manualshive.com logo in svg

Cisco CSACS-1121-K9, Reference Manual

The Cisco CSACS-1121-K9 is a versatile network access control and authentication device. For a comprehensive understanding of its features and setup, users can easily access the Reference Manual, available for free download from our website. Empower your network security with this essential resource.

Share
Download
background image

 

A-94

CLI Reference Guide for the Cisco Secure Access Control System 5.1

OL-18996-01

Appendix A      ACS Command Reference

    ACS Configuration Commands

Syntax Description

No arguments or keywords.

Defaults

None.

Command Modes

ACS Configuration

Usage Guidelines

Use the 

access-setting accept-all

 command when all system administrators' access to an ACS node 

through the GUI is blocked. This problem occurs when an administrator defines an access list that 
includes all IP addresses and blocks access to the GUI.

When you issue this command, IP address filtering is set to allow all IP addresses to connect the 
management pages, but the IP addresses defined in the IP Ranges table to allow or reject the IP addresses 
to access the management pages are not reset; therefore, you can reuse this table to set IP address 
filtering.

Examples

acs/admin(config-acs)# 

access-setting accept-all

access setting allows all IP addresses to connect

acs/admin(config-acs)#

debug-adclient

To enable debug logging for an Active Directory client, use the 

debug-adclient

 command in the ACS 

Configuration mode. To disable debug logging for an Active Directory client, use the 

no

 form of this 

command. Only the network-device admin can enable or disable debug logging for an Active Directory 
client.

debug-adclient enable

Syntax Description

No arguments or keywords.

Defaults

Disabled.

Command Modes

ACS Configuration

Usage Guidelines

When you set the log level of debug logs to DEBUG for the following components, the active directory 
client logs are automatically enabled. Similarly, when you disable the DEBUG log level on one of these 
components, the active directory logs are disabled:

  •

all

  •

mgmt

Summary of Contents for CSACS-1121-K9

Page 1: ... Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 CLI Reference Guide for the Cisco Secure Access Control System 5 1 Text Part Number OL 18996 01 ...

Page 2: ...TIES EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR I...

Page 3: ...User Accounts and Modes in ACS 1 1 Types of Command Modes in ACS 1 5 EXEC Commands 1 5 EXEC or System Level Commands 1 5 Show Commands 1 7 ACS Configuration Commands 1 8 Configuration Commands 1 10 CLI Audit 1 11 C H A P T E R 2 Using the ACS Command Line Interface 2 1 Before Accessing the ACS CLI 2 1 Starting the CSACS 1121 2 2 Running Setup to Configure ACS 2 2 Accessing the ACS CLI 2 3 Supporte...

Page 4: ...P P E N D I X A ACS Command Reference A 1 EXEC Commands A 4 acs instance A 4 acs process A 6 acs backup A 7 acs config A 9 acs config web interface A 13 acs delete core A 13 acs delete log A 14 acs patch A 15 acs reset config A 16 acs reset password A 17 acs restore A 18 acs support A 20 application install A 23 application remove A 24 application reset config A 25 application start A 26 applicati...

Page 5: ...sion welcome A 54 terminal terminal type A 55 traceroute A 55 undebug A 56 write A 58 Show Commands A 59 show acs config web interface A 60 show acs cores A 60 show acs logs A 61 show application A 64 show backup history A 67 show cdp A 68 show clock A 69 show cpu A 69 show disks A 71 show icmp status A 72 show interface A 74 show inventory A 75 show logging A 76 show logins A 78 show memory A 78 ...

Page 6: ...adclient A 94 debug log A 95 decrypt support bundle A 98 export data A 98 import data A 100 import export abort A 101 import export status A 103 no debug adclient A 104 no debug log A 105 replication force sync A 107 reset management interface certificate A 108 show debug adclient A 109 show debug log A 110 Configuration Commands A 112 backup staging url A 113 cdp holdtime A 114 cdp run A 114 cdp ...

Page 7: ...A 126 ip route A 127 kron occurrence A 129 kron policy list A 130 logging A 132 ntp server A 133 password policy A 134 repository A 135 service A 137 shutdown A 137 snmp server community A 138 snmp server contact A 139 snmp server host A 139 snmp server location A 140 username A 141 G L O S S A R Y I N D E X ...

Page 8: ...Contents viii CLI Reference Guide for the Cisco Secure Access Control System 5 1 OL 18996 01 ...

Page 9: ...umentation page xi Obtaining Documentation and Submitting a Service Request page xii Note Use this guide in conjunction with the documentation listed in Related Documentation page xi Who Should Read This Guide The majority of the instructions in this guide are straightforward however a few are complex Therefore only experienced users should use these instructions Note Use this guide in conjunction...

Page 10: ... of data Chapter Title Description Chapter 1 Overview of the ACS Command Line Interface Provides an overview of the ACS CLI environment and command modes Chapter 2 Using the ACS Command Line Interface Describes how you can access and administer ACS from the CLI Appendix A ACS Command Reference Provides a complete description of all the commands Convention Description bold font Commands and keyword...

Page 11: ... 5 1 Release Notes for the Cisco Secure Access Control System 5 1 For details on locating these documents refer to the License and Documentation Guide for the Cisco Secure Access Control System Release 5 1 available at http www cisco com en US docs net_mgmt cisco_secure_access_control_system 5 1 license_doc guide acs_51_lic_doc_gd html Table 1 Updates to CLI Reference Guide for the Cisco Secure Ac...

Page 12: ...tion see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set content to be delivered directly to your desktop using a reader application The RSS feeds are a fre...

Page 13: ...m the configuration and monitoring tasks that this guide describes The following sections describe the ACS CLI Accessing the ACS Command Environment page 1 1 User Accounts and Modes in ACS page 1 1 Types of Command Modes in ACS page 1 5 CLI Audit page 1 11 Accessing the ACS Command Environment You can access the ACS CLI through a secure shell SSH client or the console port using one of the followi...

Page 14: ... the first time While an Admin can create and manage Operator user accounts which have limited privileges and access to the ACS server an Admin account provides you the functionality you require to use the ACS CLI To create more users with admin and operator privileges with SSH access to the ACS CLI you must run the username command in the Configuration mode see Types of Command Modes in ACS page ...

Page 15: ...rver ip route kron logging commands mkdir nslookup ntp server password policy patch ping reload replication repository reset management interface certificate restore commands rmdir service show acs cores show acs logs show acs config web interface show application show backup show cdp show clock show cpu show debug adclient show debug log show disks show icmp_status show interface Table 1 1 Comman...

Page 16: ...ame and password show inventory show ip route show logging show logins show memory show ntp show ports show process show repository show restore show running configuration show startup configuration show tac show tech support show terminal show timezone show timezones show udi show uptime show users show version snmp server commands ssh ssh keygen ssh rmkey tech telnet terminal traceroute undebug ...

Page 17: ...the ACS configuration related commands See ACS Configuration Commands page 1 8 Configuration Use the commands in this mode to perform additional configuration tasks in ACS See Configuration Commands page 1 10 EXEC Commands EXEC commands primarily include system level commands such as show and reload for example application installation application start and stop copy files and installations restor...

Page 18: ...rforms a backup of all the logs on ACS to a remote location clock Sets the system clock on the ACS server configure Enters the Configuration mode copy Copies any file from a source to a destination debug Displays any errors or events for various command situations for example backup and restore configuration copy resource locking file transfer and user management delete Deletes a file in the ACS s...

Page 19: ...or example backup and restore configuration copy resource locking file transfer and user management write Copies displays or erases the running ACS server information Table 1 2 Summary of EXEC Commands continued Command Description Table 1 3 Summary of Show Commands Command Description acs cores Displays ACS run time core files and JVM core logs acs logs Displays ACS server debug logs acs config w...

Page 20: ...he status of the Network Time Protocol NTP servers ports Displays all the processes listening on the active ports process Displays information about the active processes of the ACS server repository requires keyword Displays the file contents of a specific repository restore requires keyword Displays the restore history in ACS running config Displays the contents of the configuration file that cur...

