Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5830
Views
0
Helpful
2
Replies

how do I change the ip address on an ACS SE 5.4?

ccsmith705
Level 1
Level 1

‎08-13-2014 02:33 PM - edited ‎03-10-2019 09:56 PM

I have an ACS SE 5.4 and I need to change the IP address.  When I console into the sever and I try to change the IP address it just stays the same.  Tried stopping the ACS services first, go into config mode, interface Gigabit 0, ip address x.x.x.x mask x.x.x.x. It asks if I want to make the change and I answer Y.  When I look at the running-config it still shows the old IP address. Tried it several times stopping the ACS services then starting them, rebooting after making the change and it still has the old IP address. HELP?

Labels:
0 Helpful
2 Replies 2

kushsriva
Level 1
Level 1

‎08-13-2014 10:35 PM

Hi,

 

Are you trying to change the IP of an ACS Secondary box? If yes, please follow these steps:


1.       Take a configuration backup - if anything goes wrong you'll have something to
fall back on

a.       A configuration can be taken via:

GUI :
http://www.cisco.com/en/US/products/ps9911/products_tech_note09186a0080bcf133.shtml#topic1
N400024

or

CLI :
http://www.cisco.com/en/US/products/ps9911/products_tech_note09186a0080bcf133.shtml#topic3

b.      If you are using third-party-signed certificates then please export them along
with their private keys. You will need to do this on both ACSs

i.      Go to System Administration > Configuration > Local Server Certificates >
Local Certificates

                       ii.      Check the box next to the certificate that you use for EAP

                                                    iii.      Click on the "Export" button

         iv.      Follow the rest of the prompts to export the certificate AND private key

                            v.      Remember to repeat steps i to iv for the other ACS too

2.       De-register the Secondary ACS from the Primary

a.       Log into the GUI of the Primary ACS

b.      Go to System Administration > Operations > Distributed System Management

c.       Check the box next to the secondary ACS and click the "Deregister" button. This
will cause the processes on the secondary to restart.

d.      Once deregistered, check the box next to the secondary again and then click on the
"Delete" button

e.      Log into the GUI for the Secondary ACS (which will now be its own standalone
primary). If you can't get to the GUI yet, lot into the CLI for the secondary and use the
"show application status acs" command to check on the processes. You will need to make
sure that all the processes are up before trying the GUI.

f.        Once you've logged into the secondary's GUI, go to System Administration >
Operations > Distributed System Management

g.       Check the box next to the name of the primary ACS and click "Delete". You will
now have 2 standalone ACSs that know nothing about each other.

3.       Change the IP address on the Secondary ACS

a.       Go back to the secondary's CLI

b.      Change the IP address:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/command/re
ference/cli_app_a.html#wp1895375

c.       When the ACS has started up again, use the "show application status acs" command
to make sure that all the processes come up.

4.       Join the secondary to the primary - Now that the change has been made and all
processes are up it's time to join the ACS

a.       Log into the GUI of the original secondary

b.      Register the secondary to the primary:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide
/admin_operations.html#wp1056068

 

 

Regards,

Kush

0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎08-14-2014 03:11 PM

Changing the IP address of a Primary Instance from the Primary Server

To change the IP address of a primary ACS server:

Step 1 Log into the ACS primary web interface and Choose System Administration > Operations > Distributed System Management to deregister all the secondary ACS instances from the primary ACS server.

The Distributed System Management page is displayed.

Step 2 Check the check box near the secondary ACS instance one by one and click Deregister.

Make sure that the log collector is running in the primary ACS server before deregistering all secondary ACS instances. If the log collector is running in any one of the secondary ACS server, change the log collector to the primary ACS server.

To change the log collector, see Configuring the Log Collector.

Step 3 Check the checkboxes near the deregistered secondary ACS instances to delete all deregistered secondary ACS instances.

The deregistered secondary ACS instances are deleted.

Step 4 Log into the ACS server in Admin mode by entering:

acs-5-2-a/admin# conf t

Step 5 Enter the following commands:

int g 0

ip address old ip address new ip address

Step 6 Press Ctrl z.

The following warning message is displayed.

Changing the hostname or IP may result in undesired side effects, such as installed application(s) being restarted.Are you sure you want to proceed? [y/n]

Step 7 Press y

Step 8 Access the primary ACS server using the administrator mode and the new IP address.

Step 9 Use the command show application status acs to check if all process are running properly.

Step 10 Register the secondary instances to the primary ACS server.

See Registering a Secondary Instance to a Primary Instance

0 Helpful
Customers Also Viewed These Support Documents