Table Of Contents
Installing and Configuring Cisco Secure ACS Solution Engine 4.1
Installation Quick Reference
Installing the Cisco 1113 in a Rack
Attaching the Chassis Rail Mount
Attaching the Server Rail
Sliding Chassis On the Rack
Connecting to the AC Power Source
Connecting Cables
Initial Configuration
Establishing a Serial Console Connection
Configuring ACS SE
Verifying the Initial Configuration
Setting Up a GUI Administrator Account
Next Steps
Installing and Configuring Cisco Secure ACS Solution Engine 4.1
This chapter describes how to install and initially configure Cisco Secure ACS Solution Engine (ACS SE) 4.1. It contains:
•
Installation Quick Reference
•Installing the Cisco 1113 in a Rack
•Connecting to the AC Power Source
•Connecting Cables
•Initial Configuration
•Verifying the Initial Configuration
•Next Steps
Note The details in this guide correspond to the CSACSE-1113-K9 platform only.
Installation Quick Reference
Table 3-1 provides a high-level overview of the installation and initial configuration process. Following installation and initial configuration, see the User Guide for Cisco Secure ACS for information on how to use a browser and the web interface to fully configure your ACS SE to provide the AAA services that you want from this installation.
Installing the Cisco 1113 in a Rack
Before installing the Cisco 1113 in a rack, read Preparing Your Site for Installation, page 2-6 to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components. Perform the steps below when installing and servicing the Cisco Secure ACS SE.
The rack must be properly secured to the floor, to the ceiling or upper wall, and where applicable, to adjacent racks. The rack should be secured using floor and wall fasteners and bracing specified or approved by the rack manufacturer or by industry standards.
When installing and servicing the ACS SE:
•Disconnect all power and external cables before installing the system.
•Install the system in compliance with your local and national electrical codes:
–United States: National Fire Protection Association (NFPA) 70; United States National Electrical Code.
–Canada: Canadian Electrical Code, Part, I, CSA C22.1.
–Other countries: If local and national electrical codes are not available, see IEC 364, Part 1 through Part 7.
•Do not work alone under potentially hazardous conditions.
•Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
•Do not attempt to install the ACS SE in a rack that has not been securely anchored in place. Damage to the system and personal injury may result.
•Due to the size and weight of the computer system, never attempt to install the computer system by yourself.
See Precautions for Rack-Mounting, page 2-8 for additional safety information on rack installation.
|
Warning
|
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
•This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
•When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.
•If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.
|
The server can be installed in a system 1U rack. The rack rail components are as follows (numbers in parentheses refer to Figure 3-1):
•2 telescopic rails (1, 2)
•Bag containing:
–8 Round head screws with washer (3)
–2 Round head screws (4)
–10 Cage nuts (5)
Figure 3-1 Rack Rail Components
To install the Cisco 1113 in a rack:
1. Attach the chassis rail mount to the chassis (see Attaching the Chassis Rail Mount).
2. Attach the server rail to the rack assembly (see Attaching the Server Rail).
3. Slide the chassis on to the rack assembly (see Sliding Chassis On the Rack).
Attaching the Chassis Rail Mount
You must first remove the chassis rail mount section from the server rail and attach it to the chassis.
To attach the chassis rail mount:
Step 1 See Figure 3-2. Extend the server rail as far as it will go. When fully extended, the server rail locks into the extended position.
Figure 3-2 Removing the Chassis Rail Mount
Step 2 See Figure 3-3. Slide the white tab (1) in the direction of its arrow and slide out the chassis rail mount part. (Set it aside for attaching to the chassis in the next step.)
Figure 3-3 Sliding the Chassis Rail Mount Release Tab
Step 3 Align the holes in the chassis rail mount to the pegs on the chassis (1 and 2 in Figure 3-4).
Figure 3-4 Positioning Chassis Rail Mount on Chassis
Step 4 See Figure 3-5. Align the holes (1) and then slide the rail until it locks into place (2).
Figure 3-5 Attaching Chassis Rail Mount to Chassis
Figure 3-6 shows the chassis rail mount locked into place.
Figure 3-6 Chassis Rail Mount in Locked Position
Attaching the Server Rail
Now that you have mounted the chassis rail mount, retract the server rail that you previously extended and then attach it to the rack. If you have already retracted the server rail, go to step 2.
Procedure
Step 1 To retract the arm of the server rail, push the tab shown in Figure 3-7. Then slide the arm back in.
Figure 3-7 Retracting the Server Rail
Step 2 Attach the server rail to the rack as shown in the figure that corresponds to your rack:
–For a square-peg rack, see Figure 3-8.