Page 21: ...mote repository to an ACS local store Only users who have Create Read Update and Delete CRUD permissions to a specific configuration object in the GUI can import that particular configuration data to an ACS local store import export ab ort Aborts specific or all import and export processes Only the super admin can simultaneously abort a running process and all pending import and export processes H...

Page 22: ...ry of Configuration Commands Command Description backup staging url Specifies a Network File System NFS temporary space or staging area for the remote directory for backup and restore operations cdp holdtime Specifies the amount of time the receiving device should hold a CDP packet from the ACS server before discarding it cdp run Enables CDP cdp timer Specifies how often the ACS server sends CDP u...

Page 23: ...ard logs to a remote system logging loglevel Configures the log level for the logging command no Disables or removes the function associated with the command ntp Synchronizes the software clock through the NTP server for the system password policy Enables and configures the password policy repository Enters the repository submode service Specifies the type of service to manage snmp server communit...

Page 24: ...eletes an ACS run time core file or JVM core log acs delete log Deletes an ACS run time core file or JVM core log excluding the latest log backup logs Backs up system logs acs patch Installs and removes ACS patches acs support Gathers information for ACS troubleshooting Table 1 8 ACS Configuration Mode Commands for the Operation Log Command Description access setting accept all Resets the IP addre...

Page 25: ...rstanding Command Modes page 2 6 Navigating the CLI Commands page 2 10 Where to Go Next page 2 13 Before Accessing the ACS CLI Before logging in to the ACS CLI review the tasks that you should have completed during hardware installation Note These sections only provide an overview of the installation and configuration process for the CSACS 1121 For detailed information see the Installation and Upg...

Page 26: ...tion on connecting cables see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5 1 Step 3 Power up the CSACS 1121 The appliance boots automatically and the setup utility appears see Running Setup to Configure ACS page 2 2 Running Setup to Configure ACS When you power up the CSACS 1121 appliance for the first time you are prompted to run the setup utility to configure t...

Page 27: ...e following login prompt appears machine_name login where machine_name identifies the hostname that you specified In this example this prompt appears ACS login To log in use the administrator user account and the corresponding password that you created during the setup process You must also use this Admin account to log in to the ACS CLI for the first time See Accessing the ACS CLI page 2 3 After ...

Page 28: ...rrow Delete and Backspace The CLI senses the use of the cursor control keys and automatically uses the optimal device characteristics see Supported Hardware and Software Platforms page 2 4 for more information To exit the CLI use the exit command from the EXEC mode If currently in one of the configuration modes and you want to exit the CLI enter the end exit Ctrl d or Ctrl z command to return to t...

Page 29: ...gned password for the administrator The SSH with the Add Profile window appears Step 6 Optional Enter a profile name in the text box and click Add to Profile Step 7 Click Close on the Add Profile window The ACS prompt acs admin appears You can now enter ACS CLI commands Opening the CLI Using a Local PC If you need to configure ACS locally without connecting to a wired LAN you can connect a PC to t...

Page 30: ...ion Mode page 2 8 Configuration Submodes page 2 8 EXEC Mode When you start a session on ACS you begin in the Admin or EXEC mode From the EXEC mode you can enter the Configuration mode Most of the EXEC commands one time commands such as show commands display the current configuration status The Admin or EXEC mode prompt consists of the device name or hostname before a pound sign as shown acs admin ...

Page 31: ...ith CNTL Z acs config configuration mode The Configuration mode has several submodes each has its own prompt To enter these submodes you must first enter the Configuration mode by entering the configure terminal command To exit the Configuration mode enter the end exit or Ctrl z command To exit the EXEC mode enter the exit command To exit both Configuration and EXEC modes enter this sequence of co...

Page 32: ...on these commands remain across ACS server reboots but only if you run either of these commands copy running config startup config write memory To enter the Configuration mode run the configure or configure terminal conf t command in the EXEC mode When in the Configuration mode ACS expects configuration commands For example acs admin configure Enter configuration commands one per line End with CNT...

Page 33: ...down the interface acs admin config ethernet Enter the command that you want to configure for the interface This example uses the interface GigabitEthernet command Enter to display what you must enter next on the command line This example shows the available interface GigabitEthernet configuration submode commands acs admin config GigabitEthernet ip address Configure IP address acs admin config Gi...

Page 34: ...Network mask acs admin config GigabitEthernet ip address 172 16 0 1 Enter the keyword or argument that you want to use This example uses the 172 16 0 1 IP address Enter to display what you must enter next on the command line In this example you must enter a network mask A carriage return cr does not display therefore you must enter additional arguments to complete the command acs admin config Giga...

Page 35: ... to re enable a disabled function or to enable a function disabled by default for example an IP address enabled by default To disable the IP address use the no ip address command to re enable the IP address use the ip address command Configuration commands can also have a default form which returns the command settings to the default values Most commands disable by default so in such cases using t...

Page 36: ...ation command acs admin show running configuration You could have used acs admin sh run ACS expands the command sh run to show running configuration Another shortcut is pressing the Tab key after you type sh the ACS CLI fills in the best completion in this case show If the ACS CLI does not understand a command it repeats the entire command line and places a caret symbol under the point at which it...

Page 37: ...ing a smaller value for the screen length by using the terminal length EXEC command Command output will not pause if you set the length value to zero 0 Where to Go Next Now that you are familiar with some of the ACS CLI basics you can begin to configure ACS by using the CLI Remember that You can use the question mark and arrow keys to help you enter commands Each command mode restricts you to a se...

Page 38: ...2 14 CLI Reference Guide for the Cisco Secure Access Control System 5 1 OL 18996 01 Chapter 2 Using the ACS Command Line Interface Where to Go Next ...

Page 39: ...or more examples Throughout this appendix the ACS server uses the name acs in place of the ACS server s hostname Note If an error occurs in any command usage use the debug command to determine the cause of the error Before proceeding to use the ACS CLI commands familiarize yourself with disk space management in CSACS 1121 This section describes disk space management for the purpose of managing log...

Page 40: ...log 3 and so on Logrotate stores up to 10 log files at a given time The latest log information however is always stored in acsupgrade log In ACS logrotate runs as an hourly kron job and verifies the disk space allocated for the log files Management opt CSCOacs logs ACSManagementAudit log 55 opt CSCOacs logs ACSManagement log 1000 opt CSCOacs mgmt apache tomcat 5 5 20 logs 55 Runtime opt CSCOacs lo...

Page 41: ...S Configuration Commands page A 93 Configuration Commands page A 112 Table A 2 Log File Rotation Process Log File Number of Rotated Versions Monit opt CSCOacs logs monit log 10 Upgrade opt CSCOacs logs acsupgrade log 10 Management opt CSCOacs mgmt apache tomcat 5 5 20 logs catalina out 10 opt CSCOacs logs ACSManagement log 9 opt CSCOacs logs ACSManagementAudit log 10 opt CSCOacs logs MonitoringAnd...

Page 42: ...ands1 1 Commands marked with an asterisk represent those that are specific to ACS functionality acs instance acs process acs backup acs config acs config web interface acs delete core acs delete log acs patch acs reset config acs reset password acs restore acs support application install application remove application reset config application start application stop application upgrade backup backu...

Page 43: ...configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting backup Performs a backup ACS and ADE OS and places the backup in a repository backup logs Backs up system logs debug log Defines the local debug logging level for the...

Page 44: ...e will not be started If you do not configure an active directory and you stop the adclient process the CLI displays the following message adclient is not configured Attempting to stop it anyway If you start a view based ACS process on an ACS server that is not a log collector the CLI displays the following error message Error This is not a log collector node Cannot start proc name Where proc name...

Page 45: ...use ACS has high dependency on the ACS processes Examples Example 1 acs admin acs start database Starting database acs admin Example 2 acs admin acs stop database Stopping database acs admin Related Commands acs backup To back up an ACS configuration not including the ADE OS data use the acs backup command in the EXEC mode acs backup backup filename repository repository name Syntax Description De...

