Installation and Setup Guide for Cisco Secure ACS Appliance
Installing and Configuring the Cisco Secure ACS Appliance

Table Of Contents

Installing and Configuring the Cisco Secure ACS Appliance

Quick Reference

Installing the Cisco Secure ACS Appliance

Accessing Internal Components

Installing the Cisco Secure ACS Appliance in a Rack

Connecting Cables

Connecting to Power Source

Powering On the Cisco Secure ACS Appliance

Initial Configuration

Establishing a Serial Console Connection

Configuring the Cisco Secure ACS Appliance

Verifying the Initial Configuration

Next Steps

Installing and Configuring the Cisco Secure ACS Appliance


This chapter describes how to install and configure Cisco Secure ACS Appliance 3.2. It contains the following sections:

Quick Reference

Installing the Cisco Secure ACS Appliance

Connecting to Power Source

Connecting Cables

Powering On the Cisco Secure ACS Appliance

Initial Configuration

Verifying the Initial Configuration

Quick Reference

Table 3-1 provides a high-level overview of the installation process.

Table 3-1 Quick Reference 

Task
Steps
References

Install rack rails.

1. Adjust length of rack rails.

2. Attach rack rails to rack.

Installing the Cisco Secure ACS Appliance in a Rack

Attach the fixed cable tray to the back rail post.

Insert fixed cable tray post into rail slot.

Installing the Cisco Secure ACS Appliance in a Rack

Attach the cable support bracket to the chassis.

1. Remove access panel.

2. Hook cable support bracket to the chassis.

3. Fasten cable support bracket thumbnut to the chassis.

4. Replace access panel.

Accessing Internal Components

and

Installing the Cisco Secure ACS Appliance in a Rack

Insert the Cisco Secure ACS Appliancechassis into the rack.

1. Slide chassis into rack.

2. Secure front panel thumbnuts.

3. Secure fixed cable tray to cable support bracket.

4. Fasten cable tray thumbnut to rail.

Installing the Cisco Secure ACS Appliance in a Rack

Route and connect cables.

1. Plug the network connection into the Ethernet NIC 1 port.

2. Connect a terminal to the console serial port.

Connecting Cables

Connect to a power source.

Connect to an AC power source.

Connecting to Power Source

Power on the Cisco Secure ACS Appliance

Press the power switch.

Powering On the Cisco Secure ACS Appliance

Configure the Cisco Secure ACS Appliance

1. Boot the Cisco Secure ACS Appliance and log in from a serial console.

2. Configure the initial Cisco Secure ACS Appliance connectivity by responding to the prompts.

Configuring the Cisco Secure ACS Appliance

Verify the initial configuration.

1. Reboot the Cisco Secure ACS Appliance.

2. Log in from the system console.

3. Verify Cisco Secure ACS Appliance initial configuration.

Verifying the Initial Configuration

Perform full Cisco Secure ACS Appliance configuration.

The second phase of Cisco Secure ACS Appliance configuration is performed via the HTML interface and is beyond the scope of this guide.

Next Steps, and the User Guide for Cisco Secure ACS Appliance


Installing the Cisco Secure ACS Appliance

This section provides instructions for installing the Cisco Secure ACS Appliance in a rack. The rack must be properly secured to the floor, to the ceiling, or to an upper wall, and where applicable, to adjacent racks. The rack should be secured using floor and wall fasteners and bracing specified or approved by the rack manufacturer or by industry standards. Refer to the installation documentation from the rack manufacturer for precautionary warnings and information before you install the Cisco Secure ACS Appliance.

Before you install the Cisco Secure ACS Appliance in a rack, read Preparing Your Site for Installation, page 2-7, to familiarize yourself with proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possibly damage the system and components or injury to yourself. Follow these guidelines when installing and servicing the Cisco Secure ACS Appliance:


Warning Before working on a system that has an on/off switch, turn OFF the power and unplug the power cord.



Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected.


Disconnect all power and external cables before installing the system.

Install the system in compliance with your local and national electrical codes:

United States: National Fire Protection Association (NFPA) 70; United States National Electrical Code.

Canada: Canadian Electrical Code, Part, I, CSA C22.1.

