Installation and Setup Guide for Cisco Secure ACS Solution Engine Version 3.3 - Command Reference [Cisco Secure Access Control Server Solution Engine]

Table Of Contents

Command Reference

CLI Conventions

Command Privileges

Checking Command Syntax

System Help

Command Description Conventions

Commands

backup

dbcompact

download

exit

exportgroups

exportlogs

exportusers

help

ntpsync

ping

reboot

restart

restore

rollback

set admin

set domain

set hostname

set ip

set password

set time

set timeout

show

shutdown

start

stop

support

tracert

upgrade

Command Reference

This appendix summarizes the command line interface (CLI) commands of the Cisco Secure ACS Solution Engine 3.3.

This appendix contains the following sections:

•CLI Conventions

•Command Privileges

•Checking Command Syntax

•System Help

•Command Description Conventions

•Command Description Conventions

•Commands

CLI Conventions

The command-line interface (CLI) uses the following conventions:

•The key combination ^c, or Ctrl-c, means hold down the Ctrl key while you press the c key.

•A string is defined as a nonquoted set of characters.

Do not confuse the Cisco Secure ACS Solution Engine CLI with the IOS CLI. Though they are similar, they are not identical.

Command Privileges

Access to CLI commands on the Cisco Secure ACS Solution Engine is limited to those who physically connect via the console port and who possess the proper administrative credentials.

For more information about establishing the console connection, see Establishing a Serial Console Connection, page 3-15.

Checking Command Syntax

The serial console interface provides several types of responses to incorrect command entries:

•If you enter a command line that does not contain any valid commands, the system displays Command not found.

•If you enter a valid command but omit required options, the system displays Incomplete command.

•If you enter a valid command but provide invalid options or parameters, the system displays Invalid input.

In addition, some commands have command-specific error messages that notify you that a command is valid, but that it cannot run correctly.

System Help

You can obtain help using the following methods:

•For a list of all commands and their syntax, enter help, and then press Enter.

•For help on a specific command, type the command name, a space, and a question mark, and then press Enter, for example, show?. The help contains command usage information and syntax.

Command Description Conventions

Command descriptions in this document and in the CLI help system use the following conventions:

•Vertical bars (|) separate alternative, mutually exclusive elements.

•Square brackets ([ ]) indicate optional elements.

•Braces ({ }) indicate a required choice. Braces within square brackets ([{ }]) indicate a required choice within an optional element.

•Bold indicates commands and keywords that are entered literally as shown.

•Italics indicate arguments for which you supply values.

Commands

This section describes the Cisco Secure ACS Solution Engine commands. Command names are case insensitive.

backup

To backup ACS data to an FTP server, use the backup command.

backup [server] [username] [filepath]

Syntax Description

server Hostname for the FTP server to which the file will be sent.

username User account name used to authenticate the FTP session.

filepath Location under the FTP root for the server into which the backup will be sent.

Usage Guidelines

If you do not enter the parameters, the system prompts you for the information. Also you are prompted to encrypt the backup. If you indicate you want to encrypt the data, you are prompted for an encryption password. For more information, see Backing Up ACS Data via the Serial Console, page 4-17.

Example

The following command employs the user account joeadmin to backup the ACS data to the backupdata folder on the onyx FTP server:
backup onyx joeadmin backupdata
dbcompact

To compact the database by dumping, initializing the database, and loading the database from the dump file, use the dbcompact command.

Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication.

dbcompact

Syntax Description

This command has no arguments or keywords.

Example

The following command compacts the database by dumping, initializing the database, and loading the database from the dump:
dbcompact
download

To download an upgrade image to the Cisco Secure ACS Solution Engine use the download command. Executing the download command establishes contact with the system specified, retrieves the manifest file from that system, and automatically downloads the upgrade image to the Cisco Secure ACS Solution Engine.

download [hostAddress]

Syntax Description

hostAddress The IP address from which the image will be sent

Usage Guidelines

This command is generally executed from within the HTML interface. After loading an upgrade image by executing the download command, you need to install the image by using the upgrade command. For more information see Upgrading the Solution Engine, page 4-29.

