Table Of Contents
Installing and Configuring Cisco Secure ACS Solution Engine
Installation Quick Reference
Installing the Cisco Secure ACS Solution Engine
in a Rack
Connecting to the AC Power Source
Connecting Cables
Initial Configuration
Establishing a Serial Console Connection
Configuring the Cisco Secure ACS Solution Engine
Verifying the Initial Configuration
Next Steps
Installing and Configuring Cisco Secure ACS Solution Engine
This chapter describes how to install and initially configure Cisco Secure ACS Solution Engine 3.3. It contains the following sections:
•
Installation Quick Reference
•Installing the Cisco Secure ACS Solution Engine in a Rack
•Connecting to the AC Power Source
•Connecting Cables
•Initial Configuration
•Verifying the Initial Configuration
•Next Steps
Note The details in this guide correspond to the CSACSE-1112-K9 platform only.
Installation Quick Reference
Table 3-1 provides a high-level overview of the installation and initial configuration process. Following installation and initial configuration, see the User Guide for Cisco Secure ACS Solution Engine Version 3.3 for information on how to use a browser and the HTML interface to fully configure your Cisco Secure ACS Solution Engine to provide the AAA services you want from this installation.
Installing the Cisco Secure ACS Solution Engine
in a Rack
Note The details in this guide correspond to the CSACSE-1112-K9 platform only.
This section provides instructions for installing the Cisco Secure ACS Solution Engine in a rack. The rack must be properly secured to the floor, ceiling, or upper wall, and where applicable, to adjacent racks. The rack should be secured using floor and wall fasteners and bracing specified by industry standards.
Before installing the Cisco Secure ACS Solution Engine in a rack, read Preparing Your Site for Installation, page 2-16, to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components. Perform the steps below when installing and servicing the Cisco Secure ACS Solution Engine.
The rack must be properly secured to the floor, to the ceiling or upper wall, and where applicable, to adjacent racks. The rack should be secured using floor and wall fasteners and bracing specified or approved by the rack manufacturer or by industry standards.
When installing and servicing the Cisco Secure ACS Solution Engine:
•Disconnect all power and external cables before installing the system.
•Install the system in compliance with your local and national electrical codes:
–United States: National Fire Protection Association (NFPA) 70; United States National Electrical Code.
–Canada: Canadian Electrical Code, Part, I, CSA C22.1.
–Other countries: If local and national electrical codes are not available, see IEC 364, Part 1 through Part 7.
•Do not work alone under potentially hazardous conditions.
•Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
•Do not attempt to install the Cisco Secure ACS Solution Engine in a rack that has not been securely anchored in place. Damage to the system and personal injury may result.
•Due to the size and weight of the computer system, never attempt to install the computer system by yourself.
See Precautions for Rack-Mounting, page 2-17 for additional safety information on rack installation.
|
Warning
|
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
•This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
•When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
•If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack. Statement 1006
|
The server can be installed in a system 1U rack. The rack rail components are as follows (numbers in parentheses refer to Figure 3-1):
•2 telescopic rails (1, 2)
•1 cable management arm (3)
•Bag containing:
–9 Round head screws with washer (4)
–6 Round head screws (5)
–6 Cage nuts (6)
–Velcro (7)
Figure 3-1 Rack Rail Components
To install the Cisco Secure ACS Solution Engine in a rack, follow these steps:
Step 1 Attach the telescopic rails to the rack assembly:
a. See Figure 3-2. Extend the server rail (1) as far as it will go.
b. Press the green spring plate (2) and slide out that part of the server rail (1). (Set it aside for attaching to the chassis.)
Figure 3-2 Removing the Server Rail
c. See Figure 3-3. Using a screwdriver (1), push the middle rail to the end of the rail.
Figure 3-3 Telescoping the Rail
Note To allow for adjustment later in the installation, do not tighten any screws. The outer rail/bracket assembly with extended bracket (1) must be assembled to the left side.
d. See Figure 3-4. Attach the front end of the telescopic outside rail (1) to the rack.