Page 46: ...able to use the show logging command or the show acs logs command if you are backing up ACS logs to view troubleshooting information Failures in the ACS aspect of the backup are clearly described on the terminal If you use this command on a secondary ACS no backup occurs You can use the ACS web interface to designate an ACS node to collect logs After you use this command a time stamp is added to t...

Page 47: ...icense backup staging url Configures a Network File System NFS location that backup and restore operations will use as a staging area to package and unpackage backup files debug log Defines the local debug logging level for the ACS components delete Deletes a file from the ACS server dir Lists a file from the ACS server kron occurrence Schedules one or more Command Scheduler commands to run at a s...

Page 48: ...you provide valid login credentials ACS prompts you to change your password for any of the following reasons Password expiration Account inactivity acs reset password command issued Super administrator has selected Change password on next login for an admin account through GUI When ACS prompts you to change your password enter your old password then a new password conforming to the password policy...

Page 49: ... Escape character is CNTL D Username acsadmin Password Administrator must change password Old password New password Confirm new password acs admin config acs Example 6 Failure acs admin acs config Escape character is CNTL D Username acsadmin Password Administrator must change password Old password Invalid value acs admin Example 7 Failure acs admin acs config Escape character is CNTL D Username ac...

Page 50: ... acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting backup Performs a backup ACS and ADE OS and places the backup in a repository backup logs Backs up system logs debug log Defines the ...

Page 51: ... the user password Cisco recommends that you disable these interfaces Examples Example 1 acs admin acs config web interface migration enable acs admin Example 2 acs admin acs config web interface disable acs admin Related Commands acs delete core To delete an ACS run time core file or JVM core log use the acs delete core command in the EXEC mode acs delete core filename migration ucp view Optional...

Page 52: ...77 log deleted successfully acs admin Related Commands acs delete log To delete an ACS run time core file or JVM core log excluding the latest one use the acs delete log command in the EXEC mode acs delete log filename Syntax Description Defaults No default behavior or values filename Name of the run time core file or JVM core log You can use up to 255 alphanumeric characters to specify the filena...

Page 53: ...og catalina 2008 12 10 log Log file catalina 2008 12 10 log deleted successfully acs admin Related Commands acs patch To install and remove ACS patches use the acs patch command in the EXEC mode acs patch install remove patch name tar gpg repository repository name Syntax Description Defaults Patch installations and removals are logged to opt CSCOacs logs acsupgrade log Command Description acs del...

Page 54: ...es Would you like to continue Y N Related Commands acs reset config To reset the ACS configuration to factory defaults use the acs reset config command in the EXEC mode acs reset config Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes EXEC Usage Guidelines If you use the acs reset config command to reset your ACS to the factory default configuration ...

Page 55: ...ves ACS patches acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting application reset config Resets an application configuration to factory defaults backup Performs a backup ACS and ADE OS and places the backup in a repository backup logs Backs up syst...

Page 56: ...ile name repository repository name Command Description acs instance Starts or stops an ACS instance acs backup Performs a backup of an ACS configuration acs config Enters the ACS Configuration mode acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs restore Performs a restoration of an ACS configuration acs support Gathers information f...

Page 57: ... it is available only in the file system You need not restore the backup file on a node that was not part of the deployment when the backup was performed as the new ACS node might not have any local certificates to associate with After a restoration is complete you must use the ACS web interface to designate an ACS node as a log collector backup file name Name of backup file Up to 100 alphanumeric...

Page 58: ...defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting backup Performs a backup ACS and ADE OS and places the backup in a repository backup logs Backs up system logs backup staging url Configures a Network File System NFS location that backup and...

Page 59: ...9 include local logs Includes logs that a customer can view via the CLI or the ACS web interface in the ACS support bundle number logs Includes the number of log files in the ACS support bundle that you specify with this argument By default logs are not included Specify a value between 0 and 999 include system logs Includes recent system logs in the ACS support bundle number logs Includes the numb...

Page 60: ... support command in ACS 5 1 ACS encrypts the support bundle You need to issue the decrypt support bundle command to decrypt the support bundle Possible errors are standard FTP and SCP error messages Examples acs admin acs support file01 repository myrepository description files to bundle for assistance include cores 3 include db secure include debug logs 10 include local logs 5 include system logs...

Page 61: ...he default setting acs restore Performs a restoration of an ACS configuration backup Performs a backup ACS and ADE OS and places the backup in a repository backup logs Backs up system logs debug log Defines the local debug logging level for the ACS components decrypt support bundle Decrypts an ACS support bundle export data Restores to the default local debug logging level of the ACS components re...

Page 62: ...d the running configuration to startup successfully acs admin Related Commands application remove To remove a specific application use the application remove command in the EXEC mode To remove this function use the no form of this command application remove application name Syntax Description Defaults No default behavior or values Command Modes EXEC Usage Guidelines Removes or uninstalls an applic...

Page 63: ...config acs Application successfully reset configuration acs admin Related Commands application start To enable a specific application use the application start command in the EXEC mode To remove this function use the no form of this command application start application name Command Description application install Installs an application bundle application start Starts or enables an application ap...

Page 64: ...ication stop application name Syntax Description Defaults No default behavior or values Command Modes EXEC start Enables an application bundle application name Name of the predefined application that you want to enable Up to 255 alphanumeric characters Command Description application install Installs an application bundle application remove Removes or uninstalls an application application stop Sto...

Page 65: ...r application upgrade operation is in progress you will see the following warning message An existing application install remove or upgrade is in progress Try again shortly Note You must upgrade the ADE OS to 1 2 0 146 version before you upgrade to ACS 5 1 You can perform ACS upgrade only on a standalone machine For more details refer to Installation and Upgrade Guide for the Cisco Secure Access C...

Page 66: ...S and ADE OS data and places the backup in a repository When you are using this command for ACS the backup files include Database Database files include data related to ACS as well as the ADE OS You can view backup files of the ADE OS at storedconfig storeddata Database password file dbcred cal located at opt CSCOacs conf Command Description application install Installs an application bundle appli...

Page 67: ...de acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting backup Performs a backup ACS and ADE OS and places the backup in a repository backup log...

Page 68: ...xamples acs admin backup logs mysyslogs repository myrepository Creating log backup with timestamped filename mysyslogs 081007 2130 tar gz acs admin Related Commands backup name Name of one or more files to back up Up to 100 alphanumeric characters repository Repository command repository name Location where files should be backed up to Up to 30 alphanumeric characters Command Description acs back...

Page 69: ...ck set Jan 4 05 05 05 2007 Clock was modified You must restart ACS Do you want to restart ACS now yes no yes Stopping ACS Starting ACS acs admin Related Commands show backup history Displays the backup history of the system show repository Displays the available backup files located on a specific repository Command Description set Sets the system clock month Current month of the year by name Up to...

Page 70: ...d in the EXEC mode Examples acs admin configure terminal Enter configuration commands one per line End with CNTL Z acs admin config Related Commands copy To copy any file from a source to a destination use the copy command in the EXEC mode The copy command in ACS copies a configuration running or startup Running Configuration The ACS active configuration stores itself in the ACS RAM Every configur...

Page 71: ... during the next reboot of the ACS server Once you are satisfied that the current configuration is correct copy your configuration to the startup configuration with the preceding command copy startup configuration running configuration Copies the startup configuration to the running configuration Merges the startup configuration on top of the running configuration copy protocol hostname location s...

Page 72: ...abbreviated form of the copy running config startup config command The entire copying process might take several minutes and differs from protocol to protocol and from network to network Use the filename relative to the directory for file transfers Examples Example 1 acs admin copy run start Generating configuration acs admin location Location of destination logs The system log files acs logs The ...

Page 73: ...shooting backup Performs a backup ACS and ADE OS and places the backup in a repository debug log Defines the local debug logging level for the ACS components delete Deletes a file from the ACS server dir Lists a file from the ACS server export data Restores to the default local debug logging level of the ACS components reload Reboots the system replication force sync Synchronizes the secondary ACS...