Example

The following command downloads an upgrade image from the system with the address 10.51.256.256
download 10.51.256.256
exit

To log out of the system, use the exit command.

exit

Syntax Description

This command has no arguments or keywords.

Example

The following command logs you out of the system:
exit
exportgroups

To export a list of user groups, use the exportgroups command.

exportgroups [server] [username] [filepath]

Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication.

Syntax Description

server Hostname for the FTP server to which the file will be sent.

username User account name used to authenticate the FTP session.

filepath Location under the FTP root for the server into which the group list will be sent.

Usage Guidelines

If you do not enter the parameters, the system prompts you for the information.

Example

The following command employs the user account joeadmin to send a list of user groups to the groupdata folder on the diamond FTP server:
exportgroups diamond joeadmin groupdata
exportlogs

To list and send selected logs to an FTP server, use the exportlog command.

exportlogs [filename] [filename]

Syntax Description

filename Name of the file to be exported.

Usage Guidelines

This command lists all the log files that can be downloaded to an FTP server if no filenames are supplied. Otherwise, you can enter each filename with a space separating each filename. You are then prompted for the FTP server address, user login name, password, and the filepath for the file or files to be uploaded.

Example

The following command exports the log files mylog2002-01-31.csv and mylog2002-02-01.csv:
exportlog mylog2002-01-31.csv mylog2002-02-01.csv
exportusers

To export a list of users, use the exportusers command.

exportusers [server] [username] [filepath]

Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication.

Syntax Description

server Hostname for the FTP server to which the file will be sent.

username User account name used to authenticate the FTP session.

filepath Location under the FTP root for the server into which the users list will be sent.

Usage Guidelines

If you do not enter the parameters, the system prompts you for the information.

Example

The following command employs the user account joeadmin to send a list of users to the userdata folder on the emerald FTP server:
exportusers emerald joeadmin userdata
help

To list descriptions of commands, use the help command.

help

Syntax Description

This command has no arguments or keywords.

Example

The following command lists descriptions of commands:
help
ntpsync

To perform Network Time Protocol (NTP) synchronization with a predefined NTP server, use the ntpsync command. For information on setting the NTP server see set time.

ntpsync

Syntax Description

This command has no arguments or keywords.

Example

The following command uses the predefined NTP synchronization server to synchronize Cisco Secure ACS Solution Engine time to the NTP server time:
ntpsync
ping

To send ICMP echo_request packets for diagnosing basic network connectivity, use the ping command.

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [{-j host-list}|{-k host-list}] [-w timeout] destination-list

Syntax Description

-t Ping the specified host until stopped.

To see statistics and continue - type Control-Break.

To stop - type Control-C.

-a Resolve addresses to hostnames.

-n count Number of echo requests to send.

-l size Send buffer size.

-f Set Don't Fragment flag in packet.

-i TTL Time To Live.

-v TOS Type Of Service.

-r count Record route for count hops.

-s count Timestamp for count hops.

-j host-list Loose source route along host-list.

-k host-list Strict source route along host-list.

-w timeout Timeout in milliseconds to wait for each reply.

Examples
acsappl1> ping 10.19.253.228                                             
Pinging 10.19.253.228 with 32 bytes of data:         
Reply from 10.19.253.228: bytes=32 time=140ms TTL=120
Reply from 10.19.253.228: bytes=32 time=160ms TTL=120                
Reply from 10.19.253.228: bytes=32 time=150ms TTL=120
Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 
Ping statistics for 10.19.253.228:          
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:       
    Minimum = 140ms, Maximum =  160ms, Average =  147ms
acsappl1> ping -n 6 10.19.253.228                    
Pinging 10.19.253.228 with 32 bytes of data:                             
Reply from 10.19.253.228: bytes=32 time=130ms TTL=120
Reply from 10.19.253.228: bytes=32 time=140ms TTL=120   
Reply from 10.19.253.228: bytes=32 time=140ms TTL=120
Reply from 10.19.253.228: bytes=32 time=140ms TTL=120                
Reply from 10.19.253.228: bytes=32 time=130ms TTL=120
Reply from 10.19.253.228: bytes=32 time=130ms TTL=120  
Ping statistics for 10.19.253.228:                   
    Packets: Sent = 6, Received = 6, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:       
    Minimum = 130ms, Maximum =  140ms, Average =  135ms
reboot

To restart the Cisco Secure ACS Solution Engine, use the reboot command.

reboot

Note AAA services are temporarily halted while this command executes.

