ACS 4.0 as master for 1121 Applicance with 5.1

Unanswered Question
Jun 1st, 2010

Hello Netpros,

Can anyone tell me if I can use my existing Cisco Secure ACS for Windows server running Release 4.0(1) Build 27 as the primary ACS servers for new appliances running Release 5.1?

I know I can't migrate directly from that Windows version, but can I interoperate. I'm happy living with 4.x level functionality but would not like to buy and deploy new 4.x systems unless it's absolutely necessary.

I'm looking to roll out ACS more widely (i.e., at geographically distant new sites) and would like to drop a new appliance in the new sites without a forklift upgrade of my existing Hqs setup.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Erick Delgado Tue, 06/01/2010 - 16:17


The ACS 4.0 can be the Primary for authentication method for the aaa clients but the information cannot be replicated from ACS 4.0 to ACS 5.x.

Hope this help!

Marvin Rhoads Tue, 06/01/2010 - 18:59

Thank you, Erick. That information is helpful.

Do you have any link to the documentation that covers this aspect of integration? My review of what's out there didn't uncover anything obvious.

Erick Delgado Wed, 06/02/2010 - 06:09


Basically the configuration needs to be done on the aaa clients.

You could configure the following.

Tacacs-server host x.x.x.x (IP address of the primary sever in your case ACS 4.0)

Tacacs-server host x.x.x.x (IP address of the primary sever in your case  ACS 5.x)

Tacacs-server key xxxxxxx

With this little configuration the aaa client will try first the ACS 4.0 and then the ACS 5.x.

Unfortunately ACS 4 and 5 cannot replicate each other.

Below is a link that will help you to configure aaa on IOS device.

Marvin Rhoads Wed, 06/02/2010 - 11:06

Thanks Erick. Of course I can point my AAA clients to many disparate servers.

I was specifically asking whether the (lack of ) integration between ACS 4.x and ACS 5.x was covered in any Cisco documentation.

Between that issue and the (significant) price jump for "large" deployments (>500 devices require an additional license under 5.x whereas ACS 4.x did not limit the number of devices) it seems there's not a lot of incentive for customers to make the jump from ACS 4.x.


This Discussion