Export Data from Cisco Secure ACS
After starting the migration tool, complete the following steps to export data from Cisco Secure ACS to the migration tool.
Procedure
Step 1 |
In the Cisco Secure ACS to Cisco ISE Migration Tool window, click Settings to display the list of data objects available for migration. |
Step 2 |
(Optional) You are not required to configure the dependency handling in order to perform migration. Check the check boxes of the data objects you want to export in case their dependency data is missed and click Save. |
Step 3 |
In the Cisco Secure ACS to Cisco ISE Migration Tool window, click Migration and then click Export From ACS. |
Step 4 |
Enter the Cisco Secure ACS host name, user name, and password and click Connect in the ACS5 Credentials window. You can monitor the migration process in the Cisco Secure ACS to Cisco ISE Migration Tool window, which displays the current count of successful object exports and lists any objects that triggered warnings or errors. To get more information about a warning or an error that occurred during the export process, click any underlined numbers in the Warnings or Errors column on the Migrations tab. The Object Errors and Warnings Details window displays the result of a warning or an error during export. It provides the object group, the type, and the date and time of a warning or an error. |
Step 5 |
Scroll to display the details of the selected object error, and then click Close. |
Step 6 |
When the data export process is completed, the Cisco Secure ACS to Cisco ISE Migration Tool window displays the status of export that Exporting finished. |
Step 7 |
Click Export Report(s) to view the contents of the export report. Each export report contains header information with the operation type, date and time, and system IP address or host name. Each object group details the types and related information. Reports end with a summary of the start and end date, the time, and the duration of the operation. |
Step 8 |
To analyze the policy gap between Cisco Secure ACS and Cisco ISE, click Policy Gap Analysis Report. |
Note |
The migration tool maintains a cache for the exported objects and retrieves them for subsequent exports. |
Password Compliance during Export
The migration tool adheres to password compliance during the export process.
-
Password Complexity
Following is the list of error messages that occur during the export process if the password of the user does not meet the password complexity requirements:
user: Failed to Export because its password does not match with the password Complexity
Password length should be minimum of '5' characters.
Password should not contain 'cisco' or its characters in reverse.
Password should not contain 'hello' or its characters in reverse.
Password should not contain repeated characters four or more times consecutively.
Password should contain at least one Lower case character.
Password should contain at least one Upper case character.
Password should contain at least one Numeric Character.
Password should contain at least one non alphanumeric characters.
Note
You will receive only specific error messages applicable for the set password from the list of error messages.
-
Password hash
If you enable password hash for internal user in Cisco Secure ACS and try to export the internal user, the migration tool displays the following error message:
user: Failed to Export because its configured with Password Hash which is not supported by ISE, disable this configuration in ACS and export again.