Other countries: If local and national electrical codes are not available, refer to IEC 364, Part 1 through Part 7.

Do not work alone under potentially hazardous conditions.

Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

Do not attempt to install the Cisco Secure ACS Appliance in a rack that has not been securely anchored in place. Damage to the system and personal injury may result.

See Chapter 2, "Preparing for Installation," for additional safety information regarding installing the Cisco Secure ACS Appliance.

This section contains the following subsections:

Accessing Internal Components

Installing the Cisco Secure ACS Appliance in a Rack

Connecting Cables

Connecting to Power Source

Powering On the Cisco Secure ACS Appliance

Accessing Internal Components

The Cisco Secure ACS Appliance access panel can be removed to gain access to internal components or to allow clearance for attaching the optional cable support bracket.


Warning Before working on a system that has an on/off switch, turn OFF the power and unplug the power cord.



Warning Before working on a chassis or working near power supplies, unplug the power cord on AC units.



Warning Before opening the chassis, disconnect the telephone-network cables to avoid contact with telephone-network voltages



Warning The safety cover is an integral part of the product. Do not operate the unit without the safety cover installed. Operating the unit without the cover in place will invalidate the safety approvals and pose a risk of fire and electrical hazards.



Caution Electrostatic discharge can damage electronic components. Be sure you are properly grounded if you may come in contact with components.

To remove the Cisco Secure ACS Appliance access panel, follow these steps:


Step 1 Ensure that the Cisco Secure ACS Appliance is powered down and disconnected from the electrical outlet.

Step 2 Disconnect from network cabling.

Step 3 Hold down the two latches on the top of the access panel while sliding it toward the rear of the unit (about half an inch).

Step 4 Lift and remove the access panel.


Tip Reverse this procedure to reattach the access panel.



Installing the Cisco Secure ACS Appliance in a Rack

Cisco Secure ACS Appliance rack installation entails attaching rack rails, two different cable tray assembly components, and the unit itself to your existing equipment rack. See Figure 3-1 for a view of the final installation configuration from the rear and for the names of the parts.

Figure 3-1 Installation Overview - Rear View

1

Latches on chassis access panel

4

Fixed cable tray support bracket thumbnut

2

Hook on support bracket

5

Cable clamp thumbnuts

3

Cable support bracket thumbnut

6

Fixed cable tray rail thumbnut


To install the Cisco Secure ACS Appliance in a rack, follow these steps:


Step 1 Attach the rack rails to the rack:

a. Loosen the thumbnuts on each of the two rack rails provided.

b. Adjust the length of the rack rails so that the endplates fit outside the rack posts both in front and in the rear.

See Figure 3-2 for proper positioning of rack rails and endplates.


Note Ensure that the rack rails are positioned so that they are level, the thumbnuts and endplates are facing out, and the rails are to the inside of the rack posts.


c. Using 8 screws that you provide, appropriate to the size of your rack (1/4-20 or M6 thread size suggested), fasten the front and back endplates of each rack rail to the front and back of the rack.

d. Tighten the thumbnuts on both rack rails.

Figure 3-2 Rail and Chassis Installation

1

Screws sized to rack (not included)

2

Front panel thumbnuts


Step 2 Attach the fixed cable tray to the back rail post:

a. Insert the fixed cable tray post into the slot on the back of the rack rail and slide it toward the front of the rail to secure the post within the slot.

See Figure 3-3 for proper positioning of the fixed cable tray to the rack rail.

Figure 3-3 Fixed Cable Tray Installation

1

Fixed cable tray post

   

Step 3 Attach the cable support bracket:

a. Remove the access panel. (See Accessing Internal Components).

b. On the left side of the back panel, hook the cable support bracket to the chassis. See Figure 3-4.

c. Use the cable support bracket thumbnut to fasten the cable support bracket to the back of the chassis.

d. Replace the access panel.

Figure 3-4 Cable Support Bracket Installation

1

Hook on support bracket

2

Cable support bracket thumbnut


Step 4 Insert the chassis into the rack:

a. Align the rear of the chassis with the front of the rack rails.

b. Slide the chassis into the rack; ensure that the fixed rails on the chassis slide inside the rack rails.