Figure 3-4 Attaching Front Rail to the Rack
Note The left side of the rail is for the cable arm.
e. See Figure 3-5. Attach the back end of the rail to the rack.
Figure 3-5 Attaching Back Rail to Rack
f. Repeat this process with the other rail and rack assembly.
g. Extend the middle rail about 30 cm and fasten with screws. See Figure 3-6. Then, push the middle rail back into its original position.
Figure 3-6 Attaching Screws to Telescopic Rail
Note Leaving some play between the bracket and the rail until you install the rail into the rack will make affixing the rail to the rack easier. After the rail is attached to the rack, you can tighten the screws.
Step 2 Attach the chassis to the rack:
a. See Figure 3-7. Secure chassis to the inner rail using three screws. Repeat this process with the other server rail.
Figure 3-7 Attaching Chassis to Rail
b. See Figure 3-8. Insert the chassis in the rack.
Figure 3-8 Sliding Chassis onto Rack
c. Slide the chassis backward and forward several times. Fasten with all the screws described in Step 1d.
d. See Figure 3-9. Slide six Velcro strips into the holes of the management arm.
Figure 3-9 Attaching Velcro to Management Arm
e. See Figure 3-10. Install the rear side of the cable management arm into the back rail until it snaps in the clip. Then install the front cable management arm into the inner rail until it snaps into the clip.
Figure 3-10 Attaching Management Arm
f. See Figure 3-11. Put cables into the cable management arm and use the Velcro to tighten the cable into the arm.
Figure 3-11 Installing Cable in Management Arm
g. See Figure 3-12. Push the server to the closed position. If the cable is too heavy to carry the server, use a screwdriver to adjust the cam so that the cable management arm is horizontal.
Figure 3-12 Fastening the Server into the Rack
Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A (U.S./CAN); 240 VAC, 10A (INTERNATIONAL). Statement 1005
Connecting to the AC Power Source
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Connect the AC power receptacle to the AC power source with the provided power cable.
Connecting Cables
Use unshielded twisted pair (UTP) copper wire Ethernet cable, with standard RJ-45 compatible plugs, to connect the Cisco Secure ACS Solution Engine to the network.
To connect the cables:
Step 1 Plug the network connection into the Ethernet 0 port. See Figure 1-3 on page 1-5 for the location of the Ethernet 0 port
Step 2 Connect a console to the console/serial port using the supplied serial cable and, if necessary, the DB-9-to-RJ-45 console adapter. See Figure 1-3 on page 1-5 for the location of the serial port.
Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.
Initial Configuration
There are essentially four parts to configuring the Cisco Secure ACS Solution Engine. The first three steps are documented in this manual:
•Establishing a Serial Console Connection
•Configuring the Cisco Secure ACS Solution Engine
•Verifying the Initial Configuration
Note The fourth and final part of the configuration, which includes providing for AAA services by establishing administrative and user accounts and configuring network connections, is performed via the HTML interface and is detailed in the User Guide for Cisco Secure ACS Solution Engine Version 3.3.
Establishing a Serial Console Connection
Before you can perform the initial configuration of Cisco Secure ACS Solution Engine, you must establish a serial console connection to it. This requires a PC, two DB-9 to RJ-45 adapters (provided), an RJ-45 cable (provided), and terminal emulation communication software (Hyper Terminal or equivalent).
To establish a serial console connection, follow these steps:
Note If you performed the procedure in Connecting Cables, you can skip to Step 2.
Step 1 Connect a console to the serial console port on the back panel:
a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the console.
b. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the Cisco Secure ACS Solution Engine. For the location of the serial port, see Figure 1-3 on page 1-5.
c. Use an RJ-45 cable (provided) to connect the console to the Cisco Secure ACS Solution Engine.
Tip You may also use a serial concentrator connection, if desired.
Step 2 Power on Cisco Secure ACS Solution Engine and the console, and open your terminal emulation communication software on the console.
Tip See Figure 1-2 on page 1-4 for the location of the power switch on the Cisco Secure ACS Solution Engine.
Step 3 Set your terminal emulation communication software to operate with the following settings:
•Baud = 115200
•Databits = 8
•Parity = N
•Stops = 1
•Flow control = None
Result: The login: prompt appears.
Configuring the Cisco Secure ACS Solution Engine
You must configure the Cisco Secure ACS Solution Engine when you boot the system for the first time, and whenever you re-image the system.
Before you begin to configure the solution engine, you should have the following information at hand:
•Network hostname of the solution engine.
•DNS domain name.
•Administrator name and password.
•Whether or not you will enable DCHP (enabling DCHP is not recommended).
•IP, netmask, and gateway addresses you will assign to the Cisco Secure ACS Solution Engine.
•Whether you will be using NTP synchronization and, if yes, the address of the NTP server.
To configure the Cisco Secure ACS Solution Engine, follow these steps:
Step 1 Establish a serial console connection to the Cisco Secure ACS Solution Engine; for details see Establishing a Serial Console Connection.
Note If the Cisco Secure ACS Solution Engine is not configured (that is, it is new or has been re-imaged) the system displays the system information—including the software version.
Step 2 Confirm that the following information is displayed above the login: prompt:
Cisco Secure ACS: [version number]
Appliance Management Software: [version number]
Appliance Base Image: [version number]
CSA build [version number]: (Patch: [version number])
Status: Appliance is functioning properly
The ACS Appliance has not been configured.
Logon as "Administrator" with password "setup" to configure appliance.
Step 3 At the login: prompt, type Administrator and then press Enter.
Note When you boot the system for the first time, it is not configured. Logging in as Administrator allows you to configure the system.
Result: The system displays the password: prompt.
Step 4 At the password: prompt, type setup and press Enter.
Note The password is case sensitive.
Result: The system displays the following message on the console:
Machine will be rebooted after initialization.
Entering Ctrl-C before setting appliance name will shutdown the appliance
Step 5 At the ACS Appliance name [deliverance1]: prompt, type the name you intend to use for your Cisco Secure ACS Solution Engine, and then press Enter.
Tip The name can contain up to 15 letters and numbers, but no spaces.
Result: The system displays the following message on the console:
ACS Appliance name is set to xxx.
Step 6 At the DNS domain [ ]: prompt, type the domain name. Then press Enter.
Result: The system displays the following message on the console:
DNS name is set to xxx.com.
You need to set the administrator account name and password.
Step 7 At the Enter new account name: prompt, type the Cisco Secure ACS Solution Engine administrator account name, and then press Enter.
Tip There is only one Cisco Secure ACS Solution Engine administrator account at a given time. The account's credentials can be changed. For more information see Chapter 4, "Resetting the Solution Engine Administrator Password."
Step 8 At the Enter new password: prompt, type the new Cisco Secure ACS Solution Engine password and press Enter.
Note The new password must contain a minimum of 6 characters, and it must include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word. The password cannot contain the account name.
Step 9 At the Enter new password again: prompt, type the new Cisco Secure ACS Solution Engine password, and then press Enter.
Result: The system displays the following message on the console:
Password is set successfully.
Administrator name is set to xxx.
Step 10 At the Use Static IP Address [Yes]: prompt, type Y for yes or N for No, and then press Enter.
Note To set or change the IP address of your Cisco Secure ACS Solution Engine, it must be connected to a working Ethernet connection.
Note A static IP address must be assigned to your Cisco Secure ACS Solution Engine. You can set the IP address directly by answering Y to this step and performing the substeps detailed in Step 11. Alternatively, you may use a DHCP server if it assigns a single IP address that does not change.
Step 11 The following prompts appear only if you set a static IP address manually. Otherwise the following message appears:
No change to the configuration.
Accept network setting [Yes]
a. To specify the Cisco Secure ACS Solution Engine IP address, at the IP Address [xx.xx.xx.xx]: prompt, type the IP address, and then press Enter.
b. At the Subnet Mask [xx.xx.xx.xx]: prompt, type the subnet mask value, and then press Enter.
c. At the Default Gateway [xx.xx.xx.xx]: prompt, type the default gateway value, and then press Enter.
d. At the DNS Servers [xx.xx.xx.xx]: prompt, type the address of any DNS servers you intend to use (separate each by a single space), and then press Enter.