Page 74: ... being severe and 7 being all backup restore Backs up and restores files all Enables all debug output for backup restore Set level between 0 and 7 with 0 being severe and 7 being all backup Enables backup debug output for backup restore Set level between 0 and 7 with 0 being severe and 7 being all backup logs Enables backup logs debug output for backup restore Set level between 0 and 7 with 0 bein...

Page 75: ...ation debug output Set level between 0 and 7 with 0 being severe and 7 being all copy Copy commands Set level between 0 and 7 with 0 being severe and 7 being all locks Resource locking all Enables all resource locking debug output Set level between 0 and 7 with 0 being severe and 7 being all file Enables file locking debug output Set level between 0 and 7 with 0 being severe and 7 being all loggin...

Page 76: ...p infra ether write c 87 WriteEther wrote len 192 7 2826 cdp infra ether write c 112 cdpd write succeed 7 2826 cdp infra main c 128 Writing with retransmissiontime 60 Related Commands delete To delete a file from the ACS server use the delete command in the EXEC mode To remove this function use the no form of this command delete filename user User management all Enables all user management debug o...

Page 77: ...the deletion Examples acs admin delete myfile acs admin Related Commands dir To list a file from the ACS server use the dir command in the EXEC mode To remove this function use the no form of this command dir word recursive Syntax Description Defaults No default behavior or values Command Modes EXEC Usage Guidelines None Examples Example 1 acs admin dir filename Filename Up to 80 alphanumeric char...

Page 78: ...ytest Usage for disk filesystem 49741824 bytes total used 6815842304 bytes free 7233003520 bytes available acs admin Example 3 acs admin dir recursive Directory of disk 4096 Jul 16 2008 02 10 20 mytest 16384 Jul 02 2008 08 34 49 lost found 4096 Jul 11 2008 09 12 12 save config Directory of disk mytest No files in directory Directory of disk lost found No files in directory Directory of disk save c...

Page 79: ...e Guidelines Use the exit command in EXEC mode to exit an active session log out of the ACS server or to move up from the Configuration mode Examples acs admin exit Related Commands forceout To force users out of an active terminal session by logging them out of the ACS server use the forceout command in the EXEC mode forceout username Syntax Description Defaults No default behavior or values Comm...

Page 80: ...alt command while ACS is performing any of these operations you will get one of the following warning messages WARNING A backup or restore is currently in progress Continue with halt WARNING An install upgrade remove is currently in progress Continue with halt If you get any of these warnings enter YES to halt the operation or enter NO to cancel the halt If no processes are running when you use th...

Page 81: ... arguments that begin with the abbreviation that you entered List the keywords and arguments associated with a command enter a question mark in place of a keyword or argument on the command line This form of help is called command syntax help because it lists the keywords or arguments that apply based on the command keywords and arguments that you have already entered Examples acs admin help Help ...

Page 82: ... Jun 28 2007 14 34 27 test Usage for disk filesystem 88150016 bytes total used 44585803776 bytes free 47064707072 bytes available acs admin Related Commands nslookup To look up the hostname of a remote system on the ACS server use the nslookup command in the EXEC mode nslookup word Syntax Description Defaults No default behavior or values directory name The name of the directory to create Use disk...

Page 83: ... 165 209 in addr arpa 86400 IN NS ns2 cisco com 165 209 in addr arpa 86400 IN NS ns1 cisco com ADDITIONAL SECTION ns1 cisco com 86400 IN A 209 165 200 225 ns2 cisco com 86400 IN A 209 165 200 225 Received 146 bytes from 172 69 2 133 53 in 5 ms acs admin ping To diagnose basic network connectivity to a remote system use the ping command in the EXEC mode ping ip address hostname df df packetsize pac...

Page 84: ...0 302 303 557 306 812 3 255 ms pipe 2 acs admin reload To reload the ACS operating system use the reload command in the EXEC mode reload Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes EXEC Usage Guidelines The reload command halts the system Use the command after you enter configuration information into a file and save it to the startup configurati...

Page 85: ... message from root pts 0 Tue Oct 7 23 01 46 2008 The system is going down for reboot NOW acs admin Related Commands restore To perform a restore of a previous backup use the restore command in the EXEC mode A restore operation restores data related to ACS as well as the ADE OS To remove this function use the no form of this command restore filename repository repository name Syntax Description Def...

Page 86: ... the ACS Configuration mode acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubleshooting backup Performs a backup ACS and ADE OS and places the backup i...

Page 87: ...e Show Commands page A 59 show keyword Syntax Description Table A 5 provides a summary of the show commands Command Description dir Displays a list of files on the ACS server mkdir Creates a new directory Table A 5 Summary of Show Commands Command1 Description application requires keyword 2 Displays information about the installed application for example status or version backup requires keyword D...

Page 88: ...r startup config Displays the contents of the startup configuration on the ACS server tech support Displays system and configuration information that you can provide to the Cisco Technical Assistance Center TAC when reporting a problem terminal Displays information about the terminal configuration parameter settings for the current terminal line timezone Displays the time zone of the ACS server ti...

Page 89: ...nnection except that the connection is encrypted With authentication and encryption the SSH client allows for secure communication over an insecure network Examples Example 1 acs admin ssh delete hostkey mtm sun8 acs admin Example 2 acs admin ssh acs2 admin admin acs2 s password Last login Wed Jul 11 05 53 20 2008 from ACS cisco com acs2 admin ip address IP address of the remote system Up to 64 al...

Page 90: ...P ACS cisco com ssh dhcp 64 102 82 153 cisco com 2221 P 141248 141520 272 ack 1921 win 14144 08 26 12 034713 IP ACS cisco com ssh dhcp 64 102 82 153 cisco com 2221 P 141520 141680 160 ack 1921 win 14144 08 26 12 034754 IP ACS cisco com ssh dhcp 64 102 82 153 cisco com 2221 P 141680 141952 272 ack 1921 win 14144 08 26 12 034756 IP dhcp 64 102 82 153 cisco com 2221 ACS cisco com ssh ack 140064 win 6...

Page 91: ...ession use the terminal length command in the EXEC mode terminal length integer Syntax Description Defaults 24 lines Command Modes EXEC Usage Guidelines The system uses the length value to determine when to pause during multiple screen output Examples acs admin terminal length 0 acs admin ip address IP address of the remote system Up to 64 alphanumeric characters hostname Hostname of the remote sy...

Page 92: ...eout being set Examples acs admin terminal session timeout 40 acs admin Related Commands terminal session welcome To set a welcome message on the system for all users who log in to the system use the terminal session welcome command in EXEC mode terminal session welcome string Syntax Description Defaults No default behavior or values Command Modes EXEC minutes Sets the number of minutes for the in...

Page 93: ...sage Guidelines Indicate the terminal type if it is different from the default of VT100 Examples acs admin terminal terminal type vt220 acs admin traceroute To discover the routes that packets take when traveling to their destination address use the traceroute command in EXEC mode traceroute ip address hostname Syntax Description Command Description terminal session timeout Sets the inactivity tim...

Page 94: ...tion all Disables all debugging application Application files all Disables all application debug output install Disables application install debug output operation Disables application operation debug output uninstall Disables application uninstall debug output backup restore Backs up and restores files all Disables all debug output for backup restore backup Disables backup debug output for backup...

Page 95: ...y Copy commands locks Resource locking all Disables all resource locking debug output file Disables file locking debug output logging Logging configuration files all Disables all debug output for logging configuration snmp SNMP configuration files all Disables all debug output for SNMP configuration system System files all Disables all system files debug output id Disables system ID debug output i...

Page 96: ... or values Command Modes EXEC Usage Guidelines None Examples Example 1 acs admin write memory Generating configuration acs admin Example 2 acs admin write terminal Generating configuration hostname ACS ip domain name cisco com interface GigabitEthernet 0 ip address 209 165 200 225 255 255 255 224 interface GigabitEthernet 1 shutdown ip name server 209 165 201 1 Command Description debug Displays e...

