Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
6
Helpful
4
Replies

ACS 4.0 as master for 1121 Applicance with 5.1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-01-2010 01:29 PM - edited ‎03-10-2019 05:10 PM

Hello Netpros,

Can anyone tell me if I can use my existing Cisco Secure ACS for Windows server running Release 4.0(1) Build 27 as the primary ACS servers for new appliances running Release 5.1?

I know I can't migrate directly from that Windows version, but can I interoperate. I'm happy living with 4.x level functionality but would not like to buy and deploy new 4.x systems unless it's absolutely necessary.

I'm looking to roll out ACS more widely (i.e., at geographically distant new sites) and would like to drop a new appliance in the new sites without a forklift upgrade of my existing Hqs setup.

Labels:
0 Helpful
4 Replies 4

Erick Delgado
Level 1
Level 1

‎06-01-2010 04:17 PM

Hi,

The ACS 4.0 can be the Primary for authentication method for the aaa clients but the information cannot be replicated from ACS 4.0 to ACS 5.x.

Hope this help!

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Erick Delgado

‎06-01-2010 06:59 PM

Thank you, Erick. That information is helpful.

Do you have any link to the documentation that covers this aspect of integration? My review of what's out there didn't uncover anything obvious.

0 Helpful

Erick Delgado
Level 1
Level 1
In response to Marvin Rhoads

‎06-02-2010 06:09 AM

Hi,

Basically the configuration needs to be done on the aaa clients.

You could configure the following.

Tacacs-server host x.x.x.x (IP address of the primary sever in your case ACS 4.0)

Tacacs-server host x.x.x.x (IP address of the primary sever in your case  ACS 5.x)

Tacacs-server key xxxxxxx

With this little configuration the aaa client will try first the ACS 4.0 and then the ACS 5.x.

Unfortunately ACS 4 and 5 cannot replicate each other.

Below is a link that will help you to configure aaa on IOS device.

http://tools.cisco.com/squish/734Fc

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Erick Delgado

‎06-02-2010 11:06 AM

Thanks Erick. Of course I can point my AAA clients to many disparate servers.

I was specifically asking whether the (lack of ) integration between ACS 4.x and ACS 5.x was covered in any Cisco documentation.

Between that issue and the (significant) price jump for "large" deployments (>500 devices require an additional license under 5.x whereas ACS 4.x did not limit the number of devices) it seems there's not a lot of incentive for customers to make the jump from ACS 4.x.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents