Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ACS 5.5 - Upgrade procedure

[toc:faq]

Introduction

Due to the release of the Multiple Vulnerabilities in Cisco Secure Access Control System advisory an upgrade to ACS 5.5 is now required.


5.0 5.1 5.2 5.3 5.4
Cisco Secure ACS RMI Privilege Escalation Vulernability Migrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or later Migrate to 5.5
Cisco Secure ACS RMI Unauthenticated User Access VulnerabilityMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or later Migrate to 5.5
Cisco Secure ACS Operating System Command Injection VulnerabilityMigrate to 5.4 or laterMigrate to 5.4 or laterMigrate to 5.4 or later Migrate to 5.4 or later 5.4 Patch 3
First Fixed release for all vulnerabilities in this advisory
5.5

New and Changed Features

The following sections briefly describe the new and changed features in the 5.5 release:

Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html#pgfId-71092

Steps to upgrade to 5.5

Due to CSCum04132 and CSCum26584, the following steps should be followed:

  • Install the appropiate Pointed patch available for the current ACS version.

          For 5.3 --> Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg

          For 5.4 --> Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg


  • Install the 5.5 upgrade package: ACS_5.5.0.46.tar.gz

  • Install the cumulative 5.5 patch: 5-5-0-46-1.tar.gpg

  • To upgrade from ACS 5.4 to 5.5 patch-1, it is important to run the command "database-compress"  prior to installing the Pointed Patch.

Note: In case of a Distributed deployment scenario, please deregister the secondary from the primary before the upgrade. Once both appliances run 5.5, including the cumulatve patch, register the secondary again.

Useful commands

  • show version

  • show repository your_repository

  • show application status acs

  • acs install patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg repository your_repository

  • application upgrade ACS_5.5.0.46.tar.gz your_repository

HTH.

- Javier

Version history
Revision #:
1 of 1
Last update:
‎03-03-2014 09:29 AM
Updated by:
 
Labels (1)
Comments
New Member

To upgrade from ACS 5.4 to 5.5 patch-1, it is VERY important to you need to run "compress-database" in ACS 5.4 prior to installing the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg. 

It happened to me when I tried to upgrade from ACS 5.4 to ACS 5.5 patch-1.  The upgrade was not successful unless I ran "compress-database" prior to the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg patch. 

After I ran "compress-database", I then applied the Pointed patch, then the upgrade to ACS 5.5 went very smoothly.

Hi,

I haven't needed to run the database compress command, but you are right it is a good step and it is part  of the success of the upgrade.

It is now included in the document.

Thanks for sharing your feedback.

New Member

Should the upgrade procedure also mention that if someone is running 5.0, 5.1 or 5.2 they should upgrade to 5.3 or 5.4 before uprgading to 5.5 ?

New Member

HI,

If I want to upgrade from ACS 5.5.0.46.x to 5.5.0.46.10, it can be done with the file 5-5-0-46-10.tar.gpg ?

Running the command:

  • application upgrade 5-5-0-46-10.tar.gpg repository-name

Thanks