Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bulk import of switches into ACS

i have a new acs 1120 running 5.1.0.44

i have over 1000 cisco switches to add to this ( good thing i have the unlimted lic) .

All of the switches for the most part are the same type is there a way to bulk import these switches into the ACS? Bascially say hey 192.1.1.1-253 is a certain switch.

The 2nd part of this question is im pretty sure i am going to have to log into ever switch to config it to talk to the ACS any way around that?

Thanks for the help

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Bulk import of switches into ACS

What you need to do is as follows:

1) Go toNetwork Resources> Network Devices and AAA Clients. Devices can be imported from here

2) Press File Operations then Add, then Next and "Download "Add" Template"

You will get a file similar to the following (this is what is displayed by default for ACS 5.1)

name:String(64):Required,description:String(1024),subnets:Subnets(a.b.c.d/m;...):Required,"supportRADIUS:Boolean(true,false):Required",radiusSecret:String(32),"supportTACACS:Boolean(true,false):Required",tacacsSecret:String(32),"singleconnect:Boolean(true,false)","legacyTACACS:Boolean(true,false)",Location:String(256),Device Type:String(256)

3) This line must be retained as is for the first line of the import file and also defines the structure of each data record that corresponds to a device defintions. For devices that will only do TACACS the following can be used to define an entry:

device1,,1.2.3.4/32,false,,true,cisco,false,false,All Locations:US,All Device Types:Switch

///explanation

device1,                   /// name

,                              /// description, empty

1.2.3.4/32,               /// subnet - this is in fact IP address 1.2.3.4

false,                       ///  not support RADIUS

,                              /// empty, shared secret

true,                         /// support T+

cisco,                       /// T+ shared secret

false,                        /// singleConnect

false,                        ///  legacyTACACS

All Locations:US,         // location NDG

All Device Types:Switch  // Device Type

Add a line/entry for each device you want to add duing the import process

4) Now import the new definitions

Select File Operations then Add, then Next and Next and can then define the file to be imported and then press "Finish"

6 REPLIES
Cisco Employee

Re: Bulk import of switches into ACS

On the first part of your question there is a bulk mechanism to import device definitions from a csv file. It can be used to

set the shared secret IP address. If you want to follow this approach you should decide first how you want to divide your devices into device groups and define these groups first. By default there is a device group hierarchy for "Device Type" and "Location"

New Member

Re: Bulk import of switches into ACS

They are grouped by location and they are all the same type. Is there a sample csv any where? and where inside the ACS is the mech for uploading that file?

Cisco Employee

Re: Bulk import of switches into ACS

What you need to do is as follows:

1) Go toNetwork Resources> Network Devices and AAA Clients. Devices can be imported from here

2) Press File Operations then Add, then Next and "Download "Add" Template"

You will get a file similar to the following (this is what is displayed by default for ACS 5.1)

name:String(64):Required,description:String(1024),subnets:Subnets(a.b.c.d/m;...):Required,"supportRADIUS:Boolean(true,false):Required",radiusSecret:String(32),"supportTACACS:Boolean(true,false):Required",tacacsSecret:String(32),"singleconnect:Boolean(true,false)","legacyTACACS:Boolean(true,false)",Location:String(256),Device Type:String(256)

3) This line must be retained as is for the first line of the import file and also defines the structure of each data record that corresponds to a device defintions. For devices that will only do TACACS the following can be used to define an entry:

device1,,1.2.3.4/32,false,,true,cisco,false,false,All Locations:US,All Device Types:Switch

///explanation

device1,                   /// name

,                              /// description, empty

1.2.3.4/32,               /// subnet - this is in fact IP address 1.2.3.4

false,                       ///  not support RADIUS

,                              /// empty, shared secret

true,                         /// support T+

cisco,                       /// T+ shared secret

false,                        /// singleConnect

false,                        ///  legacyTACACS

All Locations:US,         // location NDG

All Device Types:Switch  // Device Type

Add a line/entry for each device you want to add duing the import process

4) Now import the new definitions

Select File Operations then Add, then Next and Next and can then define the file to be imported and then press "Finish"

New Member

Re: Bulk import of switches into ACS

ok that worked like a charm  any idea on question 2 LOL

Cisco Employee

Re: Bulk import of switches into ACS

I don't see any way to get around configuring each of the switches.

Re: Bulk import of switches into ACS

1. If those Cisco devices are managed by something like CSM (Cisco Security Manager - might not support low end switch), you can push the new AAA configuration by using CSM.

Or

2. You can write a script to do the job for you. You can use the interactive script like "Expect" or if you are using secureCRT, it can run the VB, Java and Perl script directly from it.

Or

3. Manually do it.

2206
Views
5
Helpful
6
Replies
CreatePlease login to create content