Page 97: ...of its use command syntax usage guidelines and sample output Table A 6 lists the Show commands in the EXEC mode that this section describes Table A 6 List of EXEC Show Commands1 1 Commands marked with an asterisk represent those that are specific to ACS functionality show acs config web interface show acs cores show acs logs show application 2 show backup history show cdp show clock show cpu show ...

Page 98: ...cs config web interface Config web interface is enabled Example 2 acs admin show acs config web interface Config web interface is disabled Related Commands show acs cores To display the list of ACS run time core files and Java Virtual Machine JVM core logs use the show acs cores command in the EXEC mode show acs cores details Syntax Description Defaults The ACS core files are located at opt CSCOac...

Page 99: ... acs admin Example 3 acs admin show acs cores No ACS core files exist acs admin Related Commands show acs logs To display ACS server debug logs use the show acs logs command in the EXEC mode show acs logs details filename filename Syntax Description Command Description acs delete core Deletes an ACS run time core file or JVM core log acs delete log Deletes an ACS run time core file or JVM core log...

Page 100: ...nfiguration that are performed by administrators when using the ACS web interface or CLI ACSManagement log Stores information warning and debug messages from ACS web interface CLI and UCP web service components acsRuntime log Stores the debug logs from runtime subsystem acsupgrade log Stores the patch installation and upgrade operation logs monit log Stores information about the health of various ...

Page 101: ...og monit log MonitoringAndReportingAlert log MonitoringAndReportingCollector log MonitoringAndReportingDatabase log MonitoringAndReportingProcess log MonitoringAndReportingScheduler log MonitoringAndReportingUI log reportService 0 acs 2008Oct08_20_02_37_Pacific_Daylight_Time 0 log acsLocalStore log catalina out acs admin Example 2 acs admin show acs logs details Filesize kb Date Time Filename 26 O...

Page 102: ...cs process Starts or stops an ACS process acs backup Performs a backup of an ACS configuration acs config Enters the ACS Configuration mode acs delete core Deletes an ACS run time core file or JVM core log acs delete log Deletes an ACS run time core file or JVM core log excluding the latest log acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defa...

Page 103: ...r after the word count Output modifier variables see Table A 8 end End with line that matches Up to 80 alphanumeric characters exclude Exclude lines that match Up to 80 alphanumeric characters include Include lines that match Up to 80 alphanumeric characters last Display last few lines of output Add number after the word last Up to 80 lines to display Default 10 Output modifier variables see Table...

Page 104: ...in show application status acs ACS role PRIMARY ACS is busy applying a recent configuration change requiring enabling disabling of processes Status is unavailable Please check again in a minute acs admin This message appears when a set of processes change because of a view node selection or Active Directory configuration Status Description Running When the application is in running state Execution...

Page 105: ...EC Usage Guidelines None Examples Example 1 acs admin show backup history Wed Jul 18 12 55 21 UTC 2007 backup logs logs 0718 tar gz to repository fileserver007 success Wed Jul 18 12 55 53 UTC 2007 backup full 0718 tar gpg to repository fileserver007 success acs admin Example 2 acs admin show backup history backup history is empty Command Description application install Installs an application bund...

Page 106: ...0 seconds time to live of cdp packets is 180 seconds CDP is enabled on port GigabitEthernet0 acs admin Example 2 acs admin show cdp neighbors CDP Neighbor acs test2 Local Interface GigabitEthernet0 Device Type cisco WS C3560G 48PS Port GigabitEthernet0 36 Address 209 165 200 225 acs admin Command Description backup Performs a backup ACS and ADE OS and places the backup in a repository restore Rest...

Page 107: ...13 22 UTC 2008 acs admin Note The show clock output in the previous example includes Coordinated Universal Time UTC or Greenwich Mean Time GMT Great Britain or Zulu time see Tables A 16 A 17 and A 18 on pages A 94 and A 95 for sample time zones Related Commands show cpu To display CPU information use the show cpu command in the EXEC mode show cpu statistics Command Description cdp holdtime Specifi...

Page 108: ... Up to 80 alphanumeric characters include Include lines that match Up to 80 alphanumeric characters last Display last few lines of output Add number after the word last Up to 80 lines to display Default 10 Output modifier variables see Table A 9 Table A 9 Output Modifier Variables for Count or Last Output modifier variables begin Matched pattern Up to 80 alphanumeric characters count Count the num...

Page 109: ...and in the EXEC mode show disks Syntax Description Command Description show disks Displays the system information of all disks show memory Displays the amount of system memory that each system process uses Output modifier variables begin Matched pattern Up to 80 alphanumeric characters count Count the number of lines in the output Add number after the word count Output modifier variables see Table...

Page 110: ... icmp_status command in EXEC mode show icmp_status file Table A 10 Output Modifier Variables for Count or Last Output modifier variables begin Matched pattern Up to 80 alphanumeric characters count Count the number of lines in the output Add number after the word count Output modifier variables end End with line that matches Up to 80 alphanumeric characters exclude Exclude lines that match Up to 8...

Page 111: ...rs exclude Exclude lines that match Up to 80 alphanumeric characters include Include lines that match Up to 80 alphanumeric characters last Display last few lines of output Add number after the word last Up to 80 lines to display Default 10 Output modifier commands see Table A 11 Table A 11 Output Modifier Variables for Count or Last Output modifier variables begin Matched pattern Up to 80 alphanu...

Page 112: ...216 36ff fe56 61d2 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 8783423 errors 0 dropped 0 overruns 0 frame 0 TX packets 4178157 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 Command Description icmp echo Configures the Internet Control Message Protocol ICMP echo requests GigabitEthernet Shows the Gigabit Ethernet interface Either 0 or 1 Output m...

Page 113: ...tes 3587148 3 4 MiB sit0 Link encap IPv6 in IPv4 NOARP MTU 1480 Metric 1 RX packets 0 errors 0 dropped 0 overruns 0 frame 0 TX packets 0 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 0 0 0 b TX bytes 0 0 0 b acs admin Related Commands show inventory To display information about the hardware inventory including the ACS appliance model and serial number use the show inve...

Page 114: ...try 255 heads 63 sectors track 30401 cylinders NIC Count 2 NIC 0 Device Name eth0 NIC 0 HW Address 00 15 17 59 73 81 NIC 0 Driver Descr e1000 eth0 e1000_probe Intel R PRO 1000 Network Connect ion NIC 1 Device Name eth1 NIC 1 HW Address 00 15 17 59 73 82 NIC 1 Driver Descr e1000 eth1 e1000_probe Intel R PRO 1000 Network Connect ion Hard Disk Count may be Logical acs admin show logging To display th...

Page 115: ...e config as enabled Oct 7 13 24 51 localhost debugd 2050 3482 icmp icmputils_cli c 160 Got ICMP echo config on Oct 7 13 24 51 localhost debugd 2050 3482 icmp icmputils_cli c 167 Finished icmp echo response config generation Oct 7 13 24 51 localhost debugd 2050 3482 logging logutils_cli c 233 Generating logging config Oct 7 13 24 51 localhost debugd 2050 3482 logging logutils_cli c 253 Got Logserve...

Page 116: ...yword otherwise an error occurs Examples acs admin show logins cli admin pts 0 dhcp 64 102 82 1 Thu May 3 05 23 still logged in admin pts 0 dhcp 64 102 82 1 Thu May 3 04 31 05 11 00 39 admin pts 0 dhcp 64 102 82 1 Thu May 3 04 16 04 17 00 00 admin pts 0 dhcp 64 102 82 1 Thu May 3 03 53 04 16 00 22 wtmp begins Tue Oct 7 13 21 14 2008 acs admin show memory To display the memory usage of all the runn...

Page 117: ...NTP associations use the show ntp command in the EXEC mode show ntp Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes EXEC Usage Guidelines None Examples acs admin show ntp Primary NTP 1 ntp esl cisco com Secondary NTP 2 ntp esl cisco com synchronised to NTP server 209 165 202 129 at stratum 2 time correct to within 37 ms polling server every 128 s ac...