Syntax Description

This command has no arguments or keywords.

Example

The following command causes a soft reboot of the Cisco Secure ACS Solution Engine:
reboot
restart

To restart one or more of the ACS services, use the restart command.

restart [service name(s)]

Note AAA services are temporarily halted while this command executes.

Syntax Description

This command uses as an argument the name of the service or services to be restarted.

Usage Guidelines

Use the restart command to stop and restart any of the ACS services. You can determine the status of each service by using the show command. For more information, see Restarting Solution Engine Services via Serial Console, page 4-9.

Example

The following command restarts the CSAuth and CSAdmin services:
restart csauth csadmin
restore

To restore ACS data from an FTP server, use the restore command.

restore [server] [username] [filepath] [filename]

Syntax Description

server Hostname for the FTP server from which the file will be sent.

username User account name used to authenticate the FTP session.

filepath Location under the FTP server root in which the restore file is located.

filename Name of the restore file to be used.

Usage Guidelines

If you do not enter the parameters, the system prompts you for the information. Also, you will be prompted to enter a decrypt password; and you will be prompted to restore the user/group database and or the Cisco Secure ACS system configuration.

Example

The following command employs the user account joeadmin to retrieve a restore file, allofit, from the restoredata folder on the topaz FTP server:
restore topaz joeadmin restoredata allofit
rollback

To remove any patches and roll back to the originally installed version, use the rollback command.

rollback [appName]

Syntax Description

appName Name of the program (provided as part of patch distribution) to remove a specific patch and roll back to original installed version.

Usage Guidelines

Use this command to return a Cisco Secure ACS to its original condition after having installed a patch program. The rollback command has the effect of stopping all ACS services, copying all files in the backup directory to the originally installed directories, restoring a specified list of Registry entries, and starting all ACS services once again.

Example

The following command executes the program remvptch4 and returns the system to the state that existed before the patch program was applied:
rollback remvptch4
set admin

To set the name of the Cisco Secure ACS Solution Engine administrator, use the set admin command.

set admin [administratorname]

Syntax Description

administratorname Name of system administrator.

Usage Guidelines

Use the set admin command to reset the name of the Cisco Secure ACS Solution Engine administrator. For more information, see Resetting the Solution Engine Administrator Password, page 4-21.

Example

This command sets the administrator name to john:
set admin john
set domain

To set the DNS domain of the Cisco Secure ACS Solution Engine, use the set domain command.

set domain [domain-name]

Syntax Description

domain-name Name of DNS domain.

Example

This command sets the domain name to xyz.com:
set domain xyz.com
set hostname

To set the hostname of the Cisco Secure ACS Solution Engine, use the set hostname command.

set hostname [hostname]

Syntax Description

hostname Name of the Cisco Secure ACS Solution Engine.

Example

This command sets the Cisco Secure ACS Solution Engine name to acs1:
set hostname acs1
set ip

To set the Cisco Secure ACS Solution Engine IP configuration, use the set ip command.

set ip

Syntax Description

This command has no arguments or keywords.

Usage Guidelines

Use the set ip command to reset the system IP address in response to subsequent prompts. For more information, see Reconfiguring the Solution Engine IP Address, page 4-23.

Example

The following command begins the system IP address configuration.
set ip
set password

To set the Cisco Secure ACS Solution Engine administrator's password, use the set password command. Subsequent prompts take you through the process.

set password

Syntax Description

This command has no arguments or keywords.

Usage Guidelines

Use the set password command to begin resetting the administrator's password. Subsequent prompts take you through the process. For more information, see Resetting the Solution Engine Administrator Password, page 4-21.

Example

The following command initiates the system ip setting procedure:
set password
set time

To set the Cisco Secure ACS Solution Engine time zone, NTP server, date, or time, use the set time command:

set time

Syntax Description

This command has no arguments or keywords.

Usage Guidelines

Use the set time command to begin the setting of the timezone, current date, and current time. Subsequent prompts take you through the process. For more information, see Setting the System Time and Date Manually, page 4-25.