Note If you do not intend to use a DNS server, enter the IP address of the Cisco Secure ACS Solution Engine at the DNS Servers [xx.xx.xx.xx]: prompt. If you do not configure the Cisco Secure ACS Solution Engine to use a DNS server, you must respond to all prompts for "hostname or IP address" only with an IP address.
Result: The system displays the new configuration information followed by the following message:
IP Address is reconfigured.
e. At the prompt, Confirm the changes? [Yes]: type Y, and then press Enter.
Result: The system displays the following message:
Default gateway is set to xx.xx.xx.xx
DNS servers are set to: xx.xx.xx.xx xx.xx.xx.xx.
f. At the prompt, Test network connectivity [Yes]:, type Y, and then press Enter.
Tip This step is essentially executing a ping command to ensure the connectivity of the Cisco Secure ACS Solution Engine.
g. At the prompt, Enter hostname or IP address:, type the IP address or hostname of a device connected to the Cisco Secure ACS Solution Engine, and then press Enter.
Result: If successful, the system displays the ping statistics. The system displays the prompt: Test network connectivity [Yes]:.
h. If network connectivity is proven okay in the previous two steps, at the prompt, Test network connectivity [Yes]:, type N, and then press Enter.
Tip The system continues to provide you with the opportunity to test network connectivity until you answer no. This gives you an opportunity, if required, to correct network connections or retype the IP address.
Step 12 If the settings have been correctly displayed, at the prompt, Accept network setting [Yes]:, type Y, and then press Enter.
Result: The system displays the following message on the console:
Current Date Time Setting:
Time Zone: (GMT -xx:xx) XXX Time
Date and Time: mm/dd/yyyy
NTP Server(s): NTP Synchronization Disabled.
Step 13 To set the time and date of the Cisco Secure ACS Solution Engine, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter.
Result: The system displays a numbered list of time zones.
Step 14 At the Enter desired time zone index (0 for more choices): prompt, type the index number of the time zone you want set, and then press Enter.
Result: The system displays the new time zone.
Step 15 At the Synchronize with NTP server? [N]: prompt, do one of the following:
•To set the time manually, type N, and then press Enter.
•To use an NTP server for setting time, type Y, and when prompted enter the IP address of the NTP server you want to use.
Tip Only if you select to use an NTP server can you subsequently employ the ntpsync command.
Result: The system displays a confirmation message reflecting your choice.
Step 16 At the Enter date [mm/dd/yyyy]: prompt, type the date in the given format, and then press Enter.
Step 17 At the Enter time [hh:mm:ss]: prompt, type the current time in the given format, and then press Enter.
Result: The system displays the following message on the console:
Initial configuration is successful. Appliance will now reboot.
Verifying the Initial Configuration
To verify that you have correctly completed the Cisco Secure ACS Solution Engine initial configuration, follow these steps:
Before You Begin
Establish a serial console connection to the Cisco Secure ACS Solution Engine. For details, see Establishing a Serial Console Connection.
Step 1 Reboot the Cisco Secure ACS Solution Engine. For more information, see Rebooting the Solution Engine via Serial Console, page 4-4.
Result: When the systems finish booting, a login: prompt appears on the console.
Step 2 At the login: prompt, type the new administrator name, press Enter, and then at the password: prompt, enter the password you created during initial configuration.
Result: The system prompt appears.
Step 3 At the system prompt, type show, and then press Enter.
Result: The system displays status information.
Step 4 Verify the information displayed.
Next Steps
After you have successfully performed the procedures in this guide, your Cisco Secure ACS Solution Engine is installed and initially configured. The next step is to use a browser and the HTML interface to fully configure your Cisco Secure ACS Solution Engine to provide the AAA services you want from this installation. The HTML address is in the following format: HTTP//[ip address]:2002, where ip address is the address you assign during configuration.
For information on setting up user, group, network, and other parameters, see the User Guide for Cisco Secure ACS Solution Engine Version 3.3.
Feedback
