Primary Cisco ACS - Invalid Administration Connection

martimanya · ‎03-23-2010

Is it possible to change Access Policy from command line?

jrabinow · ‎03-23-2010

I am not sure which release and which specific functionality you are refering to

If this is ACS 5.1 and the Accsess Settings functionality that allows to define which IPs are or are not allowed access to the administrative interface then this can be reset using the following command from the ACS CLI:

acs-config

access-setting accept-all

should then see:

access setting allows all IP addresses to connect

Jatin Katyal · ‎03-23-2010

Access policy can't be modified from CLI. This could be computer specific issue. Have you tried accessing ACS GUI page from different machines?

If its machine specific issue then you may check few things

If we are using Proxy server then make sure that the proxy server's ip address is allowed, check the proxy server settings from:

Pull up a web browser > Tools > Internet Option > Connections > LAN Settings

Make sure that we have JAVA installed, and also go to Control Pannel > choose JAVA> Network Settings > And make sure its using browser settings.

Also, if its working from other machines, I would suggest you to use the HTTP port allocation feature to configure the range of TCP ports
that ACS uses for administrative HTTP sessions.

HTTP Port Allocation for Administrative Sessions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp821288

Regrads,

JK

Plz rate helpful posts-

~Jatin

martimanya · ‎03-23-2010

i can't access to ACS because i checked the "Allow only listed IP addresses to connect" option in "Access Policy Setup". And now i can't login via HTTP.

thnks