Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Primary Cisco ACS - Invalid Administration Connection

Is it possible to change Access Policy from command line?

3 REPLIES
Cisco Employee

Re: Primary Cisco ACS - Invalid Administration Connection

I am not sure which release and which specific functionality you are refering to

If this is ACS 5.1 and the Accsess Settings functionality that allows to define which IPs are or are not allowed access to the administrative interface then this can be reset using the following command from the ACS CLI:

acs-config

access-setting accept-all

should then see:

access setting allows all IP addresses to connect

Cisco Employee

Re: Primary Cisco ACS - Invalid Administration Connection

Access policy can't be modified from CLI. This could be computer specific issue. Have you tried accessing ACS GUI page from different machines?


If its machine specific issue then you may check few things


If we are using Proxy server then make sure that the proxy server's ip address is allowed, check the proxy server settings from:

Pull up a web browser > Tools > Internet Option > Connections > LAN Settings

Make sure that we have JAVA installed, and also go to Control Pannel > choose JAVA> Network Settings > And make sure its using browser settings.

Also, if its working from other machines, I would suggest you to use the HTTP port allocation feature to configure the range of TCP ports
that ACS uses for administrative HTTP sessions.

HTTP Port Allocation for Administrative Sessions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp821288

Regrads,

JK


Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Primary Cisco ACS - Invalid Administration Connection

i can't access to ACS because i checked the "Allow only listed IP addresses to connect" option in "Access Policy Setup". And now i can't login via HTTP.

thnks

571
Views
6
Helpful
3
Replies