|
|
This appendix summarizes the command line interface (CLI) commands of the Cisco Secure ACS Appliance 3.2.
This appendix contains the following sections:
The command-line interface (CLI) uses the following conventions:
Do not confuse the Cisco Secure ACS Appliance CLI with the IOS CLI. Though they are similar, they are not identical.
Access to CLI commands on the Cisco Secure ACS Appliance is limited to those who physically connect via the console port and who possess the proper administrative credentials.
For more information about establishing the console connection, see Establishing a Serial Console Connection.
The serial console interface provides several types of responses to incorrect command entries:
Command not found.Incomplete command.Invalid input.In addition, some commands have command-specific error messages that notify you that a command is valid, but that it cannot run correctly.
You can obtain help using the following methods:
Table C-1 summarizes all commands available on the Cisco Secure ACS Appliance. Refer to the full description of commands that you are not familiar with before using them.
Command descriptions in this document and in the CLI help system use the following conventions:
This section describes the Cisco Secure ACS Appliance commands. Command names are case insensitive.
To backup ACS data to an FTP server, use the backup command.
server Hostname for the FTP server to which the file will be sent.
username User account name used to authenticate the FTP session.
filepath Location under the FTP root for the server into which the backup will be sent.
If you do not enter the parameters, the system prompts you for the information. Also you are prompted to encrypt the backup. If you indicate you want to encrypt the data, you are prompted for an encryption password. For more information, see Backing Up ACS Data via the Serial Console.
The following command employs the user account joeadmin to backup the ACS data to the backupdata folder on the onyx FTP server:
To compact the database by dumping, initializing the database, and loading the database from the dump file, use the dbcompact command.
 |
Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. |
This command has no arguments or keywords.
The following command compacts the database by dumping, initializing the database, and loading the database from the dump:
To download an upgrade image to the Cisco Secure ACS Appliance use the download command. Executing the download command establishes contact with the system specified, retrieves the manifest file from that system, and automatically downloads the upgrade image to the Cisco Secure ACS Appliance.
hostAddress The IP address from which the image will be sent
This command is generally executed from within the HTML interface. After loading an upgrade image by executing the download command, you need to install the image by using the upgrade command. For more information see Upgrading the Appliance.
The following command downloads an upgrade image from the system with the address 10.51.256.256
To log out of the system, use the exit command.
This command has no arguments or keywords.
The following command logs you out of the system:
To export a list of user groups, use the exportgroups command.
|
Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. |
server Hostname for the FTP server to which the file will be sent.
username User account name used to authenticate the FTP session.
filepath Location under the FTP root for the server into which the group list will be sent.
If you do not enter the parameters, the system prompts you for the information.
The following command employs the user account joeadmin to send a list of user groups to the groupdata folder on the diamond FTP server:
To list and send selected logs to an FTP server, use the exportlog command.
filename Name of the file to be exported.
This command lists all the log files that can be downloaded to an FTP server if no filenames are supplied. Otherwise, you can enter each filename with a space separating each filename. You are then prompted for the FTP server address, user login name, password, and the filepath for the file or files to be uploaded.
The following command exports the log files mylog2002-01-31.csv and mylog2002-02-01.csv:
To export a list of users, use the exportusers command.
|
Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. |
server Hostname for the FTP server to which the file will be sent.
username User account name used to authenticate the FTP session.
filepath Location under the FTP root for the server into which the users list will be sent.
If you do not enter the parameters, the system prompts you for the information.
The following command employs the user account joeadmin to send a list of users to the userdata folder on the emerald FTP server:
To list descriptions of commands, use the help command.
This command has no arguments or keywords.
The following command lists descriptions of commands:
To send ICMP echo_request packets for diagnosing basic network connectivity, use the ping command.
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-f Set Don't Fragment flag in packet.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
To restart the Cisco Secure ACS Appliance, use the reboot command.
|
Note AAA services are temporarily halted while this command executes. |
This command has no arguments or keywords.
The following command causes a soft reboot of the Cisco Secure ACS Appliance:
To restart one or more of the ACS services, use the restart command.
|
Note AAA services are temporarily halted while this command executes. |
This command uses as an argument the name of the service or services to be restarted.
Use the restart command to stop and restart any of the ACS services. You can determine the status of each service by using the show command. For more information, see Restarting Appliance Services via Serial Console.
The following command restarts the CSAuth and CSAdmin services:
To restore ACS data from an FTP server, use the restore command.
server Hostname for the FTP server from which the file will be sent.
username User account name used to authenticate the FTP session.
filepath Location under the FTP server root in which the restore file is located.
filename Name of the restore file to be used.
If you do not enter the parameters, the system prompts you for the information. Also, you will be prompted to enter a decrypt password; and you will be prompted to restore the user/group database and or the Cisco Secure ACS system configuration.
