Table Of Contents
Installing and Configuring Cisco Secure ACS Solution Engine 4.0
Installation Quick Reference
Installing the Quanta (1112) ACS SE in a Rack
Installing the Quanta (1113) ACS SE in a Rack
Attaching the Chassis Rail Mount
Attaching the Server Rail
Sliding Chassis On the Rack
Connecting to the AC Power Source
Connecting Cables
Initial Configuration
Establishing a Serial Console Connection
Configuring ACS SE
Verifying the Initial Configuration
Next Steps
Installing and Configuring Cisco Secure ACS Solution Engine 4.0
This chapter describes how to install and initially configure Cisco Secure ACS Solution Engine (ACS SE) 4.0. It contains the following sections:
•
Installation Quick Reference
•Installing the Quanta (1112) ACS SE in a Rack
•Installing the Quanta (1113) ACS SE in a Rack
•Connecting to the AC Power Source
•Connecting Cables
•Initial Configuration
•Verifying the Initial Configuration
•Next Steps
Note The details in this guide correspond to the KD-1112 K9 and the KD-1113 K9 platform only.
Installation Quick Reference
Table 3-1 provides a high-level overview of the installation and initial configuration process. Following installation and initial configuration, see the User Guide for Cisco Secure ACS Solution Engine for information on how to use a browser and the web interface to fully configure your ACS SE to provide the AAA services that you want from this installation.
Installing the Quanta (1112) ACS SE in a Rack
This section provides instructions for installing the ACS SE Quanta (1112) version in a rack. The rack must be properly secured to the floor, ceiling, or upper wall, and where applicable, to adjacent racks. The rack should be secured by using floor and wall fasteners, and bracing specified by industry standards.
Before installing the ACS SE in a rack, read Preparing Your Site for Installation, page 2-5, to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components.
When installing and servicing the ACS SE:
•Disconnect all power and external cables before installing the system.
•Install the system in compliance with your local and national electrical codes:
–United States: National Fire Protection Association (NFPA) 70; United States National Electrical Code.
–Canada: Canadian Electrical Code, Part, I, CSA C22.1.
–Other countries: If local and national electrical codes are not available, see IEC 364, Part 1 through Part 7.
•Do not work alone under potentially hazardous conditions.
•Do not perform any action that creates a potential hazard to people or renders the equipment unsafe.
•Do not attempt to install the ACS SE in a rack that has not been securely anchored in place. Damage to the system and personal injury may result.
•Due to the size and weight of the computer system, never attempt to install the computer system by yourself.
See Precautions for Rack-Mounting, page 2-8, for additional safety information on rack installation.
|
Warning
|
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
•This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
•When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
•If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack. Statement 1006
|
The server can be installed in a system 1U rack. The rack rail components are (numbers in parentheses refer to Figure 3-1):
•2 telescopic rails (1, 2)
•1 cable management arm (3)
•Bag containing:
–9 Round head screws with washer (4)
–6 Round head screws (5)
–6 Cage nuts (6)
–Velcro (7)
Figure 3-1 Rack Rail Components
To install the Quanta (1112) ACS SE in a rack:
Step 1 Attach the telescopic rails to the rack assembly:
a. See Figure 3-2. Extend the server rail (1) as far as it will go.
b. Press the green spring plate (2) and slide out that part of the server rail (1). (Set it aside for attaching to the chassis.)
Figure 3-2 Removing the Server Rail
c. See Figure 3-3. Using a screwdriver (1), push the middle rail to the end of the rail.
Figure 3-3 Telescoping the Rail
Note To allow for adjustment later in the installation, do not tighten any screws. The outer rail and bracket assembly with extended bracket (1) must be assembled to the left side.
d. See Figure 3-4. Attach the front end of the telescopic outside rail (1) to the rack.
Figure 3-4 Attaching Front Rail to the Rack
Note The left side of the rail is for the cable arm.
e. See Figure 3-5. Attach the back end of the rail to the rack.
Figure 3-5 Attaching Back Rail to Rack
f. Repeat this process with the other rail and rack assembly.
g. Extend the middle rail about 30 cm (12 inches) and fasten with screws. See Figure 3-6. Then, push the middle rail back into its original position.
Figure 3-6 Attaching Screws to Telescopic Rail
Note Leaving some play between the bracket and the rail until you install the rail into the rack will make affixing the rail to the rack easier. After the rail is attached to the rack, you can tighten the screws.
Step 2 Attach the chassis to the rack:
a. See Figure 3-7. Secure chassis to the inner rail using three screws. Repeat this process with the other server rail.
Figure 3-7 Attaching Chassis to Rail
b. See Figure 3-8. Insert the chassis in the rack.
Figure 3-8 Sliding Chassis onto Rack
c. Slide the chassis backward and forward several times. Fasten with all the screws described in Step 1d.
d. See Figure 3-9. Slide six Velcro strips into the holes of the management arm.
Figure 3-9 Attaching Velcro to Management Arm
e. See Figure 3-10. Install the rear side of the cable management arm into the back rail until it snaps in the clip. Then install the front cable management arm into the inner rail until it snaps into the clip.
Figure 3-10 Attaching Management Arm
f. See Figure 3-11. Put cables into the cable management arm and use the Velcro to tighten the cable into the arm.
Figure 3-11 Installing Cable in Management Arm
g. See Figure 3-12. Push the server to the closed position. If the cable is too heavy to carry the server, use a screwdriver to adjust the cam so that the cable management arm is horizontal.
Figure 3-12 Fastening the Server into the Rack
Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than: 120 VAC, 15A (U.S./CAN); 240 VAC, 10A (INTERNATIONAL). Statement 1005
Installing the Quanta (1113) ACS SE in a Rack
Before installing the Quanta (1113) ACS SE in a rack, read Preparing Your Site for Installation, page 2-5 to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components. Perform the steps below when installing and servicing the WLSE.
The rack must be properly secured to the floor, to the ceiling or upper wall, and where applicable, to adjacent racks. The rack should be secured using floor and wall fasteners and bracing specified or approved by the rack manufacturer or by industry standards.
When installing and servicing the ACS SE:
•Disconnect all power and external cables before installing the system.
•Install the system in compliance with your local and national electrical codes:
–United States: National Fire Protection Association (NFPA) 70; United States National Electrical Code.
–Canada: Canadian Electrical Code, Part, I, CSA C22.1.
–Other countries: If local and national electrical codes are not available, see IEC 364, Part 1 through Part 7.
•Do not work alone under potentially hazardous conditions.
•Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
•Do not attempt to install the ACS SE in a rack that has not been securely anchored in place. Damage to the system and personal injury may result.
•Due to the size and weight of the computer system, never attempt to install the computer system by yourself.
See Precautions for Rack-Mounting, page 2-8 for additional safety information on rack installation.
|
Warning
|
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
•This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
•When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
•If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.
|
The server can be installed in a system 1U rack. The rack rail components are as follows (numbers in parentheses refer to Figure 3-13):
•2 telescopic rails (1, 2)
•Bag containing:
–8 Round head screws with washer (3)
–2 Round head screws (4)
–10 Cage nuts (5)
Figure 3-13 Rack Rail Components
To install the ACS SE 1113 (Quanta 1113) a rack, perform these steps as explained in the following sections:
1. Attach the chassis rail mount to the chassis (see Attaching the Chassis Rail Mount).
2. Attach the server rail to the rack assembly (see Attaching the Server Rail).
3. Slide the chassis on to the rack assembly (see Sliding Chassis On the Rack).
Attaching the Chassis Rail Mount
You must first remove the chassis rail mount section from the server rail and attach it to the chassis as shown in the following steps.
Procedure
Step 1 See Figure 3-14. Extend the server rail as far as it will go. When fully extended, the server rail locks into the extended position.
Figure 3-14 Removing the Chassis Rail Mount
Step 2 See Figure 3-15. Slide the white tab (1) in the direction of its arrow and slide out the chassis rail mount part. (Set it aside for attaching to the chassis in the next step.)
