Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1871
Views
5
Helpful
1
Replies

Batch import of NAS in Cisco Secure v2.6??

Go to solution
phpearce
Level 1
Level 1

‎08-14-2003 12:23 PM - edited ‎03-10-2019 07:26 AM

Hiya,

We are running Cisco Secure v2.6 & want to add all our routers in as "Network Access Servers" so that we can authenticate against NT accounts.

The problem we have got is not with the configuration but the addition of some 300 routers - quite a long process as im sure you can imagine!

Is there anyway to batch import all these routers - in a similar way to users? Have tried passing the various parameters in the URL but this does not seem to work (Think theres some clever java encrypting it or aomething).

Any suggestions would be gratefull recieved!

Paul Woolnough

paul.woolnough@isis.suffolkcc.gov.uk

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎08-15-2003 05:55 PM

In addition to the documented CSUtil capabilities at

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt24/csnt24ug/apimport.htm

(CiscoSecure ACS Command-Line Database Utility), CSutil can also be used to import NAS devices. It will import them from a text file that lists the NAS devices as well as their hostname (local significance only), ip address, key and protocol.

This is a sample file that represents the syntax/format used for this import:

ONLINE

ADD_NAS:router1:IP:10.31.1.51:KEY:cisco:VENDOR:CISCO_T+

ADD_NAS:router2:IP:10.31.1.52:KEY:cisco:VENDOR:CISCO_R

Here we see two NAS devices listed - router1 and router2, both using the key of "cisco", and the ip addresses are pretty easy to identify there. And since router1 lists the paramater "CISCO_T+", it will be imported as using tacacs+; we see a similar format for the router2 NAS, which will be imported as using radius.

With the keyword "ONLINE" at the beginning of the file, the NAS devices will be imported while ACS is still up and running. This will be a slow process, but it allows the import to take place without downing the ACS server. If you would like to pause the ACS services temporarily while you perform this import, you can substitute "OFFLINE" for "ONLINE." The import would then complete much faster.

So the first task would be to construct a text file using the above format, and for our example we will say that file has been named fred.txt. Once this file been created, you will want to copy that text file to the following directory:

C:\Program Files\CiscoSecure ACS v2.6\Utils

Then at a command prompt, navigate to that same directory and execute this command:

CSUtil -i fred.txt

View solution in original post

1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎08-15-2003 05:55 PM

In addition to the documented CSUtil capabilities at

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt24/csnt24ug/apimport.htm

(CiscoSecure ACS Command-Line Database Utility), CSutil can also be used to import NAS devices. It will import them from a text file that lists the NAS devices as well as their hostname (local significance only), ip address, key and protocol.

This is a sample file that represents the syntax/format used for this import:

ONLINE

ADD_NAS:router1:IP:10.31.1.51:KEY:cisco:VENDOR:CISCO_T+

ADD_NAS:router2:IP:10.31.1.52:KEY:cisco:VENDOR:CISCO_R

Here we see two NAS devices listed - router1 and router2, both using the key of "cisco", and the ip addresses are pretty easy to identify there. And since router1 lists the paramater "CISCO_T+", it will be imported as using tacacs+; we see a similar format for the router2 NAS, which will be imported as using radius.

With the keyword "ONLINE" at the beginning of the file, the NAS devices will be imported while ACS is still up and running. This will be a slow process, but it allows the import to take place without downing the ACS server. If you would like to pause the ACS services temporarily while you perform this import, you can substitute "OFFLINE" for "ONLINE." The import would then complete much faster.

So the first task would be to construct a text file using the above format, and for our example we will say that file has been named fred.txt. Once this file been created, you will want to copy that text file to the following directory:

C:\Program Files\CiscoSecure ACS v2.6\Utils

Then at a command prompt, navigate to that same directory and execute this command:

CSUtil -i fred.txt

Customers Also Viewed These Support Documents