–For a circular-peg rack, see Figure 3-9.
Figure 3-8 Attaching Rail to a Square-Peg Rack
Figure 3-9 Attaching Rail to a Circular-Peg Rack
Step 3 Repeat this process with the other rail and rack assembly.
Note Leaving some play between the bracket and the rail until you install the rail into the rack will make affixing the rail to the rack easier. After the rail is attached to the rack, you can tighten the screws.
Sliding Chassis On the Rack
Step 1 See Figure 3-10. On the chassis rail mount, slide and hold the purple tab in the direction of the arrow. This allows the chassis rail mount to slide on to the rail.
Figure 3-10 Sliding the Chassis Rail Mount Extended Tab
Step 2 Insert the chassis in the rack. See Figure 3-11.
Figure 3-11 Sliding Chassis onto Rack
Slide the chassis back and forth several times. Fasten with all the screws.
Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that you use a fuse or circuit breaker no larger than 120 VAC, 15A (U.S./CAN); 240 VAC, 10A (INTERNATIONAL). Statement 1005
Connecting to the AC Power Source
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Connect the AC power receptacle to the AC power source with the provided power cable.
Connecting Cables
Use unshielded twisted-pair (UTP,) copper-wire Ethernet cable, with standard RJ-45-compatible plugs, to connect the ACS SE to the network.
To connect the cables:
Step 1 Plug the network connection into the Ethernet 0 port (NIC 1). See Figure 1-3 on page 1-6 for the location of the Ethernet 0 port.
Step 2 Connect a console to the console or serial port using the supplied serial cable and, if necessary, the DB-9-to-RJ-45 console adapter. See Figure 1-3 on page 1-6 for the location of the serial port.
Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.
Initial Configuration
The first three steps of the four steps required to configure the ACS are documented in this manual:
•Establishing a Serial Console Connection
•Configuring ACS SE
•Verifying the Initial Configuration
Note You perform the fourth and final part of the configuration, which includes providing AAA services by establishing administrative and user accounts and configuring network connections, from the web interface. See User Guide for Cisco Secure ACS for more information.
Establishing a Serial Console Connection
Before you can perform the initial configuration of ACS SE, you must establish a serial console connection to it. This procedure requires a PC, two DB-9 to RJ-45 adapters (provided), an RJ-45 cable (provided), and terminal emulation communication software (Hyper Terminal or equivalent).
To establish a serial console connection:
Note If you performed the procedure in Connecting Cables, you can skip to Step 2.
Step 1 Connect a console to the serial console port on the back panel:
a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the console.
b. Attach a DB-9 to RJ-45 adapter (provided) to the serial port of the ACS SE. For the location of the serial port, see Figure 1-3 on page 1-6.
c. Use an RJ-45 cable (provided) to connect the console to the ACS SE.
Tip You may also use a serial concentrator connection, if desired.
Step 2 Power on ACS SE and the console, and open your terminal emulation communication software on the console.
Tip See Figure 1-2 on page 1-4 for the location of the power switch on the ACS SE.
Step 3 Set your terminal emulation communication software to operate with the following settings:
•Baud = 115200
•Databits = 8
•Parity = N
•Stops = 1
•Flow control = None
•Terminal emulation type = ANSI
Result: The login: prompt appears.
Configuring ACS SE
You must configure the ACS SE when you boot the system for the first time, and whenever you re-image the system.
Before you begin to configure the solution engine, you should have the following information:
•Network hostname of the solution engine.
•DNS domain name.
•Administrator name and password.
•Database password.
•Whether you will enable DHCP (enabling DHCP is not recommended).
•IP, netmask, and gateway addresses you will assign to the ACS SE.
•Whether you will be using NTP synchronization and, if yes, the address of the NTP server.
To configure the ACS SE:
Step 1 Establish a serial console connection to the ACS SE; for details see Establishing a Serial Console Connection.
Note If the ACS SE is not configured (that is, it is new or has been re-imaged) the system displays the system information, including the software version.
Step 2 Confirm that the following information appears above the login: prompt:
Cisco Secure ACS: [version number]
Appliance Management Software: [version number]
Appliance Base Image: [version number]
CSA build [version number]: (Patch: [version number])
Status: Appliance is functioning properly
The ACS Appliance has not been configured.
Logon as "Administrator" with password "setup" to configure appliance.
Note If this information does not appear and only the login prompt appears, you must reboot the appliance and then log in.
Step 3 At the login: prompt, type Administrator and then press Enter.
Note When you boot the system for the first time, it is not configured. You must log in as CLI administrator to configure the system.
Result: The system displays the password: prompt.
