliance using the USB drive, complete the following steps:

Before You Begin

You need to create a bootable USB drive. See Creating a Bootable USB Drive.


Step 1 Power on the Cisco SNS-3415 or Cisco SNS-3495 appliance.

Step 2 Plug in your bootable USB drive that has the Cisco Secure ACS ISO image into the USB port.

Step 3 Restart ACS and go to the BIOS mode.

Step 4 In the BIOS mode, choose boot from USB.

Step 5 Exit from the BIOS mode and click Save .

Step 6 Again, restart ACS and boot from USB.

Step 7 Now, continue reimaging the Cisco SNS-3415 or Cisco SNS-3495 using the USB drive.

The following message is displayed.

Welcome to the Cisco Secure ACS 5.5 Recovery

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS Installation (Keyboard/Monitor)

[2] Cisco Secure ACS Installation (Serial Console)

[3] Reset administrator password (Keyboard/Monitor

[4] Reset administrator password (Serial Console)

<Remove USB key and reboot to boot existing Hard Disk>

Please enter boot option and press <Enter>

boot:

Step 8 At the boot prompt, enter 1 and press Enter .

Step 9 After you enter the network configuration parameters in Setup mode, the appliance automatically reboots and returns to the shell prompt mode.

Step 10 Exit from the shell prompt mode. The appliance comes up.

Step 11 Continue with Verifying the Installation Process.


 

Creating a Bootable USB Drive

The Cisco Secure ACS 5.5 ISO image contains a “Documentation\USB-Bootable-Scripts” directory that has a Readme file and a script to create a bootable USB to install Cisco Secure Access Control System 5.5.

Before You Begin

  • You should have read the Readme in the “Documentation\USB-Bootable-Scripts” directory.
  • You need the following:

Linux machine with RHEL-5 or RHEL-6, CentOS 5. x or CentOS 6. x . If you are going to use your PC or MAC, ensure that you have installed a Linux VM on it.

A 4-GB USB drive

The iso-to-usb.sh script

  • You should have access permissions to the drives in the local Linux machine.

Step 1 Plug in your USB drive into the USB port.

Step 2 Copy the iso-to-usb.sh script and the Cisco Secure ACS 5.5 ISO image to a directory on your linux machine.

Step 3 Enter the following command:

iso-to-usb.sh source_iso usb_device

For example, # ./iso-to-usb.sh ACS_v5.5.0.46.0a.iso/dev/sdc where iso-to-usb.sh is the name of the script, ACS_v5.5.0.46.0a.iso is the name of the ISO image, and /dev/sdc is your USB device.

The following success message is displayed.

*** W A R N I N G ***

THIS SCRIPT WILL DELETE ALL EXISTING CONTENT ON YOUR USB DRIVE: /dev/sdb/

ARE YOU SURE YOU WANT TO CONTINUE? [Y/N]: y

Deleting partition table on USB drive: /dev/sdb ...

Creating new partition table on USB drive: /dev/sdb ...

Formatting BOOT partition: /dev/sdb1 as VFAT ...

Formatting DATA partition: /dev/sdb2 as EXT2 ...

Copying syslinux files to USB partition: /dev/sdb1 ...

Copying ISO file to USB partition: /dev/sdb2 ...

DONE!

Step 4 Unplug your USB drive.


 


Note After you execute the command iso-to-usb.sh, your USB drive will be partitioned in a format where non-Linux operating systems will not recognize all of the spaces available in it. To repartition your USB drive for general purpose use with Windows or MAC operating system, you need to run the command repurpose-usb.sh utility in this directory. This utility will repartition and reformat your USB key for general use.


Running the Setup Program

This section describes the setup process to install the ACS server.

The setup program launches an interactive command-line interface (CLI) that prompts you for the required parameters.

An administrator can use the console or a dumb terminal to configure the initial network settings and provide the initial administrator credentials for the ACS 5.5 server using the setup program. The setup process is a one-time configuration task.

To install the ACS server:


Step 1 Power on the appliance.

The setup prompt appears:

Please type ‘setup’ to configure the appliance

localhost login:

Step 2 At the login prompt, enter setup and press Enter .

The console displays a set of parameters. You must enter the parameters as described in Table 9-1 .


Note You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.


 

Table 9-1 Network Configuration Parameters

Prompt
Default
Conditions
Description

Host Name

localhost

First letter must be an ASCII character.

Length must be from 3 to 15 characters.

Valid characters are alphanumeric (A-Z, a-z, 0-9), hyphen (-), and the first character must be a letter.

Note When you intend to use AD ID store and set up multiple ACS instances with same name prefix, use maximum of 15 characters as the host name so that it does not affect the AD functionality.

Enter the hostname.

IPV4 IP Address

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter the IP address.

IPv4 Netmask

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid netmask.

IPv4 Gateway

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid default gateway.

Domain Name

None, network specific

Cannot be an IP address.

Valid characters are ASCII characters, any numbers, hyphen (-), and period (.).

Enter the domain name.

IPv4 Primary Name Server Address

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid name server address.

Add/ another nameserver

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Note You can configure a maximum of three name servers from ACS CLI.

To configure multiple name servers, enter Y .

NTP Server

time.nist.gov

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255 or a domain name server.

Note You can configure a maximum of three NTP servers from ACS CLI.

Enter a valid domain name server or an IPv4 address.

Timezone

UTC

Must be a valid local time zone.

Enter a valid timezone.

SSH Service

None, network specific

None

To enable SSH services, enter Y .

Username

admin

The name of the first administrative user. You can accept the default or enter a new username.

Must be from 3 to 8 characters, and must be alphanumeric (A-Z, a-z, 0-9).

Enter the username.

Admin Password

None

No default password. Enter your password.

The password must be at least six characters in length, have at least one lowercase letter, one uppercase letter, and one number.

In addition:

  • Save the user and password information for the account that you set up for initial configuration.
  • Remember and protect these credentials because they allow complete administrative control of the ACS hardware, the CLI, and the application.
  • If you lose your administrative credentials, you can reset your password by using the ACS 5.5 installation CD.

Enter the password.

The console requests for the parameters as shown below:

localhost login: setup

Enter hostname[]: acs-server-1

Enter IP address[]: a.b.c.d

Enter IP default netmask[]: 255.255.255.255

Enter IP default gateway[]: a.b.c.d

Enter default DNS domain[]: mycompany.com

Enter primary nameserver[]: a.b.c.d

Add secondary nameserver? Y/N : n

Add primary NTP server [time.nist.gov]: a.b.c.d

Add secondary NTP server? Y/N : n

Enter system timezone[UTC]:

Enable SSH service Y/N [N] : y

Enter username [admin]: admin

Enter password:

Enter password again:

Pinging the gateway...

Pinging the primary nameserver...

Do not use `Ctrl-C' from this point on...

Appliance is configured

Installing applications...

Installing acs...

Generating configuration...

Rebooting...

After the ACS server is installed, the system reboots automatically.

Now, you can log into ACS using the CLI username and password that was configured during the setup process.


Note You can use this username and password to log in to ACS only via the CLI.



Note The initial setup of the ACS 5.5 server should be configured with an IPv4 IP address. You can configure the IPv6 IP address for your server only after the initial setup is completed.



Note ACS 5.5 supports IPv4 and IPv6 dual stack networking and does not support pure IPv6 network.



 

Verifying the Installation Process

To verify that you have correctly completed the installation process:


Step 1 When the system reboots, at the login prompt enter the username you configured during setup, and press Enter .

Step 2 At password prompt, enter the password you configured during setup, and press Enter .

Step 3 Verify that the application has been installed properly by entering the show application command, and press Enter .

The console displays:

<name> <Description>

acs Cisco Secure Access Control System 5.5

 

Step 4 At the system prompt, check the release and ACS version that are installed, by entering the show application version acs command and pressing Enter .

The console displays:

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.5.0.46

Internal Build ID : B.221


Note The Version and Internal Build ID may change for different versions of this release.


Step 5 Check the status of ACS processes, at the system prompt by entering show application status acs , and press Enter .

The console displays:

ACS role: PRIMARY

Process 'database' running

Process 'management' running

Process 'runtime' running

Process 'ntpd' running

Process 'view-database' running

Process 'view-jobmanager' running

Process 'view-alertmanager' running

Process 'view-collector' running

Process 'view-logprocessor' running


 


Note To get the latest ACS patches and to keep your ACS up-to-date, visit http://software.cisco.com/download/navigator.html?i=rt


Resetting the Administrator Password

If you are not able to log in to the system due to the loss of the administrator password, you can use the ACS 5.5 recovery DVD to reset the administrator password.


Note You can also use the bootable USB drive and CIMC to reset the administrator password.


To reset the administrator password:


Step 1 Power up the appliance.

Step 2 Insert the ACS 5.5 recovery DVD.

The console displays:

Welcome to Cisco Secure ACS 5.5 Recovery

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.5 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.5 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video monitor, or enter 4 if you are using a serial console port.

The console displays a set of parameters.

Step 3 Enter the parameters as described in Table 9-2 .

 

Table 9-2 Password Reset Parameters

Parameter
Description

Admin username

Enter the number of the administrator whose password you want to reset.

Password

Enter the new password for the administrator.

Verify password

Enter the password again.

Save change & Reboot

Enter Y to save.

The console displays:

Admin username:

[1]:admin

[2]:admin2

[3]:admin3

Enter number of admin for password recovery:1

Password:

Verify password:

Save change&reeboot? [Y/N]:


 

Reimaging the Cisco SNS-3415/3495 Appliance

You can either use CIMC or the bootable USB drive to reimage the Cisco SNS-3415 or Cisco SNS-3495 appliance with ACS 5.5.

To reimage the Cisco SNS-3415 or Cisco SNS-3495 appliance:

Regulatory Compliance

For regulatory compliance and safety information, see Regulatory Compliance and Safety Information for Cisco Secure Access Control System. This document is available online at Cisco.com:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/regulatory/
compliance/csacsrcsi.html