Page 118: ...s Up to 80 alphanumeric characters exclude Exclude lines that match Up to 80 alphanumeric characters include Include lines that match Up to 80 alphanumeric characters last Display last few lines of output Add number after the word last Up to 80 lines to display Default 10 Output modifier variables see Table A 12 Table A 12 Output Modifier Variables for Count or Last Output modifier variables begin...

Page 119: ...cess sshd 2776 tcp 22 Process java 10023 udp 20514 acs admin show process To display information about active processes use the show process command in the EXEC mode show process Syntax Description Defaults No default behavior or values Command Modes EXEC Usage Guidelines None Optional Output modifier variables begin Matched pattern Up to 80 alphanumeric characters count Count the number of lines ...

Page 120: ...ot 59 00 00 00 aio 1 root 38 00 00 00 khubd root 57 00 00 00 kswapd0 root 203 00 00 00 kseriod root 320 00 00 00 ata 0 root 321 00 00 00 ata 1 root 325 00 00 00 scsi_eh_0 root 326 00 00 00 scsi_eh_1 More press Spacebar to continue show repository To display the file contents of the repository use the show repository command in the EXEC mode show repository repository name Syntax Description Defaul...

Page 121: ...o success Tue Sep 4 03 46 15 PDT 2008 restore 11backup_Local File2 tar gpg from repository executeBackupRepo success Tue Sep 4 03 51 07 PDT 2008 restore 11backup_Local File2 tar gpg from repository executeBackupRepo success Tue Sep 4 03 54 35 PDT 2008 restore 11backup_Local File2 tar gpg from repository executeBackupRepo success Wed Sep 5 12 31 21 UTC 2008 restore cdromRestore tar gpg from reposit...

Page 122: ...ommand displays all of the configuration information Command Modes EXEC Usage Guidelines None Examples acs admin show running configuration Generating configuration hostname acs ip domain name cisco com interface GigabitEthernet 0 ip address 209 165 200 225 255 255 255 224 interface GigabitEthernet 1 shutdown clock timezone UTC username admin password groove role admin Command Description backup P...

Page 123: ...e 180 cdp run GigabitEthernet 0 icmp echo on acs admin Related Commands show startup configuration To display the contents of the startup configuration file or the configuration use the show startup configuration command in the EXEC mode show startup configuration Syntax Description No arguments or keywords Defaults The show startup configuration command displays all of the startup configuration i...

Page 124: ... 165 200 234 backup user bubba password gump More press Spacebar to continue Related Commands show tech support To display technical support information including e mail use the show tech support command in the EXEC mode show tech support file word Syntax Description Defaults Passwords and other security information do not appear in the output Command Modes EXEC Command Description configure Enter...

Page 125: ...r s 0x0736C7F6 0x0736C803 0x0736C808 0x0736C81F AZAX74601334 Displaying System Uptime 20 41 46 up 6 42 1 user load average 0 45 0 20 0 12 Display Memory Usage KB total used free shared buffers cached Mem 4148032 2951612 1196420 0 59440 1873920 buffers cache 1018252 3129780 Swap 8191992 0 8191992 Displaying Processes ax forest PID TTY STAT TIME COMMAND 1 S 0 00 init 3 2 S 0 00 migration 0 3 SN 0 00...

Page 126: ...th 25 lines Width 80 columns Session Timeout 30 minutes acs admin Table A 14 describes the fields of the show terminal output show timezone To display the time zone as set on the system use the show timezone command in the EXEC mode show timezone Syntax Description No arguments or keywords Table A 14 Show Terminal Field Descriptions Field Description TTY dev pts 0 Displays standard output to type ...

Page 127: ...elect use the show timezones command in the EXEC mode show timezones Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes EXEC Usage Guidelines See clock timezone page A 116 for examples of the time zones available for the ACS server Examples acs admin show timezones PST8PDT Hongkong Etc GMT 7 Etc GMT 12 Etc GMT 4 Etc GMT 13 Etc GMT 11 Etc GMT 1 Etc GMT ...

Page 128: ...6 Etc GMT 4 Etc GMT 9 Etc GMT 12 Etc GMT 2 Etc UCT Etc GMT 10 Etc GMT 0 Etc Greenwich Etc UTC Pacific Norfolk More Press Enter or Spacebar Related Commands show udi To display information about the CSACS 1121 s UDI use the show udi command in the EXEC mode show udi Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes EXEC Usage Guidelines None Command De...

Page 129: ...e the show uptime command in the EXEC mode show uptime Syntax Description Defaults No default behavior or values Command Modes EXEC Usage Guidelines None Examples acs admin show uptime 4 day s 16 36 58 acs admin Optional Output modifier variables begin Matched pattern Up to 80 alphanumeric characters count Count the number of lines in the output Add number after the word count end End with line th...

Page 130: ...nd Modes EXEC Usage Guidelines None Examples acs admin show users USERNAME ROLE HOST TTY LOGIN DATETIME admin Admin 209 165 200 225 pts 0 Tue Oct 7 19 21 00 2008 acs admin show version To display information about the software version of the system use the show version command in the EXEC mode show version Syntax Description No arguments or keywords Defaults No default behavior or values Command M...

Page 131: ...idelines and sample output To access the ACS Configuration mode you must use the acs config command in the EXEC mode This section describes the following Configuration commands access setting accept all debug adclient debug log decrypt support bundle export data import data import export abort import export status no debug adclient no debug log replication force sync reset management interface cer...

Page 132: ...ent pages are not reset therefore you can reuse this table to set IP address filtering Examples acs admin config acs access setting accept all access setting allows all IP addresses to connect acs admin config acs debug adclient To enable debug logging for an Active Directory client use the debug adclient command in the ACS Configuration mode To disable debug logging for an Active Directory client...

Page 133: ... debug logging for an Active Directory client debug log Defines the local debug logging level for the ACS components show debug log Shows the debug log level status for subsystems enabled or disabled show debug adclient Shows the debug log level status for an Active Directory client enabled or disabled show acs logs Displays ACS server debug logs component Selects local debug logging on the compon...

Page 134: ...customerlog runtime crypto runtime dataaccess runtime dbpassword runtime eap runtime event handler runtime idstores runtime infrastructure runtime logging runtime logging notification flow runtime message bus runtime message catalog runtime radius runtime rule engine runtime state manager runtime tacacs runtime xml config mgmt management If you select this component all other mgmt subcomponents ar...

Page 135: ... acs backup Performs a backup of an ACS configuration acs config Enters the ACS Configuration mode acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configuration acs support Gathers information for ACS troubles...

Page 136: ...g acs decrypt support bundle myrepostiory bundle tar gz Decrypting Support Bundle Repository myRepository Support Bundle bundle tar gz Decryption completed successfully decrypted bundle dec_28716 tar gz is located on your repository Related Commands export data To export the configuration data from an ACS local store to a remote repository use the command export data in the ACS Configuration mode ...

Page 137: ...is 1 acs admin config acs user host device idgroup ndg dacl cmdset Exports specific configuration data to the remote repository repository The remote repository to which to export the configuration data file name The file name to download the configuration data and store it in the remote repository result file name The filename to use when downloading the results of the export process to the remot...

Page 138: ...ords that do not match the records of the import file in the remote repository to the ACS local store user host device idgroup ndg dacl cmdset Imports the specified type of configuration data from the import file in the remote repository repository The remote repository from which to import the configuration data file name The import filename in the remote repository result file name The filename ...

Page 139: ...ogress Examples acs admin config acs import data add user repository01 file01 resultfile01 abort on error full password Import process Id is 2 acs admin config acs Related Commands import export abort To abort currently running queued or all import and export processes use the import export abort command in the ACS Configuration mode Only the super admin can simultaneously abort a running process ...

Page 140: ...export abort all Aborted process ID 20 50 pending processes are removed acs admin config acs Example 4 acs admin config acs import export abort id 3 Removed pending process ID 3 from queue acs admin config acs Example 5 acs admin config acs import export abort id 201 No such process ID 201 acs admin config acs Related Commands id Aborts the import or export processes with the specified ID whether ...

Page 141: ...n config acs Example 2 acs admin config acs import export status id 3 Process id 3 completed 10 out of 10 records are processed 0 failed acs admin config acs Example 3 acs admin config acs import export status id 4 Process id 3 is pending its number in the pending queue is 8 acs admin config acs import data Imports configuration data from a remote repository to an ACS local store import export sta...

Page 142: ...de Only the network device admin can enable or disable debug logging for an Active Directory client no debug adclient enable Syntax Description No arguments or keywords Defaults Disabled Command Modes ACS Configuration Usage Guidelines None Examples acs admin config acs no debug adclient enable acs admin config acs Related Commands Command Description export data Exports configuration data from an...

Page 143: ...time If you select this component all other runtime subcomponents are included see runtime items in the list below runtime admin runtime authenticators runtime authorization runtime config manager runtime config notification flow runtime customerlog runtime crypto runtime dataaccess runtime dbpassword runtime eap runtime event handler runtime idstores runtime infrastructure runtime logging show de...

Page 144: ...gmt aac mgmt bl mgmt cli mgmt gui mgmt system mgmt notification mgmt bus mgmt dbal mgmt replication mgmt distmgmt mgmt validation mgmt changepassword mgmt license mgmt acsview Examples acs admin config acs no debug log all Related Commands Command Description acs instance Starts or stops an ACS instance acs process Starts or stops an ACS process acs config Enters the ACS Configuration mode acs res...

Page 145: ...ion which remains unavailable for the duration of the synchronization process The duration of the synchronization process depends on the size of the ACS database it could take a significant amount of time to complete Ensure that you use this command when you do not need to access your ACS ACS restarts after the primary to secondary synchronization is complete Examples acs admin config acs replicat...

Page 146: ... certificate to the default self signed certificate acs backup Performs a backup of an ACS configuration acs config Enters the ACS Configuration mode acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of an ACS configurati...

Page 147: ...w self signed certificate with the management interface and establishes the connections between the new certificate and external policy and EAP servers In the subject name of the certificate host reset host refers to the ACS server name If the hostname is lnx 01 then the certificate s subject name would be lnx 01 reset Examples Example 1 Success acs admin config acs reset management interface cert...

Page 148: ...e following including the suboptions as a component runtime If you select this component all other runtime subcomponents are included see runtime items in the list below runtime admin runtime authenticators runtime authorization runtime config manager runtime config notification flow runtime customerlog runtime crypto Command Description debug adclient Enables debug logging for an Active Directory...

Page 149: ...ate manager runtime tacacs runtime xml config mgmt management If you select this component all other mgmt subcomponents are included see mgmt items in the list below mgmt audit mgmt common mgmt aac mgmt bl mgmt cli mgmt gui mgmt system mgmt notification mgmt bus mgmt dbal mgmt replication mgmt distmgmt mgmt validation mgmt changepassword mgmt license mgmt acsview Examples When the ACS server start...

Page 150: ...s or stops an ACS instance acs process Starts or stops an ACS process acs backup Performs a backup of an ACS configuration acs config Enters the ACS Configuration mode acs patch Installs and removes ACS patches acs reset config Resets the ACS configuration to factory defaults acs reset password Resets the acsadmin administrator password to the default setting acs restore Performs a restoration of ...

Page 151: ... Command Modes Configuration Usage Guidelines The URL is NFS only The format of the command is backup staging url nfs server path Table A 15 List of Configuration Commands backup staging url cdp holdtime cdp run cdp timer clock timezone do end exit hostname icmp echo interface ip address ip default gateway ip domain name ip name server ip route kron occurrence kron policy list logging ntp server p...

Page 152: ... default setting use the no form of this command cdp holdtime seconds Syntax Description Defaults 180 seconds Command Modes Configuration Usage Guidelines CDP packets transmit with a time to live or hold time value The receiving device will discard the CDP information in the CDP packet after the hold time has elapsed The cdp holdtime command takes only one argument otherwise an error occurs Exampl...

Page 153: ...how often the ACS server sends Cisco Discovery Protocol CDP updates use the cdp timer command in Configuration mode To revert to the default setting use the no form of this command cdp timer seconds Syntax Description Defaults 60 seconds Command Modes Configuration Usage Guidelines CDP packets transmit with a time to live or hold time value The receiving device will discard the CDP information in ...

Page 154: ... Guidelines The system internally keeps time in UTC If you do not know your specific time zone you can enter the region country and city see Tables A 16 A 17 and A 18 for sample time zones to enter on your system Command Description cdp holdtime Specifies the amount of time that the receiving device should hold a CDP packet from the ACS server before discarding it cdp run Enables CDP timezone Name...

Page 155: ...isbane Broken_Hill Canberra Currie Darwin Hobart Lord_Howe Lindeman LHI3 3 LHI Lord Howe Island Melbourne North NSW4 4 NSW New South Wales Perth Queensland South Sydney Tasmania Victoria West Yancowinna Table A 18 Asia Time Zones Asia1 1 The Asia time zone includes cities from East Asia Southern Southeast Asia West Asia and Central Asia Aden2 2 Enter the region and city or country together separat...

Page 156: ... do arguments Syntax Description Command Description show timezones Displays a list of available time zones on the system show timezone Displays the current time zone set on the system arguments The EXEC command to execute see Table A 19 Table A 19 Command Options for Do Command Command Description acs backup Performs a backup of an ACS configuration acs config mode Enters the ACS Configuration mo...

Page 157: ...utility and how to use it on the ACS server mkdir Creates a new directory nslookup Queries the IPv4 address or hostname of a remote system ping Determines the network activity on a remote system reload Reboots the ACS server restore Performs a restore and retrieves the backup out of a repository rmdir Removes an existing directory show Provides information about the ACS server ssh Starts an encryp...

Page 158: ... you were using Examples acs admin config do show run Generating configuration hostname ems lnx106 ip domain name cisco com interface ethernet 0 ip address 209 165 200 225 255 255 255 224 interface ethernet 1 shutdown ip name server 209 165 201 1 ip default gateway 209 165 202 129 clock timezone Cuba username admin password hash 1 hB MxIZHvecMiey P9mM9PvN0 role admin logging localhost logging logl...

Page 159: ...ehavior or values Command Modes Configuration Usage Guidelines The exit command is used in the ACS server to exit the current command mode to the next highest command mode in the CLI mode hierarchy For example use the exit command in Configuration mode to return to the EXEC mode Use the exit command in the configuration submodes to return to Configuration mode At the highest level EXEC mode the ex...

Page 160: ...ment otherwise an error occurs Examples acs admin config hostname myserver 1 Hostname was modified ACS is restarting and a new HTTP certificate will be generated Stopping ACS Starting ACS To verify that ACS processes are running use the show application status acs command myserver 1 admin config icmp echo To configure the Internet Control Message Protocol ICMP echo responses use the icmp echo comm...

Page 161: ...ration submode see the following Syntax Description Defaults No default behavior or values Command Description show icmp status Display ICMP echo response configuration information GigabitEthernet Configures the Gigabit Ethernet interface 0 1 Number of the Gigabit Ethernet port to configure do EXEC command Allows you to perform any EXEC commands in this mode see do page A 118 end Exits the config ...

Page 162: ... multiple interfaces You might want to do this to limit the configuration steps required to switch from using one interface to another Syntax Description Defaults Enabled Command Modes Interface configuration Usage Guidelines Requires exactly one address and one netmask otherwise an error occurs Examples acs admin config interface GigabitEthernet 1 acs admin config GigabitEthernet ip address 209 1...

Page 163: ...nt or no arguments at all an error occurs Examples acs admin config ip default gateway 209 165 202 129 acs admin config Related Commands ip domain name To define a default domain name that the ACS server uses to complete hostnames use the ip domain name command in Configuration mode To disable this function use the no form of this command Command Description shutdown interface configuration mode D...