Caution The rack-mount kit is not intended for use as a slide rail system. You must complete installation by securely fastening the chassis into the rack.

c. Secure the chassis to the rack by tightening the two thumbnuts on the front panel of the chassis. (See Figure 3-2.)

d. At the rear of the rack, tighten the fixed cable tray support bracket thumbnut to secure the tray to the cable support bracket. (See Figure 3-5.)

e. Also at the rear of the rack, slide the fixed cable tray rail thumbnut to align with one of the screwholes on the rack rail. Tighten the thumbnut.

Figure 3-5 Chassis Attachment to Cable Tray


Connecting Cables

Use unshielded twisted pair (UTP) copper wire Ethernet cable, with standard RJ-45 compatible plugs, to connect Cisco Secure ACS Appliance to the network.

To connect the cables, follow these steps:


Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.



Step 1 Plug the network connection into the Ethernet port for NIC 1. For the location of the Ethernet port, see Figure 1-3 on page 1-5. The NIC is configured to automatically detect the speed and duplex mode of the network.


Tip The Ethernet port for NIC 1 is the lower of the two Ethernet ports. Only one Ethernet port can be used at one time.


Step 2 Loosen the cable clamp thumbnuts to open the cable clamp jaws and then tighten the thumbnuts to secure the jaws in the open position.

Step 3 Route the Ethernet cable through the cable clamp jaws.

Step 4 Connect a console to the serial port on the back panel. To connect the console to the terminal port:

a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port on the console.

b. Attach a DB-9 to RJ-45 adapter (provided) to the console serial port on the back panel of the Cisco Secure ACS Appliance.

c. Connect the console to the Cisco Secure ACS Appliance using an RJ-45 cable (provided).

d. Route the RJ45 cable through the cable clamp.


Note The console terminal must be set to the VT 100 mode with 115200 baud, 8 bits, no parity, stops 1, and no flow control.


Step 5 When you have finished routing cables through the open cable clamp, loosen the cable clamp thumbnuts, slide the jaws of the cable clamp together, and retighten the cable clamp thumbnuts to secure the cables. See Figure 3-6.

Figure 3-6 Cable Clamp


Connecting to Power Source


Warning Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.



Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals. (43)



Step 1 Connect the power cable (provided) to the power connector on the back panel of the chassis.

Step 2 Route the power cable from the back of the chassis through the cable clamp.

Step 3 Close the cable clamp by sliding the two sides together and then tighten the thumbnuts on the clamp to secure the clamp closed.

Step 4 Connect the AC power receptacle to the AC power source with the provided power cable.


Powering On the Cisco Secure ACS Appliance

To power on the Cisco Secure ACS Appliance, press the power switch. (For location of the power switch, see Figure 1-2 on page 1-4.

To turn power off, press and hold the power switch. The power switch is located on the front panel, see Figure 1-2 on page 1-4. The power ON/OFF LED indicator is located directly above the power switch.

The system begins booting and sends messages to the console window. When the login: prompt appears, you can configure the system.

Initial Configuration

There are essentially four parts to configuring the Cisco Secure ACS Appliance. The first three steps are documented in this manual:

Establishing a Serial Console Connection

Configuring the Cisco Secure ACS Appliance

Verifying the Initial Configuration


Note The fourth and final part of the configuration, which includes establishing administrative and user accounts and configuring network connections, is performed via the HTML interface and is detailed in the User Guide for Cisco Secure ACS Appliance.


Establishing a Serial Console Connection

Before you can perform the initial configuration of Cisco Secure ACS Appliance, you must establish a serial console connection to it. This requires a PC, two DB-9 to RJ-45 adapters (provided), an RJ-45 cable (provided), and Telnet communications software (Hyper Terminal or equivalent).

To establish a serial console connection, follow these steps:


Note If you performed the procedure in Connecting Cables, you can skip to Step 2.



Step 1 Connect a console to the serial console port on the back panel:

a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the console.

b. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the Cisco Secure ACS Appliance. For the location of the serial port, see Figure 1-3 on page 1-5.

c. Use an RJ-45 cable (provided) to connect the console to the Cisco Secure ACS Appliance.


