Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Batch import of NAS in Cisco Secure v2.6??

Hiya,

We are running Cisco Secure v2.6 & want to add all our routers in as "Network Access Servers" so that we can authenticate against NT accounts.

The problem we have got is not with the configuration but the addition of some 300 routers - quite a long process as im sure you can imagine!

Is there anyway to batch import all these routers - in a similar way to users? Have tried passing the various parameters in the URL but this does not seem to work (Think theres some clever java encrypting it or aomething).

Any suggestions would be gratefull recieved!

Paul Woolnough

paul.woolnough@isis.suffolkcc.gov.uk

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Batch import of NAS in Cisco Secure v2.6??

In addition to the documented CSUtil capabilities at

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt24/csnt24ug/apimport.htm

(CiscoSecure ACS Command-Line Database Utility), CSutil can also be used to import NAS devices. It will import them from a text file that lists the NAS devices as well as their hostname (local significance only), ip address, key and protocol.

This is a sample file that represents the syntax/format used for this import:

ONLINE

ADD_NAS:router1:IP:10.31.1.51:KEY:cisco:VENDOR:CISCO_T+

ADD_NAS:router2:IP:10.31.1.52:KEY:cisco:VENDOR:CISCO_R

Here we see two NAS devices listed - router1 and router2, both using the key of "cisco", and the ip addresses are pretty easy to identify there. And since router1 lists the paramater "CISCO_T+", it will be imported as using tacacs+; we see a similar format for the router2 NAS, which will be imported as using radius.

With the keyword "ONLINE" at the beginning of the file, the NAS devices will be imported while ACS is still up and running. This will be a slow process, but it allows the import to take place without downing the ACS server. If you would like to pause the ACS services temporarily while you perform this import, you can substitute "OFFLINE" for "ONLINE." The import would then complete much faster.

So the first task would be to construct a text file using the above format, and for our example we will say that file has been named fred.txt. Once this file been created, you will want to copy that text file to the following directory:

C:\Program Files\CiscoSecure ACS v2.6\Utils

Then at a command prompt, navigate to that same directory and execute this command:

CSUtil -i fred.txt

1 REPLY
Cisco Employee

Re: Batch import of NAS in Cisco Secure v2.6??

In addition to the documented CSUtil capabilities at

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt24/csnt24ug/apimport.htm

(CiscoSecure ACS Command-Line Database Utility), CSutil can also be used to import NAS devices. It will import them from a text file that lists the NAS devices as well as their hostname (local significance only), ip address, key and protocol.

This is a sample file that represents the syntax/format used for this import:

ONLINE

ADD_NAS:router1:IP:10.31.1.51:KEY:cisco:VENDOR:CISCO_T+

ADD_NAS:router2:IP:10.31.1.52:KEY:cisco:VENDOR:CISCO_R

Here we see two NAS devices listed - router1 and router2, both using the key of "cisco", and the ip addresses are pretty easy to identify there. And since router1 lists the paramater "CISCO_T+", it will be imported as using tacacs+; we see a similar format for the router2 NAS, which will be imported as using radius.

With the keyword "ONLINE" at the beginning of the file, the NAS devices will be imported while ACS is still up and running. This will be a slow process, but it allows the import to take place without downing the ACS server. If you would like to pause the ACS services temporarily while you perform this import, you can substitute "OFFLINE" for "ONLINE." The import would then complete much faster.

So the first task would be to construct a text file using the above format, and for our example we will say that file has been named fred.txt. Once this file been created, you will want to copy that text file to the following directory:

C:\Program Files\CiscoSecure ACS v2.6\Utils

Then at a command prompt, navigate to that same directory and execute this command:

CSUtil -i fred.txt

129
Views
5
Helpful
1
Replies
CreatePlease to create content