You can also use the set time command to enable an NTP server to synchronize the Cisco Secure ACS Solution Engine. You can configure one or more NTP servers by separating each NTP IP address entry with a space. For more information, see Setting the System Time and Date with NTP, page 4-26 and the command reference ntpsync.

Example

The following command initiates the system time setting procedure:
set time
set timeout

To set the period, in minutes, after which the serial console will time out, use the set timeout command.

set timeout [minutes]

Syntax Description

This command has a single argument: the number of minutes before timing out. If you enter the command with no argument, the system prompts you for a value in minutes.

Example

The following command establishes a serial console timeout after10 minutes:
set timeout 10
show

To show the version of the Cisco Secure ACS Solution Engine, system load status, ACS service status, IP configuration, system time and NTP settings, Cisco Secure ACS Solution Engine hostname, DNS domain, and timeout value use the show command.

show

Syntax Description

This command has no arguments or keywords.

Example

The following command lists Cisco Secure ACS Solution Engine information:
show
shutdown

To shut down the appliance from the serial console, use the shutdown command.

shutdown

Syntax Description

This command has no arguments or keywords.

Example

The following command shuts down the appliance:
shutdown
start

To start one or more of the ACS services, use the start command.

start [service name(s)]

Syntax Description

This command uses as an argument the name of the service or services to be started.

Usage Guidelines

Use the start command to start any ACS service. You can determine the status of each service by using the show command. For more information, see Starting Solution Engine Services via Serial Console, page 4-8.

Example

The following command starts the CSAuth and CSAgent services:
restart csauth csagent
stop

To stop one or more of the ACS services, use the stop command.

stop [service name(s)]

Note Services subject to this command are halted until restarted. This may interfere with AAA services.

Note When you stop the CSAgent service, not only does the Cisco Secure ACS Solution Engine stop CSAgent, but it also changes the startup type to manual. This has the effect of keeping it stopped even after reboot. Likewise, starting CSAgent resets the startup type to automatic.

Syntax Description

This command uses as an argument the name of the service or services to be stopped.

Usage Guidelines

Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. For more information, see Stopping Solution Engine Services via Serial Console, page 4-6.

Example

The following command stops the CSAuth and CSAdmin services:
stop csauth csadmin
support

The support command collects a set of logs, Registry information, and other useful information that details activity. Executing the command compresses this set of logs into a single cab file, which can then be analyzed by support personnel.

To initiate the support program, use the support command.

support [-d n] server filepath [username]

Syntax Description

-d n Collect the previous n days logs (up to 9999).

-u Collect user database information.

server The hostname for the FTP server to which the file is to be sent.

filepath The location under the FTP root for the server into which the package.cab is to be sent.

username The account used to authenticate the FTP session.

Note Unlike its counterpart in the HTML interface, this command restarts the Cisco Secure ACS services. This means that AAA services are interrupted.

Example

The following command packages logs from the past 3 days, together with user database information, and sends it to the FTP server on the machine host, as diagdir/diag.cab where the user will be prompted for the password to the sammy account on the FTP server:
support -d3 -u ftp://host/diagdir/diag.cab sammy
tracert

To display the network route to a specified host and identify faulty gateways, use the tracert command.

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Syntax Description

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.

Example
acsappl1> tracert 10.19.253.228
Tracing route to 10.19.253.228 over a maximum of 30 hops
  1   <10 ms   <10 ms   <10 ms  champaign-gw1.cisco.com [171.69.180.1]
  2    40 ms    50 ms    60 ms  sjce-wan-gw1.cisco.com [171.69.8.17]
  3    40 ms    70 ms    70 ms  sjce-wbb-gw1.cisco.com [10.18.255.1]
  4    60 ms    70 ms    60 ms  sjce-rbb-gw1.cisco.com [171.69.7.233]
  5    71 ms    70 ms    60 ms  sjce-sbb1-gw1.cisco.com [171.69.14.34]
  6    80 ms    51 ms    70 ms  sjck-as-gw2.cisco.com [171.69.14.246]
  7    60 ms    90 ms    80 ms  sj-frame-1.cisco.com [171.70.192.54]  
  8   150 ms   180 ms   161 ms  10.19.253.225                        
  9   141 ms   160 ms   170 ms  10.19.253.228                         
Trace complete.                                                          
upgrade

To perform the second stage of an upgrade, use the upgrade command.

upgrade

Note This command typically reboots the Cisco Secure ACS services. This means that AAA services are interrupted.