Step 4 At the password: prompt, type setup and press Enter.
Note The password is case sensitive.
Result: The system displays the following message on the console:
Machine will be rebooted after initialization.
Entering Ctrl-C before setting appliance name will shutdown the appliance
Step 5 At the ACS Appliance name [deliverance1]: prompt, type the name that you intend to use for your ACS SE, and then press Enter.
Tip The name can contain up to 15 letters and numbers, but no spaces.
Result: The system displays the following message on the console:
ACS Appliance name is set to xxx.
Step 6 At the DNS domain [ ]: prompt, type the domain name. Then press Enter.
Result: The system displays the following message on the console:
DNS name is set to xxx.com.
You need to set the administrator account name and password.
Step 7 At the Enter new account name: prompt, type the ACS SE administrator account name, and then press Enter.
Tip There is only one ACS SE CLI administrator account at a given time. This account allows access only through a serial cable and CLI commands. The account's credentials can be changed. For more information see Chapter 4, "Resetting the Solution Engine Administrator Password."
Step 8 At the Enter new password: prompt, type the new ACS SE password and press Enter.
Note The new password must contain a minimum of 6 characters, and include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word. The password cannot contain the account name.
Step 9 At the Enter new password again: prompt, type the new ACS SE password, and then press Enter.
Result: The system displays the following message on the console:
Password is set successfully.
Administrator name is set to xxx.
Step 10 The following prompt appears for the new database password:
Please enter the Encryption Password for the Configuration Store.
Please note this is different from the administrator account,
it is used to encrypt the Database.
Type the new database password and press Enter.
Note The new password must contain a minimum of 6 characters, and it must include a mix of at least three character types (uppercase letters, lowercase letters, digits, and special characters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word.
Step 11 At the Enter new password again: prompt, type the new database password, and then press Enter.
Result: The system displays the following message on the console:
Password is set successfully.
Step 12 At the Would you like to add GUI Administrator now?: prompt, type y for yes or n for no, and press Enter.
Note If you do not enter y or n and press enter, the default value is (yes) is used.
Step 13 If you entered y, complete these steps:
a. When the Enter new GUI administrator name: prompt appears, enter the new GUI administrator name.
The following prompt appears:
b. Enter the new password.
Note The password can only contain a maximum of 32 characters and a minimum of 4 characters.
The following prompt appears:
Enter new password again:
c. Enter the new password again.
Result: The console displays:
GUI Administrator added successfully.
For more information on the GUI administrator account, see Setting Up a GUI Administrator Account.
Step 14 At the Use Static IP Address [Yes]: prompt, type Y for yes or N for No, and then press Enter.
Note To set or change the IP address of your ACS SE, it must be connected to a working Ethernet connection.
Note A static IP address must be assigned to your ACS SE. You can set the IP address directly by answering Y to this step and performing the substeps detailed in Step 15. Alternatively, you may use a DHCP address if it assigns a single IP address that does not change.
Step 15 The following prompts appear only if you set a static IP address manually. Otherwise the following message appears:
No change to the configuration.
Accept network setting [Yes]
a. To specify the ACS SE IP address, at the IP Address [xx.xx.xx.xx]: prompt, type the IP address, and then press Enter.
b. At the Subnet Mask [xx.xx.xx.xx]: prompt, type the subnet mask value, and then press Enter.
c. At the Default Gateway [xx.xx.xx.xx]: prompt, type the default gateway value, and then press Enter.
d. At the DNS Servers [xx.xx.xx.xx]: prompt, type the address of any DNS servers that you intend to use (separate each by a single space), and then press Enter.
Note If you do not intend to use a DNS server, enter the IP address of the ACS SE at the DNS Servers [xx.xx.xx.xx]: prompt. If you do not configure the ACS SE to use a DNS server, you must respond to all prompts for hostname or IP address only with an IP address.
Result: The system displays the new configuration information followed by this message:
IP Address is reconfigured.
e. At the prompt, Confirm the changes? [Yes]: type Y, and then press Enter.
Result: The system displays the following message:
Default gateway is set to xx.xx.xx.xx
DNS servers are set to: xx.xx.xx.xx xx.xx.xx.xx.
f. At the prompt, Test network connectivity [Yes]:, type y or Y, and then press Enter.
Tip This step is essentially executing a ping command to ensure the connectivity of the ACS SE.
g. At the prompt, Enter hostname or IP address:, type the IP address or hostname of a device connected to the ACS SE, and then press Enter.
Result: If successful, the system displays the ping statistics. The system displays the prompt: Test network connectivity [Yes]:.
h. If network connectivity is validated in the previous two steps, at the prompt, Test network connectivity [Yes]:, type n or N, and then press Enter.
Tip The system continues to provide you with the opportunity to test network connectivity until you answer no. This means that you can correct network connections or retype the IP address.
Step 16 If the settings appear correctly, at the prompt, Accept network setting [Yes]:, type y or Y, and then press Enter.
Result: The system displays the following message on the console:
Current Date Time Setting:
Time Zone: (GMT -xx:xx) XXX Time
Date and Time: mm/dd/yyyy
NTP Server(s): NTP Synchronization Disabled.
Step 17 To set the time and date of the ACS SE, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter.
Result: The system displays a numbered list of time zones.
Step 18 At the Enter desired time zone index (0 for more choices): prompt, type the index number of the time zone that you want, and then press Enter.
Result: The system displays the new time zone.
Step 19 At the Synchronize with NTP server? [N]: prompt, do one of the following:
•To set the time manually, type N, and then press Enter.
•To use an NTP server for setting time, type Y, and when prompted enter the IP address of the NTP server that you want.
Tip Only if you select to use an NTP server can you subsequently use the ntpsync command.
Result: The system displays a confirmation message reflecting your choice.
Step 20 At the Enter date [mm/dd/yyyy]: prompt, type the date in the given format, and then press Enter.
Step 21 At the Enter time [hh:mm:ss]: prompt, type the current time in the given format, and then press Enter.
Result: The system displays the following message on the console:
Initial configuration is successful. Appliance will now reboot.
Verifying the Initial Configuration
To verify that you have correctly completed the ACS SE initial configuration:
Before You Begin
Establish a serial console connection to the ACS SE. For details, see Establishing a Serial Console Connection.
Step 1 Reboot the ACS SE. For more information, see Rebooting the Solution Engine From a Serial Console, page 4-3.
Result: When the systems finish booting, a login: prompt appears on the console.
Step 2 At the login: prompt, type the new administrator name, and press Enter.
Result: The password prompt appears.
Step 3 At the password: prompt, enter the password you created during initial configuration.
Result: The system prompt appears.
Step 4 At the system prompt, type show, and then press Enter.
Result: The system displays status information.
Step 5 Verify the displayed information.
Setting Up a GUI Administrator Account
After initial installation or re-imaging, unless you specified a GUI administrator account during the initial configuration using the setup script, only one administrator account exists: the CLI administrator account. This account allows access only through a serial console log in and CLI commands.
If you specified a GUI administrator account when prompted for one by the setup script, a GUI administrator account exists. However, before the designated GUI administrator user can use this account, you must unlock it by entering the unlock guiadmin command.
You can also set up an additional GUI administrator account that can access the SE.
To set up an initial web GUI account:
Step 1 Log in as the CLI administrator.
Step 2 If a GUI administrator account was specified during initial configuration using the setup script, enter the unlock guiadmin command to unlock the GUI administrator account:
unlock guiadmin <Admin> <Password>
where Admin is the name of the GUI administrator account and Password is the password for the account.
Step 3 If no GUI administrator account has been set up or you want to add additional GUI administrator accounts, at the command prompt, enter:
add guiadmin
Result: The console displays:
Adding new GUI Administrator
Note! All ACS services will be restarted.
GUI Administrator password policy is:
Password must be at least 4 character(s) long.
Step 4 At the Enter new GUI administrator name: prompt, enter the new GUI administrator name, and press Enter.
Step 5 At the Enter new password: prompt, enter the new password, and press Enter.
Note The password can only contain a maximum of 32 characters and a minimum of 4 characters.
Step 6 At the Enter new password again: prompt, enter the new password again, and press Enter.
Result: The console displays:
GUI Administrator added successfully.
Note The new GUI administrator account is not usable until you unlock it by entering the unlock guiadmin command.
Now, you can now use the GUI administrator account to remotely access the ACS GUI running on the ACS SE.
Next Steps
After you have successfully performed the procedures in this guide, your ACS SE is installed and initially configured. The next step is to log in using the GUI administrator account and use a browser and the web interface to fully configure your ACS SE to provide the AAA services that you want from this installation. The HTML address is in the following format: http://<ip address>:2002, where ip address is the address that you assign during configuration.
For information on setting up user, group, network, and other parameters, see the User Guide for Cisco Secure ACS.
Note The ACS Solution Engine automatically creates an entry called Self in the AAA Servers Table. This entry identifies the Solution Engine machine.
However, in the Proxy Distribution Table and the AAA Server Table for RDMS synchronization, the ACS Solution Engine creates an entry for the hostname of the device that is running the ACS Solution Engine.
Feedback