The following command employs the user account joeadmin to retrieve a restore file, allofit, from the restoredata folder on the topaz FTP server:
To remove any patches and roll back to the originally installed version, use the rollback command.
appName Name of the program (provided as part of patch distribution) to remove a specific patch and roll back to original installed version.
Use this command to return a Cisco Secure ACS to its original condition after having installed a patch program. The rollback command has the effect of stopping all ACS services, copying all files in the backup directory to the originally installed directories, restoring a specified list of Registry entries, and starting all ACS services once again.
The following command executes the program remvptch4 and returns the system to the state that existed before the patch program was applied:
To set the name of the Cisco Secure ACS Appliance administrator, use the set admin command.
administratorname Name of system administrator.
Use the set admin command to reset the name of the Cisco Secure ACS Appliance administrator. For more information, see Resetting the Appliance Administrator Password.
This command sets the administrator name to john:
To set the DNS domain of the Cisco Secure ACS Appliance, use the set domain command.
domain-name Name of DNS domain.
This command sets the domain name to xyz.com:
To set the hostname of the Cisco Secure ACS Appliance, use the set hostname command.
hostname Name of the Cisco Secure ACS Appliance.
This command sets the Cisco Secure ACS Appliance name to acs1:
To set the Cisco Secure ACS Appliance IP configuration, use the set ip command.
This command has no arguments or keywords.
Use the set ip command to reset the system IP address in response to subsequent prompts. For more information, see Reconfiguring the Appliance IP Address.
The following command begins the system IP address configuration.
To set the Cisco Secure ACS Appliance administrator's password, use the set password command. Subsequent prompts take you through the process.
This command has no arguments or keywords.
Use the set password command to begin resetting the administrator's password. Subsequent prompts take you through the process. For more information, see Resetting the Appliance Administrator Password.
The following command initiates the system ip setting procedure:
To set the Cisco Secure ACS Appliance time zone, NTP server, date, or time, use the set time command:
This command has no arguments or keywords.
Use the set time command to begin the setting of the timezone, current date, and current time. Subsequent prompts take you through the process. For more information, see Setting the System Time and Date Manually.
You can also use the set time command to enable an NTP server to synchronize the Cisco Secure ACS Appliance. For more information, see Setting the System Time and Date with NTP.
The following command initiates the system time setting procedure:
To set the period, in minutes, after which the serial console will time out, use the set timeout command.
This command has a single argument: the number of minutes before timing out. If you enter the command with no argument, the system prompts you for a value in minutes.
The following command establishes a serial console timeout after10 minutes:
To show the version of the Cisco Secure ACS Appliance, system load status, ACS service status, IP configuration, system time and NTP settings, Cisco Secure ACS Appliance hostname, DNS domain, and timeout value use the show command.
This command has no arguments or keywords.
The following command lists Cisco Secure ACS Appliance information:
To shut down the appliance from the serial console, use the shutdown command.
This command has no arguments or keywords.
The following command shuts down the appliance:
To start one or more of the ACS services, use the start command.
This command uses as an argument the name of the service or services to be started.
Use the start command to start any ACS service. You can determine the status of each service by using the show command. For more information, see Starting Appliance Services via Serial Console.
The following command starts the CSAuth and CSadmin services:
To stop one or more of the ACS services, use the stop command.
|
Note Services subject to this command are halted until restarted. This may interfere with AAA services. |
This command uses as an argument the name of the service or services to be stopped.
Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. For more information, see Stopping Appliance Services via Serial Console.
The following command stops the CSAuth and CSAdmin services:
The support command collects a set of logs, Registry information, and other useful information that details activity. Executing the command compresses this set of logs into a single cab file, which can then be analyzed by support personnel.
To initiate the support program, use the support command.
-d n Collect the previous n days logs (up to 9999).
-u Collect user database information.
server The hostname for the FTP server to which the file is to be sent.
filepath The location under the FTP root for the server into which the package.cab is to be sent.
username The account used to authenticate the FTP session.
|
Note Unlike its counterpart in the HTML interface, this command restarts the Cisco Secure ACS services. This means that AAA services are interrupted. |
The following command packages logs from the past 3 days, together with user database information, and sends it to the FTP server on the machine host, as diagdir/diag.cab where the user will be prompted for the password to the sammy account on the FTP server:
To display the network route to a specified host and identify faulty gateways, use the tracert command.
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
To perform the second stage of an upgrade, use the upgrade command.
|
Note This command typically reboots the Cisco Secure ACS services. This means that AAA services are interrupted. |
This command has no arguments or keywords.
Use the upgrade command to install an upgrade package that you have already loaded to the Cisco Secure ACS Appliance. For more information, see Upgrading the Appliance.
The following initiates the second stage of an upgrade:
Posted: Fri Jun 20 09:00:34 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.