Figure 3-15 Sliding the Chassis Rail Mount Release Tab
Step 3 Align the holes in the chassis rail mount to the pegs on the chassis (1 and 2 in Figure 3-16).
Figure 3-16 Positioning Chassis Rail Mount on Chassis
Step 4 See Figure 3-17. Align the holes (1) and then slide the rail until it locks into place (2).
Figure 3-17 Attaching Chassis Rail Mount to Chassis
Figure 3-18 shows the chassis rail mount locked into place.
Figure 3-18 Chassis Rail Mount in Locked Position
Attaching the Server Rail
Now that you have mounted the chassis rail mount, retract the server rail that you previously extended and then attach it to the rack. If you have already retracted the server rail, go to step 2.
Procedure
Step 1 To retract the arm of the server rail, push the tab shown in Figure 3-19. Then slide the arm back in.
Figure 3-19 Retracting the Server Rail
Step 2 Attach the server rail to the rack as shown in the figure that corresponds to your rack:
–For a square-peg rack, see Figure 3-20.
–For a circular-peg rack, see Figure 3-21.
Figure 3-20 Attaching Rail to a Square-Peg Rack
Figure 3-21 Attaching Rail to a Circular-Peg Rack
Step 3 Repeat this process with the other rail and rack assembly.
Note Leaving some play between the bracket and the rail until you install the rail into the rack will make affixing the rail to the rack easier. After the rail is attached to the rack, you can tighten the screws.
Sliding Chassis On the Rack
Step 1 See Figure 3-22. On the chassis rail mount, slide and hold the purple tab in the direction of the arrow. This allows the chassis rail mount to slide on to the rail.
Figure 3-22 Sliding the Chassis Rail Mount Extended Tab
Step 2 Insert the chassis in the rack. See Figure 3-23.
Figure 3-23 Sliding Chassis onto Rack
Slide the chassis back and forth several times. Fasten with all the screws.
Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that you use a fuse or circuit breaker no larger than 120 VAC, 15A (U.S./CAN); 240 VAC, 10A (INTERNATIONAL). Statement 1005
Connecting to the AC Power Source
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Connect the AC power receptacle to the AC power source with the provided power cable.
Connecting Cables
Use unshielded twisted-pair (UTP,) copper-wire Ethernet cable, with standard RJ-45-compatible plugs, to connect the ACS SE to the network.
To connect the cables:
Step 1 Plug the network connection into the Ethernet 0 port (NIC 1). See Figure 1-3 on page 1-5 for the location of the Ethernet 0 port.
Step 2 Connect a console to the console or serial port using the supplied serial cable and, if necessary, the DB-9-to-RJ-45 console adapter. See Figure 1-3 on page 1-5 for the location of the serial port.
Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.
Initial Configuration
The first three steps of the four steps required to configure the ACS are documented in this manual:
•Establishing a Serial Console Connection
•Configuring ACS SE
•Verifying the Initial Configuration
Note You perform the fourth and final part of the configuration, which includes providing AAA services by establishing administrative and user accounts and configuring network connections, from the web interface. See User Guide for Cisco Secure ACS Solution Engine for more information.
Establishing a Serial Console Connection
Before you can perform the initial configuration of ACS SE, you must establish a serial console connection to it. This procedure requires a PC, two DB-9 to RJ-45 adapters (provided), an RJ-45 cable (provided), and terminal emulation communication software (Hyper Terminal or equivalent).
To establish a serial console connection:
Note If you performed the procedure in Connecting Cables, you can skip to Step 2.
Step 1 Connect a console to the serial console port on the back panel:
a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the console.
b. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the ACS SE. For the location of the serial port, see Figure 1-3 on page 1-5.
c. Use an RJ-45 cable (provided) to connect the console to the ACS SE.
Tip You may also use a serial concentrator connection, if desired.
Step 2 Power on ACS SE and the console, and open your terminal emulation communication software on the console.
Tip See Figure 1-2 on page 1-3 for the location of the power switch on the ACS SE.