Tip You may also use a serial concentrator connection, if desired.


Step 2 Power on Cisco Secure ACS Appliance and the console, and open your Telnet communications software on the console.


Note Serial console service starts when Cisco Secure ACS Appliance boots up.


Step 3 Set your Telnet software to operate with the following settings:

Baud = 115200

Databits = 8

Parity = N

Stops = 1

Flow control = None

Result: The login: prompt appears.


Configuring the Cisco Secure ACS Appliance

You must configure the Cisco Secure ACS Appliance when you boot the system for the first time, and whenever you re-image the system.

Before you begin to configure the appliance, you should have the following information at hand:

Network hostname of the appliance.

DNS domain name.

Administrator name and password.

Whether or not you will enable DCHP (enabling DCHP is not recommended).

IP, netmask, and gateway addresses you will assign to the Cisco Secure ACS Appliance.

Whether you will be using NTP synchronization and, if yes, the address of the NTP server.

To configure the Cisco Secure ACS Appliance, follow these steps:


Step 1 Establish a serial console connection to the Cisco Secure ACS Appliance; for details see Establishing a Serial Console Connection.


Note If the Cisco Secure ACS Appliance is not configured (that is, it is new or has been re-imaged) the system displays the system information—including the software version.


Step 2 Confirm that the following information is displayed above the login: prompt:

Cisco Secure ACS: [version number]
Appliance Management Software: [version number]
Appliance Base Image: [version number]
Status: Appliance is functioning properly
The ACS Appliance has not been configured.
Logon as "Administrator" with password "setup" to configure appliance.

Step 3 At the login: prompt, type Administrator and then press Enter.


Note When you boot the system for the first time, it is not configured. Logging in as Administrator allows you to configure the system.


Result: The system displays the password: prompt.

Step 4 At the password: prompt, type setup and press Enter.


Note The password is case sensitive.


Result: The system displays the following message on the console:

Initialize Appliance.
Machine will be rebooted after initialization.
Entering Ctrl-C before setting appliance name will shutdown the 
appliance

Step 5 At the ACS Appliance name [deliverance1]: prompt, type the name you intend to use for your Cisco Secure ACS Appliance, and then press Enter.


Tip The name can contain up to 15 letters and numbers, but no spaces.


Result: The system displays the following message on the console:

ACS Appliance name is set to xxx.

Step 6 At the DNS domain [ ]: prompt, type the domain name. Then press Enter.

Result: The system displays the following message on the console:

DNS name is set to xxx.com.
You need to set the administrator account name and password.

Step 7 At the Enter new account name: prompt, type the Cisco Secure ACS Appliance administrator account name, and then press Enter.


Tip There is only one Cisco Secure ACS Appliance administrator account at a given time. The account's credentials can be changed. For more information see Chapter 4, "Resetting the Appliance Administrator Password."


Step 8 At the Enter new password: prompt, type the new Cisco Secure ACS Appliance password and press Enter.


Note The new password must contain a minimum of 6 characters, and it must include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word. The password cannot contain the account name.


Step 9 At the Enter new password again: prompt, type the new Cisco Secure ACS Appliance password, and then press Enter.

Result: The system displays the following message on the console:

Password is set successfully.
Administrator name is set to xxx.

Step 10 At the Use Static IP Address [Yes]: prompt, type Y for yes or N for No, and then press Enter.


Note To set or change the IP address of your Cisco Secure ACS Appliance, it must be connected to a working Ethernet connection.



Note A static IP address must be assigned to your Cisco Secure ACS Appliance. You can set the IP address directly by answering Y to this step and performing the substeps detailed in Step 11. Alternatively, you may use a DHCP server if it assigns a single IP address that does not change.


Step 11 The following prompts appear only if you set a static IP address manually. Otherwise the following message appears:

No change to the configuration.
Accept network setting [Yes]

a. To specify the Cisco Secure ACS Appliance IP address, at the IP Address [xx.xx.xx.xx]: prompt, type the IP address, and then press Enter.

b. At the Subnet Mask [xx.xx.xx.xx]: prompt, type the subnet mask value, and then press Enter.

c. At the Default Gateway [xx.xx.xx.xx]: prompt, type the default gateway value, and then press Enter.

d. At the DNS Servers [xx.xx.xx.xx]: prompt, type the address of any DNS servers you intend to use (separate each by a single space), and then press Enter.