Syntax Description

This command has no arguments or keywords.

Usage Guidelines

Use the upgrade command to install an upgrade package that you have already loaded to the Cisco Secure ACS Solution Engine. Ensure that you have stopped CSAgent prior to employing the upgrade command. For more information, see Upgrading the Solution Engine, page 4-29.

Example

The following initiates the second stage of an upgrade:
upgrade

	Installation and Setup Guide for Cisco Secure ACS Solution Engine Version 3.3
	Command Reference
Installation and Setup Guide for Cisco Secure ACS Solution Engine Version 3.3 Cisco 90-Day Limited Hardware Warranty Terms Preface Cisco Secure ACS Solution Engine Overview Preparing for Installation Installing and Configuring Cisco Secure ACS Solution Engine Administering Cisco Secure ACS Solution Engine Technical Specifications Windows Service Advisement Command Reference Index	Download this chapter Command Reference Download the complete book Installation and Setup Guide for ACS Solution Engine (full-book PDF) (PDF - 2 MB) Feedback Table Of Contents Command Reference CLI Conventions Command Privileges Checking Command Syntax System Help Command Description Conventions Commands backup dbcompact download exit exportgroups exportlogs exportusers help ntpsync ping reboot restart restore rollback set admin set domain set hostname set ip set password set time set timeout show shutdown start stop support tracert upgrade Command Reference This appendix summarizes the command line interface (CLI) commands of the Cisco Secure ACS Solution Engine 3.3. This appendix contains the following sections: •CLI Conventions •Command Privileges •Checking Command Syntax •System Help •Command Description Conventions •Command Description Conventions •Commands CLI Conventions The command-line interface (CLI) uses the following conventions: •The key combination ^c, or Ctrl-c, means hold down the Ctrl key while you press the c key. •A string is defined as a nonquoted set of characters. Do not confuse the Cisco Secure ACS Solution Engine CLI with the IOS CLI. Though they are similar, they are not identical. Command Privileges Access to CLI commands on the Cisco Secure ACS Solution Engine is limited to those who physically connect via the console port and who possess the proper administrative credentials. For more information about establishing the console connection, see Establishing a Serial Console Connection, page 3-15. Checking Command Syntax The serial console interface provides several types of responses to incorrect command entries: •If you enter a command line that does not contain any valid commands, the system displays Command not found. •If you enter a valid command but omit required options, the system displays Incomplete command. •If you enter a valid command but provide invalid options or parameters, the system displays Invalid input. In addition, some commands have command-specific error messages that notify you that a command is valid, but that it cannot run correctly. System Help You can obtain help using the following methods: •For a list of all commands and their syntax, enter help, and then press Enter. •For help on a specific command, type the command name, a space, and a question mark, and then press Enter, for example, show?. The help contains command usage information and syntax. Command Description Conventions Command descriptions in this document and in the CLI help system use the following conventions: •Vertical bars (\|) separate alternative, mutually exclusive elements. •Square brackets ([ ]) indicate optional elements. •Braces ({ }) indicate a required choice. Braces within square brackets ([{ }]) indicate a required choice within an optional element. •Bold indicates commands and keywords that are entered literally as shown. •Italics indicate arguments for which you supply values. Commands This section describes the Cisco Secure ACS Solution Engine commands. Command names are case insensitive. backup To backup ACS data to an FTP server, use the backup command. backup [server] [username] [filepath] Syntax Description server Hostname for the FTP server to which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP root for the server into which the backup will be sent. Usage Guidelines If you do not enter the parameters, the system prompts you for the information. Also you are prompted to encrypt the backup. If you indicate you want to encrypt the data, you are prompted for an encryption password. For more information, see Backing Up ACS Data via the Serial Console, page 4-17. Example The following command employs the user account joeadmin to backup the ACS data to the backupdata folder on the onyx FTP server: backup onyx joeadmin backupdata dbcompact To compact the database by dumping, initializing the database, and loading the database from the dump file, use the dbcompact command. Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. dbcompact Syntax Description This command has no arguments or keywords. Example The following command compacts the database by dumping, initializing the database, and loading the database from the dump: dbcompact download To download an upgrade image to the Cisco Secure ACS Solution Engine use the download command. Executing the download command establishes contact with the system specified, retrieves the manifest file from that system, and automatically downloads the upgrade image to the Cisco Secure ACS Solution Engine. download [hostAddress] Syntax Description hostAddress The IP address from which the image will be sent Usage Guidelines This command is generally executed from within the HTML interface. After loading an upgrade image by executing the download command, you need to install the image by using the upgrade command. For more information see Upgrading the Solution Engine, page 4-29. Example The following command downloads an upgrade image from the system with the address 10.51.256.256 download 10.51.256.256 exit To log out of the system, use the exit command. exit Syntax Description This command has no arguments or keywords. Example The following command logs you out of the system: exit exportgroups To export a list of user groups, use the exportgroups command. exportgroups [server] [username] [filepath] Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. Syntax Description server Hostname for the FTP server to which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP root for the server into which the group list will be sent. Usage Guidelines If you do not enter the parameters, the system prompts you for the information. Example The following command employs the user account joeadmin to send a list of user groups to the groupdata folder on the diamond FTP server: exportgroups diamond joeadmin groupdata exportlogs To list and send selected logs to an FTP server, use the exportlog command. exportlogs [filename] [filename] Syntax Description filename Name of the file to be exported. Usage Guidelines This command lists all the log files that can be downloaded to an FTP server if no filenames are supplied. Otherwise, you can enter each filename with a space separating each filename. You are then prompted for the FTP server address, user login name, password, and the filepath for the file or files to be uploaded. Example The following command exports the log files mylog2002-01-31.csv and mylog2002-02-01.csv: exportlog mylog2002-01-31.csv mylog2002-02-01.csv exportusers To export a list of users, use the exportusers command. exportusers [server] [username] [filepath] Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. Syntax Description server Hostname for the FTP server to which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP root for the server into which the users list will be sent. Usage Guidelines If you do not enter the parameters, the system prompts you for the information. Example The following command employs the user account joeadmin to send a list of users to the userdata folder on the emerald FTP server: exportusers emerald joeadmin userdata help To list descriptions of commands, use the help command. help Syntax Description This command has no arguments or keywords. Example The following command lists descriptions of commands: help ntpsync To perform Network Time Protocol (NTP) synchronization with a predefined NTP server, use the ntpsync command. For information on setting the NTP server see set time. ntpsync Syntax Description This command has no arguments or keywords. Example The following command uses the predefined NTP synchronization server to synchronize Cisco Secure ACS Solution Engine time to the NTP server time: ntpsync ping To send ICMP echo_request packets for diagnosing basic network connectivity, use the ping command. ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [{-j host-list}\|{-k host-list}] [-w timeout] destination-list Syntax Description -t Ping the specified host until stopped. To see statistics and continue - type Control-Break. To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply. Examples acsappl1> ping 10.19.253.228 Pinging 10.19.253.228 with 32 bytes of data: Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 Reply from 10.19.253.228: bytes=32 time=160ms TTL=120 Reply from 10.19.253.228: bytes=32 time=150ms TTL=120 Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 Ping statistics for 10.19.253.228: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 140ms, Maximum = 160ms, Average = 147ms acsappl1> ping -n 6 10.19.253.228 Pinging 10.19.253.228 with 32 bytes of data: Reply from 10.19.253.228: bytes=32 time=130ms TTL=120 Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 Reply from 10.19.253.228: bytes=32 time=140ms TTL=120 Reply from 10.19.253.228: bytes=32 time=130ms TTL=120 Reply from 10.19.253.228: bytes=32 time=130ms TTL=120 Ping statistics for 10.19.253.228: Packets: Sent = 6, Received = 6, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 130ms, Maximum = 140ms, Average = 135ms reboot To restart the Cisco Secure ACS Solution Engine, use the reboot command. reboot Note AAA services are temporarily halted while this command executes. Syntax Description This command has no arguments or keywords. Example The following