Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 3.3 Migration to 4.2 or 5.1 Appliance


I'm currently looking to migrate a customer from ACS 3.3 on a Win2K server to an Appliance.

The current ACS server provides AAA for approx 1000 routers/switches etc to provide authentication for interactive logon (via Novell LDAP) and scripted maintenance logon (via local DB). ACS also provides accounting for logon/configuration changes etc.

Q1. Will both 5.1 and 4.2 ACS appliance engines provide these facilities (local db/ldap etc), if so then 5.1 would be the best choice?

Q2. Can the data (AAA clients/users etc) be exported from 3.3 and imported to 4.2 or 5.1, as ideally I want to keep the original server untouched for rollback.

Thanks in advance.

Cisco Employee

Re: ACS 3.3 Migration to 4.2 or 5.1 Appliance

Both 5.1 and ACS 4.2 ACS appliance support authentication against LDAP and local DB.

ACS 5.1 is the next generation ACS platform and provides a policy based mechanism for defining authorizations; as opposed to the user/group based mechanisms in ACS 4.2.

To migrate the system from ACS 3.3 requires a two stage process:

1) upgrade to ACS 4.2

2) migrate data from ACS 4.2 to ACS 5.1

The second migration process can extract all user/device definitions from the ACS 4.2 to ACS 5.1 and then need to create the appropriate policies that define the user access

The ACS 5.1 DVD set should include all the required software versions to perform this upgrade although I am not familiar with the specifics of upgrade of ACS 3.3 to ACS 4.2. The original 3.3 system could be kept in place and the upgrade/migration be performed on a parallel system.

ACS 5.1 does have capability to import user/device data from a csv file and so if can get the data in this format can avoid all the upgrade/migration related activities

Hope this helps