Step 3 Set your terminal emulation communication software to operate with the following settings:
•Baud = 115200
•Databits = 8
•Parity = N
•Stops = 1
•Flow control = None
Result: The login: prompt appears.
Configuring ACS SE
You must configure the ACS SE when you boot the system for the first time, and whenever you re-image the system.
Before you begin to configure the solution engine, you should have the following information:
•Network hostname of the solution engine.
•DNS domain name.
•Administrator name and password.
•Database password.
•Whether you will enable DCHP (enabling DCHP is not recommended).
•IP, netmask, and gateway addresses you will assign to the ACS SE.
•Whether you will be using NTP synchronization and, if yes, the address of the NTP server.
To configure the ACS SE:
Step 1 Establish a serial console connection to the ACS SE; for details see Establishing a Serial Console Connection.
Note If the ACS SE is not configured (that is, it is new or has been re-imaged) the system displays the system information, including the software version.
Step 2 Confirm that the following information appears above the login: prompt:
Cisco Secure ACS: [version number]
Appliance Management Software: [version number]
Appliance Base Image: [version number]
CSA build [version number]: (Patch: [version number])
Status: Appliance is functioning properly
The ACS Appliance has not been configured.
Logon as "Administrator" with password "setup" to configure appliance.
Step 3 At the login: prompt, type Administrator and then press Enter.
Note When you boot the system for the first time, it is not configured. You must log in as Administrator to configure the system.
Result: The system displays the password: prompt.
Step 4 At the password: prompt, type setup and press Enter.
Note The password is case sensitive.
Result: The system displays the following message on the console:
Machine will be rebooted after initialization.
Entering Ctrl-C before setting appliance name will shutdown the appliance
Step 5 At the ACS Appliance name [deliverance1]: prompt, type the name that you intend to use for your ACS SE, and then press Enter.
Tip The name can contain up to 15 letters and numbers, but no spaces.
Result: The system displays the following message on the console:
ACS Appliance name is set to xxx.
Step 6 At the DNS domain [ ]: prompt, type the domain name. Then press Enter.
Result: The system displays the following message on the console:
DNS name is set to xxx.com.
You need to set the administrator account name and password.
Step 7 At the Enter new account name: prompt, type the ACS SE administrator account name, and then press Enter.
Tip There is only one ACS SE administrator account at a given time. The account's credentials can be changed. For more information see Chapter 4, "Resetting the Solution Engine Administrator Password."
Step 8 At the Enter new password: prompt, type the new ACS SE password and press Enter.
Note The new password must contain a minimum of 6 characters, and include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word. The password cannot contain the account name.
Step 9 At the Enter new password again: prompt, type the new ACS SE password, and then press Enter.
Result: The system displays the following message on the console:
Password is set successfully.
Administrator name is set to xxx.
Step 10 The following prompt appears for the new database password:
Please enter the Encryption Password for the Configuration Store.
Please note this is different from the administrator account,
it is used to encrypt the Database.
Type the new database password and press Enter.
Note The new password must contain a minimum of 6 characters, and it must include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word.
Step 11 At the Enter new password again: prompt, type the new database password, and then press Enter.
Result: The system displays the following message on the console:
Password is set successfully.
Step 12 At the Use Static IP Address [Yes]: prompt, type Y for yes or N for No, and then press Enter.
Note To set or change the IP address of your ACS SE, it must be connected to a working Ethernet connection.
Note A static IP address must be assigned to your ACS SE. You can set the IP address directly by answering Y to this step and performing the substeps detailed in Step 13. Alternatively, you may use a DHCP server if it assigns a single IP address that does not change.
Step 13 The following prompts appear only if you set a static IP address manually. Otherwise the following message appears:
No change to the configuration.
Accept network setting [Yes]
a. To specify the ACS SE IP address, at the IP Address [xx.xx.xx.xx]: prompt, type the IP address, and then press Enter.
b. At the Subnet Mask [xx.xx.xx.xx]: prompt, type the subnet mask value, and then press Enter.
c. At the Default Gateway [xx.xx.xx.xx]: prompt, type the default gateway value, and then press Enter.
d. At the DNS Servers [xx.xx.xx.xx]: prompt, type the address of any DNS servers that you intend to use (separate each by a single space), and then press Enter.
Note If you do not intend to use a DNS server, enter the IP address of the ACS SE at the DNS Servers [xx.xx.xx.xx]: prompt. If you do not configure the ACS SE to use a DNS server, you must respond to all prompts for hostname or IP address only with an IP address.
Result: The system displays the new configuration information followed by this message:
IP Address is reconfigured.
e. At the prompt, Confirm the changes? [Yes]: type Y, and then press Enter.
Result: The system displays the following message:
Default gateway is set to xx.xx.xx.xx
DNS servers are set to: xx.xx.xx.xx xx.xx.xx.xx.
f. At the prompt, Test network connectivity [Yes]:, type Y, and then press Enter.
Tip This step is essentially executing a ping command to ensure the connectivity of the ACS SE.
g. At the prompt, Enter hostname or IP address:, type the IP address or hostname of a device connected to the ACS SE, and then press Enter.
Result: If successful, the system displays the ping statistics. The system displays the prompt: Test network connectivity [Yes]:.
h. If network connectivity is validated in the previous two steps, at the prompt, Test network connectivity [Yes]:, type N, and then press Enter.
Tip The system continues to provide you with the opportunity to test network connectivity until you answer no. This means that you can correct network connections or retype the IP address.
Step 14 If the settings appear correctly, at the prompt, Accept network setting [Yes]:, type Y, and then press Enter.
Result: The system displays the following message on the console:
Current Date Time Setting:
Time Zone: (GMT -xx:xx) XXX Time
Date and Time: mm/dd/yyyy
NTP Server(s): NTP Synchronization Disabled.
Step 15 To set the time and date of the ACS SE, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter.
Result: The system displays a numbered list of time zones.
Step 16 At the Enter desired time zone index (0 for more choices): prompt, type the index number of the time zone that you want, and then press Enter.
Result: The system displays the new time zone.
Step 17 At the Synchronize with NTP server? [N]: prompt, do one of the following:
•To set the time manually, type N, and then press Enter.
•To use an NTP server for setting time, type Y, and when prompted enter the IP address of the NTP server that you want.
Tip Only if you select to use an NTP server can you subsequently use the ntpsync command.
Result: The system displays a confirmation message reflecting your choice.
Step 18 At the Enter date [mm/dd/yyyy]: prompt, type the date in the given format, and then press Enter.
Step 19 At the Enter time [hh:mm:ss]: prompt, type the current time in the given format, and then press Enter.
Result: The system displays the following message on the console:
Initial configuration is successful. Appliance will now reboot.
Verifying the Initial Configuration
To verify that you have correctly completed the ACS SE initial configuration:
Before You Begin
Establish a serial console connection to the ACS SE. For details, see Establishing a Serial Console Connection.
Step 1 Reboot the ACS SE. For more information, see Rebooting the Solution Engine From a Serial Console, page 4-3.
Result: When the systems finish booting, a login: prompt appears on the console.
Step 2 At the login: prompt, type the new administrator name, and press Enter.
Result: The password prompt appears.
Step 3 At the password: prompt, enter the password you created during initial configuration.
Result: The system prompt appears.
Step 4 At the system prompt, type show, and then press Enter.
Result: The system displays status information.
Step 5 Verify the displayed information.
Next Steps
After you have successfully performed the procedures in this guide, your ACS SE is installed and initially configured. The next step is to use a browser and the web interface to fully configure your ACS SE to provide the AAA services that you want from this installation. The HTML address is in the following format: HTTP//[ip address]:2002, where ip address is the address that you assign during configuration.
For information on setting up user, group, network, and other parameters, see the User Guide for Cisco Secure ACS Solution Engine.
Note Note regarding "Self" entry in AAA servers table to be added (in progress)
Feedback