command causes a soft reboot of the Cisco Secure ACS Solution Engine: reboot restart To restart one or more of the ACS services, use the restart command. restart [service name(s)] Note AAA services are temporarily halted while this command executes. Syntax Description This command uses as an argument the name of the service or services to be restarted. Usage Guidelines Use the restart command to stop and restart any of the ACS services. You can determine the status of each service by using the show command. For more information, see Restarting Solution Engine Services via Serial Console, page 4-9. Example The following command restarts the CSAuth and CSAdmin services: restart csauth csadmin restore To restore ACS data from an FTP server, use the restore command. restore [server] [username] [filepath] [filename] Syntax Description server Hostname for the FTP server from which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP server root in which the restore file is located. filename Name of the restore file to be used. Usage Guidelines If you do not enter the parameters, the system prompts you for the information. Also, you will be prompted to enter a decrypt password; and you will be prompted to restore the user/group database and or the Cisco Secure ACS system configuration. Example The following command employs the user account joeadmin to retrieve a restore file, allofit, from the restoredata folder on the topaz FTP server: restore topaz joeadmin restoredata allofit rollback To remove any patches and roll back to the originally installed version, use the rollback command. rollback [appName] Syntax Description appName Name of the program (provided as part of patch distribution) to remove a specific patch and roll back to original installed version. Usage Guidelines Use this command to return a Cisco Secure ACS to its original condition after having installed a patch program. The rollback command has the effect of stopping all ACS services, copying all files in the backup directory to the originally installed directories, restoring a specified list of Registry entries, and starting all ACS services once again. Example The following command executes the program remvptch4 and returns the system to the state that existed before the patch program was applied: rollback remvptch4 set admin To set the name of the Cisco Secure ACS Solution Engine administrator, use the set admin command. set admin [administratorname] Syntax Description administratorname Name of system administrator. Usage Guidelines Use the set admin command to reset the name of the Cisco Secure ACS Solution Engine administrator. For more information, see Resetting the Solution Engine Administrator Password, page 4-21. Example This command sets the administrator name to john: set admin john set domain To set the DNS domain of the Cisco Secure ACS Solution Engine, use the set domain command. set domain [domain-name] Syntax Description domain-name Name of DNS domain. Example This command sets the domain name to xyz.com: set domain xyz.com set hostname To set the hostname of the Cisco Secure ACS Solution Engine, use the set hostname command. set hostname [hostname] Syntax Description hostname Name of the Cisco Secure ACS Solution Engine. Example This command sets the Cisco Secure ACS Solution Engine name to acs1: set hostname acs1 set ip To set the Cisco Secure ACS Solution Engine IP configuration, use the set ip command. set ip Syntax Description This command has no arguments or keywords. Usage Guidelines Use the set ip command to reset the system IP address in response to subsequent prompts. For more information, see Reconfiguring the Solution Engine IP Address, page 4-23. Example The following command begins the system IP address configuration. set ip set password To set the Cisco Secure ACS Solution Engine administrator's password, use the set password command. Subsequent prompts take you through the process. set password Syntax Description This command has no arguments or keywords. Usage Guidelines Use the set password command to begin resetting the administrator's password. Subsequent prompts take you through the process. For more information, see Resetting the Solution Engine Administrator Password, page 4-21. Example The following command initiates the system ip setting procedure: set password set time To set the Cisco Secure ACS Solution Engine time zone, NTP server, date, or time, use the set time command: set time Syntax Description This command has no arguments or keywords. Usage Guidelines Use the set time command to begin the setting of the timezone, current date, and current time. Subsequent prompts take you through the process. For more information, see Setting the System Time and Date Manually, page 4-25. You can also use the set time command to enable an NTP server to synchronize the Cisco Secure ACS Solution Engine. You can configure one or more NTP servers by separating each NTP IP address entry with a space. For more information, see Setting the System Time and Date with NTP, page 4-26 and the command reference ntpsync. Example The following command