Cisco Systems CSACS1121UPK9 User Manual

CHAP T E R

5

Installing and Configuring the Cisco Secure
Access Control System with CSACS-1121

This chapter describes how to install and initially configure CSACS-1121 and the ACS 5.2 server.

This chapter contains:

• Installation Using the CSACS-1121 Series Appliance, page 5-1

• Downloading the Cisco Secure ACS 5.2 ISO Image, page 5-2

• Installing the ACS Server, page 5-2

• Resetting the Administrator Password, page 5-6

• Reimaging the ACS Server, page 5-7

Installation Using the CSACS-1121 Series Appliance

The CSACS-1121 appliance is preinstalled with the ACS 5.2 software. This section gives you an
overview of the installation process and the tasks that you must perform before installing ACS.

Before you begin installing ACS 5.2, you must:

1. Open the box and check the contents. See Chapter 3, “Unpacking and Checking the Contents of Your

Shipment.”

2. Read Chapter 2, “Introducing the Cisco 1121 Secure Access Control System Hardware.”

3. Read the general precautions and safety warnings in Chapter 3, “Preparing to Install the Cisco 1121

Secure Access Control System Hardware.”

4. Install the appliance in the rack. See Chapter 4, “Installing the Cisco 1121 Secure Access Control

System Hardware.”

5. Connect the CSACS-1121 to the network and appliance console. See Chapter 4, “Connecting

Cables.”

6. Power up the CSACS-1121 appliance. See Chapter 4, “Powering Up the CSACS-1121 Series

Appliance.”

7. Run the setup command at the CLI prompt to configure the initial settings for the ACS server. See

Running the Setup Program, page 5-2.

OL-21574-01

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

5-1

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

Downloading the Cisco Secure ACS 5.2 ISO Image

Downloading the Cisco Secure ACS 5.2 ISO Image

You can download the Cisco Secure ACS 5.2 ISO image from Cisco.com

Step 1 Go to http://www.cisco.com/go/acs. You must already have a valid Cisco.com login credentials to access

this link.

Step 2 Click Download Software.

The Cisco Secure ACS Release 5.2 software image appears on the Cisco.com page. You can test all the
Cisco ACS services once your installation and initial configuration are complete.

Note ACS 5.x software images can be downloaded from Cisco Connection Online (CCO) only when the

customer has a valid Software Application Support (SAS) contract for a previous version of ACS 5.x
software. If they do not have the valid SAS contract of the previous version, they need to ask their Sales
Engineer (SE), Accounts Manager (AM), or Cisco partners to publish the software image on CCO to the
specific customers account.

Installing the ACS Server

This section describes the installation process for the ACS server on the CSACS-1121 Series appliance.

This section contains:

• Running the Setup Program, page 5-2

• Verifying the Installation Process, page 5-5

Running the Setup Program

This section describes the setup process to install the ACS server.

The setup program launches an interactive command-line interface (CLI) that prompts you for the
required parameters.

An administrator can use the console or a dumb terminal to configure the initial network settings and
provide the initial administrator credentials for the ACS 5.2 server using the setup program. The setup
process is a one-time configuration task.

To install the ACS server:

Step 1 Power on the appliance.

The setup prompt appears:

Please type ‘setup’ to configure the appliance

5-2

localhost login:

Step 2 At the login prompt, enter setup and press Enter.

The console displays a set of parameters. You must enter the parameters as described in Table 5-1 .

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

OL-21574-01

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

Installing the ACS Server

Note You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.

Table 5-1 Network Configuration Parameters

Prompt Default Conditions Description

Host Name localhost First letter must be an ASCII character.

Length must be from 3 to 15 characters.

Valid characters are alphanumeric (A-Z,
a-z, 0-9), hyphen (-), and the first
character must be a letter.

IPV4 IP Address None, network specific Must be a valid IPv4 address between

0.0.0.0 and 255.255.255.255.

IPv4 Netmask None, network specific Must be a valid IPv4 address between

0.0.0.0 and 255.255.255.255.

IPv4 Gateway None, network specific Must be a valid IPv4 address between

0.0.0.0 and 255.255.255.255.

Domain Name None, network specific Cannot be an IP address.

Valid characters are ASCII characters, any
numbers, hyphen (-), and period (.).

IPv4 Primary Name
Server Address

Add/Edit another
nameserver

None, network specific Must be a valid IPv4 address between

0.0.0.0 and 255.255.255.255.

None, network specific Must be a valid IPv4 address between

0.0.0.0 and 255.255.255.255.

Enter the hostname.

Enter the IP address.

Enter a valid netmask.

Enter a valid default gateway.

Enter the domain name.

Enter a valid name
server address.

To configure multiple name
servers, enter

Y.

OL-21574-01

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

5-3

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

Installing the ACS Server

Table 5-1 Network Configuration Parameters (continued)

Prompt Default Conditions Description

Username admin The name of the first administrative user.

You can accept the default or enter a new
username.

Must be from 3 to 8 characters, and must
be alphanumeric (A-Z, a-z, 0-9).

Admin Password None No default password. Enter your

password.

The password must be at least six
characters in length, have at least one
lowercase letter, one uppercase letter, and
one number.

In addition:

• Save the user and password

information for the account that you
set up for initial configuration.

• Remember and protect these

credentials because they allow
complete administrative control of the
ACS hardware, the CLI, and the
application.

• If you lose your administrative

credentials, you can reset your
password by using the ACS 5.2
installation CD.

Enter the username.

Enter the password.

5-4

The console requests for the parameters as shown below:

localhost login: setup

Enter hostname[]: acs-server-1

Enter IP address[]: 209.165.200.225

Enter IP default netmask[]: 255.255.255.0

Enter IP default gateway[]: 209.165.200.1

Enter default DNS domain[]: mycompany.com

Enter Primary nameserver[]: 209.165.200.254

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

OL-21574-01

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

Add/Edit another nameserver? Y/N : n

Enter username [admin]: admin

Enter password:

Enter password again:

Pinging the gateway...

Pinging the primary nameserver...

Do not use `Ctrl-C' from this point on...

Appliance is configured

Installing applications...

Installing acs...

Generating configuration...

Rebooting...

After the ACS server is installed, the system reboots automatically.

Now, you can log into ACS using the CLI username and password that was configured during the
setup process.

Installing the ACS Server

Note You can use this username and password to log into ACS only via the CLI.

Verifying the Installation Process

To verify that you have correctly completed the installation process:

Step 1 When the system reboots, at the login prompt enter the username you configured during setup, and

press Enter.

Step 2 At password prompt, enter the password you configured during setup, and press Enter.

Step 3 Verify that the application has been installed properly by entering show application, and press Enter.

The console displays:

<name> <Description>

acs Cisco Secure Access Control System 5.2

Step 4 Check the release and ACS version installed, at the system prompt by entering show application

version acs

The console displays:

Cisco ACS VERSION INFORMATION

, and press Enter.

OL-21574-01

-----------------------------

Version : 5.2.0.23

Internal Build ID : B.2724

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

5-5

Resetting the Administrator Password

Note The Version and Internal Build ID may change for different versions of this release.

Step 5 Check the status of ACS processes, at the system prompt by entering show application status acs,

and press Enter.

The console displays:

ACS role: PRIMARY

Process 'database' running

Process 'management' running

Process 'runtime' running

Process 'view-database' running

Process 'view-jobmanager' running

Process 'view-alertmanager' running

Process 'view-collector' running

Process 'view-logprocessor' running

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

Note To get the latest ACS patches and to keep your ACS up-to-date, visit

http://www.cisco.com/cgi-bin/tablebuild.pl/acs5_patches

Resetting the Administrator Password

If you are not able to log into the system due to loss of administrator password, you can use the ACS 5.2
Recovery DVD to reset the administrator password.

To reset the administrator password:

Step 1 Power up the appliance.

Step 2 Insert the ACS 5.2 Recovery DVD.

The console displays:

Welcome to Cisco Secure ACS 5.2 Recovery - CSACS 1121

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.2 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.2 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

5-6

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

OL-21574-01

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video
monitor, or enter

The console displays a set of parameters.

Step 3 Enter the parameters as described in Tab le 5- 2.

Table 5-2 Password Reset Parameters

Parameter Description

Admin username Enter the number of the administrator whose password you want to reset.

Password

Verify password Enter the password again.

Save change & Reboot Enter

4 if you are using a serial console port.

Enter the new password for the administrator.

Y to save.

Reimaging the ACS Server

The console displays:

Admin username:

[1]:admin

[2]:admin2

[3]:admin3

Enter number of admin for password recovery:1

Password:

Verify password:

Save change&reeboot? [Y/N]:

Reimaging the ACS Server

To reimage the ACS server:

Step 1 Power up the appliance.

Step 2 Insert the ACS Recovery DVD.

The console displays:

Welcome to Cisco Secure ACS 5.2 Recovery - Cisco CSACS 1121

To boot from hard disk press <Enter>

OL-21574-01

Available boot options:

[1] Cisco Secure ACS 5.2 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.2 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

5-7

Reimaging the ACS Server

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

Step 3 At the console prompt, enter 1 if you are using a keyboard and video monitor, or enter 2 if you are using

a serial console port,

The reimage process uninstalls the existing ADE-OS and ACS versions, and installs the latest versions.
For the installation process, see the section Running the Setup Program, page 5-2.

Chapter 5 Installing and Configuring the Cisco Secure Access Control System with CSACS-1121

and press Enter.

5-8

Installation and Upgrade Guide for the Cisco Secure Access Control System 5.2

OL-21574-01