×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Adding second ACS server to exisitng 4.2 server

Unanswered Question
May 14th, 2012
User Badges:

Question on this, is 5.2 backwards compatible with 4.2 appliance? If not, what is needed to bring the 4.2 appliance up to 5.2 and will the VMWare version work for the second system with the appliance as primary?  Years ago I had 2 of them and replication worked flawlessly, but we had to take the one unit offline for another project and have never replaced it.


Can I still get 4.2 from Cisco for this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mauzamor Mon, 05/14/2012 - 09:23
User Badges:
  • Bronze, 100 points or more

-You cannot restore any backup file from ACS 4.x into a 5.x server, you can only migrate a few options:


Elements supported for migration:


http://tools.cisco.com/squish/f7E1e


Elements not supported for migration:


http://tools.cisco.com/squish/4a261


-ACS 5.x works with VM for primary or secondary just fine:


http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_vmware.html#wp1069964


-If your contract allows you to have 2 ACS servers 4.x you will be able to get 4.2, however the file is not available in the Cisco page (only the trial version is), you will need to contact TAC to get this software.


Let me know if you have any other doubt.

tahequivoice Mon, 05/14/2012 - 09:32
User Badges:

Well, that sure looks to be  a real PITA for TACACS and RADIUS AAA use only.  Looks like 2 machines are required to upgrade an appliance. So to do that a second server on windows needs to be built, retore the configuration over to that server, then upgrade the appliance and then migrate from the backed up box to the appliance. It's as bad as going from 8.x to 8.4 on an ASA.  Some work fine, others you might as well write erase and start over.

ppbenac@gmail.com Mon, 05/14/2012 - 09:41
User Badges:

The simple answer to you question is No!   The RDBMS for 4.2 will not sync with 5.2.  Since the databases will not sync it kind of defeats the purpose of redundant servers.  If you are using ODBC you could setup some type of script to create a CVS file on the master and import it to the slave, but there is nothing to prevent the slave from being corrupted if an admin should happen to connect with the slave. 


I have never used the appliance based ACS, so I can't answer that part of the question; however, you can probably locate a copy of 4.2 through some Cisco Vendor someplace, but it is end of life so getting it from Cisco probably is not an option.

Actions

This Discussion

Related Content