initiates the system time setting procedure: set time set timeout To set the period, in minutes, after which the serial console will time out, use the set timeout command. set timeout [minutes] Syntax Description This command has a single argument: the number of minutes before timing out. If you enter the command with no argument, the system prompts you for a value in minutes. Example The following command establishes a serial console timeout after10 minutes: set timeout 10 show To show the version of the Cisco Secure ACS Solution Engine, system load status, ACS service status, IP configuration, system time and NTP settings, Cisco Secure ACS Solution Engine hostname, DNS domain, and timeout value use the show command. show Syntax Description This command has no arguments or keywords. Example The following command lists Cisco Secure ACS Solution Engine information: show shutdown To shut down the appliance from the serial console, use the shutdown command. shutdown Syntax Description This command has no arguments or keywords. Example The following command shuts down the appliance: shutdown start To start one or more of the ACS services, use the start command. start [service name(s)] Syntax Description This command uses as an argument the name of the service or services to be started. Usage Guidelines Use the start command to start any ACS service. You can determine the status of each service by using the show command. For more information, see Starting Solution Engine Services via Serial Console, page 4-8. Example The following command starts the CSAuth and CSAgent services: restart csauth csagent stop To stop one or more of the ACS services, use the stop command. stop [service name(s)] Note Services subject to this command are halted until restarted. This may interfere with AAA services. Note When you stop the CSAgent service, not only does the Cisco Secure ACS Solution Engine stop CSAgent, but it also changes the startup type to manual. This has the effect of keeping it stopped even after reboot. Likewise, starting CSAgent resets the startup type to automatic. Syntax Description This command uses as an argument the name of the service or services to be stopped. Usage Guidelines Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. For more information, see Stopping Solution Engine Services via Serial Console, page 4-6. Example The following command stops the CSAuth and CSAdmin services: stop csauth csadmin support The support command collects a set of logs, Registry information, and other useful information that details activity. Executing the command compresses this set of logs into a single cab file, which can then be analyzed by support personnel. To initiate the support program, use the support command. support [-d n] server filepath [username] Syntax Description -d n Collect the previous n days logs (up to 9999). -u Collect user database information. server The hostname for the FTP server to which the file is to be sent. filepath The location under the FTP root for the server into which the package.cab is to be sent. username The account used to authenticate the FTP session. Note Unlike its counterpart in the HTML interface, this command restarts the Cisco Secure ACS services. This means that AAA services are interrupted. Example The following command packages logs from the past 3 days, together with user database information, and sends it to the FTP server on the machine host, as diagdir/diag.cab where the user will be prompted for the password to the sammy account on the FTP server: support -d3 -u ftp://host/diagdir/diag.cab sammy tracert To display the network route to a specified host and identify faulty gateways, use the tracert command. tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name Syntax Description -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply. Example acsappl1> tracert 10.19.253.228 Tracing route to 10.19.253.228 over a maximum of 30 hops 1 <10 ms <10 ms <10 ms champaign-gw1.cisco.com [171.69.180.1] 2 40 ms 50 ms 60 ms sjce-wan-gw1.cisco.com [171.69.8.17] 3 40 ms 70 ms 70 ms sjce-wbb-gw1.cisco.com [10.18.255.1] 4 60 ms 70 ms 60 ms sjce-rbb-gw1.cisco.com [171.69.7.233] 5 71 ms 70 ms 60 ms sjce-sbb1-gw1.cisco.com [171.69.14.34] 6 80 ms 51 ms 70 ms sjck-as-gw2.cisco.com [171.69.14.246] 7 60 ms 90 ms 80 ms sj-frame-1.cisco.com [171.70.192.54] 8 150 ms 180 ms 161 ms 10.19.253.225 9 141 ms 160 ms 170 ms 10.19.253.228 Trace complete. upgrade To perform the second stage of an upgrade, use the upgrade command. upgrade Note This command typically reboots the Cisco Secure ACS services. This means that AAA services are interrupted. Syntax Description This command has no arguments or keywords. Usage Guidelines Use the upgrade command to install an upgrade package that you have already loaded to the Cisco Secure ACS Solution Engine. Ensure that you have stopped CSAgent prior to employing the upgrade command. For more information, see Upgrading the Solution Engine, page 4-29. Example The following initiates the second stage of an upgrade: upgrade
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks