ACS 3.3 Migration to 4.2 or 5.1 Appliance

Unanswered Question
Nov 12th, 2009
User Badges:


I'm currently looking to migrate a customer from ACS 3.3 on a Win2K server to an Appliance.

The current ACS server provides AAA for approx 1000 routers/switches etc to provide authentication for interactive logon (via Novell LDAP) and scripted maintenance logon (via local DB). ACS also provides accounting for logon/configuration changes etc.

Q1. Will both 5.1 and 4.2 ACS appliance engines provide these facilities (local db/ldap etc), if so then 5.1 would be the best choice?

Q2. Can the data (AAA clients/users etc) be exported from 3.3 and imported to 4.2 or 5.1, as ideally I want to keep the original server untouched for rollback.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jrabinow Thu, 11/12/2009 - 09:00
User Badges:
  • Cisco Employee,

Both 5.1 and ACS 4.2 ACS appliance support authentication against LDAP and local DB.

ACS 5.1 is the next generation ACS platform and provides a policy based mechanism for defining authorizations; as opposed to the user/group based mechanisms in ACS 4.2.

To migrate the system from ACS 3.3 requires a two stage process:

1) upgrade to ACS 4.2

2) migrate data from ACS 4.2 to ACS 5.1

The second migration process can extract all user/device definitions from the ACS 4.2 to ACS 5.1 and then need to create the appropriate policies that define the user access

The ACS 5.1 DVD set should include all the required software versions to perform this upgrade although I am not familiar with the specifics of upgrade of ACS 3.3 to ACS 4.2. The original 3.3 system could be kept in place and the upgrade/migration be performed on a parallel system.

ACS 5.1 does have capability to import user/device data from a csv file and so if can get the data in this format can avoid all the upgrade/migration related activities

Hope this helps


This Discussion