Note If you do not intend to use a DNS server, enter the IP address of the Cisco Secure ACS Appliance at the DNS Servers [xx.xx.xx.xx]: prompt. If you do not configure the Cisco Secure ACS Appliance to use a DNS server, you must respond to all prompts for "hostname or IP address" only with an IP address.


Result: The system displays the new configuration information followed by the following message:

IP Address is reconfigured.

e. At the prompt, Confirm the changes? [Yes]: type Y, and then press Enter.

Result: The system displays the following message:

New ip address is set.
Default gateway is set to xx.xx.xx.xx
DNS servers are set to: xx.xx.xx.xx xx.xx.xx.xx.

f. At the prompt, Test network connectivity [Yes]:, type Y, and then press Enter.


Tip This step is essentially executing a ping command to ensure the connectivity of the Cisco Secure ACS Appliance.


g. At the prompt, Enter hostname or IP address:, type the IP address or hostname of a device connected to the Cisco Secure ACS Appliance, and then press Enter.

Result: If successful, the system displays the ping statistics. The system displays the prompt: Test network connectivity [Yes]:.

h. If network connectivity is proven okay in the previous two steps, at the prompt, Test network connectivity [Yes]:, type N, and then press Enter.


Tip The system continues to provide you with the opportunity to test network connectivity until you answer no. This gives you an opportunity, if required, to correct network connections or retype the IP address.


Step 12 If the settings have been correctly displayed, at the prompt, Accept network setting [Yes]:, type Y, and then press Enter.

Result: The system displays the following message on the console:

Current Date Time Setting:
Time Zone: (GMT -xx:xx) XXX Time
Date and Time: mm/dd/yyyy
NTP Server(s): NTP Synchronization Disabled.

Step 13 To set the time and date of the Cisco Secure ACS Appliance, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter.

Result: The system displays a numbered list of time zones.

Step 14 At the Enter desired time zone index (0 for more choices): prompt, type the index number of the time zone you want set, and then press Enter.

Result: The system displays the new time zone.

Step 15 At the Synchronize with NTP server? [N]: prompt, do one of the following:

To set the time manually, type N, and then press Enter.

To use an NTP server for setting time, type Y, and when prompted enter the IP address of the NTP server you want to use.

Result: The system displays a confirmation message reflecting your choice.

Step 16 At the Enter date [mm/dd/yyyy]: prompt, type the date in the given format, and then press Enter.

Step 17 At the Enter time [hh:mm:ss]: prompt, type the current time in the given format, and then press Enter.

Result: The system displays the following message on the console:

Initial configuration is successful. Appliance will now reboot.

The system reboots.

Verifying the Initial Configuration

To verify that you have correctly completed the Cisco Secure ACS Appliance initial configuration, follow these steps:

Before You Begin

Establish a serial console connection to the Cisco Secure ACS Appliance. For details see Establishing a Serial Console Connection.


Step 1 Reboot the Cisco Secure ACS Appliance. For more information, see Rebooting the Appliance via Serial Console, page 4-4.

Result: When the systems finish booting, a login: prompt appears on the console.

Step 2 At the login: prompt, type the new administrator name, press Enter, and then at the password: prompt, enter the password you created during initial configuration.

Result: The system prompt appears.

Step 3 At the system prompt, type show, and then press Enter.

Result: The system displays status information.

Step 4 Verify the information displayed.


Next Steps

After you have successfully performed the procedures in this guide, your Cisco Secure ACS Appliance is installed and initially configured. The next step is to use a browser and the HTML interface to fully configure your Cisco Secure ACS Appliance to provide the AAA services you want from this installation. The HTML address is in the following format: HTTP//[ip address]:2002, where ip address is the address you assign during configuration.

For information on setting up user, group, network, and other parameters, see the User Guide for Cisco Secure ACS Appliance.