Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Hall of Fame Super Silver

ACS 4.0 as master for 1121 Applicance with 5.1

Hello Netpros,

Can anyone tell me if I can use my existing Cisco Secure ACS for Windows server running Release 4.0(1) Build 27 as the primary ACS servers for new appliances running Release 5.1?

I know I can't migrate directly from that Windows version, but can I interoperate. I'm happy living with 4.x level functionality but would not like to buy and deploy new 4.x systems unless it's absolutely necessary.

I'm looking to roll out ACS more widely (i.e., at geographically distant new sites) and would like to drop a new appliance in the new sites without a forklift upgrade of my existing Hqs setup.

4 REPLIES
Community Member

Re: ACS 4.0 as master for 1121 Applicance with 5.1

Hi,

The ACS 4.0 can be the Primary for authentication method for the aaa clients but the information cannot be replicated from ACS 4.0 to ACS 5.x.

Hope this help!

Hall of Fame Super Silver

Re: ACS 4.0 as master for 1121 Applicance with 5.1

Thank you, Erick. That information is helpful.

Do you have any link to the documentation that covers this aspect of integration? My review of what's out there didn't uncover anything obvious.

Community Member

Re: ACS 4.0 as master for 1121 Applicance with 5.1

Hi,

Basically the configuration needs to be done on the aaa clients.

You could configure the following.

Tacacs-server host x.x.x.x (IP address of the primary sever in your case ACS 4.0)

Tacacs-server host x.x.x.x (IP address of the primary sever in your case  ACS 5.x)

Tacacs-server key xxxxxxx

With this little configuration the aaa client will try first the ACS 4.0 and then the ACS 5.x.

Unfortunately ACS 4 and 5 cannot replicate each other.

Below is a link that will help you to configure aaa on IOS device.

http://tools.cisco.com/squish/734Fc

Hall of Fame Super Silver

Re: ACS 4.0 as master for 1121 Applicance with 5.1

Thanks Erick. Of course I can point my AAA clients to many disparate servers.

I was specifically asking whether the (lack of ) integration between ACS 4.x and ACS 5.x was covered in any Cisco documentation.

Between that issue and the (significant) price jump for "large" deployments (>500 devices require an additional license under 5.x whereas ACS 4.x did not limit the number of devices) it seems there's not a lot of incentive for customers to make the jump from ACS 4.x.

343
Views
6
Helpful
4
Replies
CreatePlease to create content