Page 164: ...onfigure one to three DNS servers To disable this function use the no form of this command Note Using the no form of this command removes all the name servers from the configuration Using the no form of this command and one of the IP names removes only that IP name ip name server ip address ip address Syntax Description Defaults No default behavior or values Command Modes Configuration word Defaul...

Page 165: ...pping ACS Starting ACS To verify that ACS processes are running use the show application status acs command acs admin config You can choose not to restart the ACS server nevertheless the changes will take effect Related Commands ip route To configure the static routes use the ip route command in Configuration mode To remove static routes use the no form of this command Static routes are manually c...

Page 166: ...hedules Command Scheduler commands occurrence name Name of the occurrence Up to 80 alphanumeric characters See following note and Syntax Description at Identifies that the occurrence is to run at a specified calendar date and time Usage at hh mm day of week day of month month day of month do EXEC command Allows you to perform any EXEC commands in this mode see do page A 118 end Exits the kron occu...

Page 167: ...acs admin config kron occurrence WeeklyBackup acs admin config Occurrence at 14 35 Monday acs admin config Occurrence policy list SchedBackupPolicy acs admin config Occurrence recurring acs admin config Occurrence exit acs admin config Example 2 Daily Backup acs admin config kron occurrence DailyBackup acs admin config Occurrence at 02 00 acs admin config Occurrence exit acs admin config Related C...

Page 168: ...reate a Command Scheduler policy containing EXEC CLI commands to be scheduled to run on the ACS server at a specified time Use the kron occurrence and policy list commands to schedule one or more policy lists to run at the same time or interval See kron occurrence page A 129 cli Command to be executed by the scheduler Up to 80 alphanumeric characters do EXEC command Allows you to perform any EXEC ...

Page 169: ...ress or hostname or the loglevel keyword an error occurs if you enter two or more of these arguments Command Description kron occurrence Specifies schedule parameters for a Command Scheduler occurrence and enters the config Occurrence configuration mode ip address IP address of remote system to which you forward logs Up to 32 alphanumeric characters hostname Hostname of remote system to which you ...

Page 170: ...to synchronize with a specified server To terminate NTP service on a device you must enter the no ntp command without keywords or arguments For example if you previously issued the ntp server command and you now want to remove not only the server synchronization capability but all NTP functions from the device use the no ntp command without any keywords This ensures that all NTP functions disable ...

Page 171: ...igit required Requires a digit in the password disable repeat characters Disables the password s ability to contain more than four identical characters disable cisco password Disables the ability to use the word Cisco or any combination as the password lower case required Requires a lowercase letter in the password min password length Specifies a minimum number of characters for a valid password I...

Page 172: ...r you enter the name of the repository in the repository command you enter the config Repository configuration submode see the Syntax Description password lock retry count Number of failed attempts before password locks Integer length from 0 to 4 294 967 295 upper case required Requires an uppercase letter in the password special required Requires a special character in the password repository nam...

Page 173: ...acters cdrom Local CD ROM drive read only disk Local storage Note All local repositories are created on the localdisk partition When you specify disk in the repository URL the system creates directories in a path that is relative to localdisk For example if you entered disk backup the directory is created at localdisk backup You can run the show repository repository_name to view all the files in ...

Page 174: ...hd acs admin config shutdown To shut down an interface use the shutdown command in the interface configuration mode To disable this function use the no form of this command Syntax Description No arguments or keywords Defaults No default behavior or values Command Modes Interface Configuration Command Description backup Performs a backup ACS and ADE OS and places the backup in a repository restore ...

Page 175: ...cs admin config GigabitEthernet shutdown Related Commands snmp server community To set up the community access string to permit access to the Simple Network Management Protocol SNMP use the snmp server community command in Configuration mode To disable this function use the no form of this command snmp server community word ro Syntax Description Defaults No default behavior or values Command Modes...

Page 176: ...t Luke acs admin config Related Commands snmp server host To send SNMP traps to a remote user use the snmp server host command in Configuration mode To remove trap forwarding use the no form of this command snmp server host ip address hostname version 1 2c community Command Description snmp server host Sends traps to a remote system snmp server location Configures the SNMP location MIB value on th...

Page 177: ...er location word Syntax Description Defaults No default behavior or values Command Modes Configuration ip address IP address of the SNMP notification host Up to 32 alphanumeric characters hostname Name of the SNMP notification host Up to 32 alphanumeric characters version 1 2c Optional Version of the SNMP used to send the traps Default 1 If you use the version keyword specify one of the following ...

Page 178: ...ame username password hash plain password role admin user disabled email email address email email address For an existing user use the following option username username password role admin user password Syntax Description Defaults The initial user during setup Command Modes Configuration Command Description snmp server host Sends traps to a remote system snmp server community Sets up the communi...

Page 179: ... acs admin config username admin password hash role admin acs admin config Example 2 acs admin config username admin password plain Secr3tp swd role admin acs admin config Example 3 acs admin config username admin password plain Secr3tp swd role admin email admin123 mydomain com acs admin config Related Commands Command Description password policy Enables and configures the password policy show us...

Page 180: ...A 142 CLI Reference Guide for the Cisco Secure Access Control System 5 1 OL 18996 01 Appendix A ACS Command Reference Configuration Commands ...

Page 181: ...ovell IPX can learn about each other Physical media supporting the Subnetwork Access Protocol SNAP encapsulation connect CDP devices These can include all LANs Frame Relay and other WANs and ATM networks Cisco Discovery Protocol See CDP CLI command line interface An interface through which the user can interact with the software operating system by entering commands and optional arguments client N...

Page 182: ...col Application protocol part of the TCP IP protocol stack used for transferring files between network nodes FTP is defined in RFC 959 H host Computer system on a network Similar to the term node except that host usually implies a computer system whereas node generally applies to any network system including access servers and ITPs hostname The name of the operating system s server or computer tha...

Page 183: ... is one of the oldest Internet protocols still in use since before 1985 NTP was originally designed by Dave Mills of the University of Delaware who still maintains it along with a team of volunteers NTP is not related to the much simpler DAYTIME RFC 867 and TIME RFC 868 protocols P port In IP terminology an upper layer process that receives information from lower layers Each numbered port associat...

Page 184: ...rror message reporting to management stations The bulk retrieval mechanism supports the retrieval of tables and large quantities of information minimizing the number of round trip transmissions required SNMPv2C improved error handling support includes expanded error codes that distinguish different kinds of error conditions these conditions are reported through a single error code in SNMPv1 Error ...

Page 185: ... that is affixed to the physical hardware device and it is also stored electronically on the device in order to facilitate remote retrieval A UDI consists of the following elements product identifier PID version identifier VID and serial number SN The PID is the name by which the product can be ordered it has been historically called the Product Name or Part Number You use this identifier to order...

Page 186: ...Glossary GL 6 CLI Reference Guide for the Cisco Secure Access Control System 5 1 OL 18996 01 ...

Page 187: ... 2 11 More prompt 2 13 commands ACS access setting accept all A 93 debug adclient A 94 debug log A 95 decrypt support bundle A 98 export data A 98 import data A 100 import export abort A 101 import export status A 103 no debug adclient A 104 no debug log A 105 replication force sync A 107 reset management interface certificate A 108 show debug adclient A 109 show debug log A 110 configuration back...

Page 188: ...pplication remove A 24 application reset config A 25 application start A 26 application stop A 26 application upgrade A 27 backup A 28 backup logs A 30 clock A 31 configure A 32 copy A 32 copy acs logs A 32 debug A 36 delete A 38 dir A 39 exit A 41 forceout A 41 halt A 42 help A 43 mkdir A 43 nslookup A 44 ping A 45 reload A 46 restore A 47 rmdir A 48 show A 49 A 59 ssh A 51 tech A 52 telnet A 52 ...

Page 189: ...A 112 console port 1 1 conventions command line completion 2 12 command line editing 2 11 document iii x more prompt 2 13 CSACS 1120 2 2 CSACS 1121 1 1 CSACS server starting 2 2 D default forms of commands using 2 11 disk space managing A 1 document audience iii ix conventions iii x related iii xi using iii ix E EXEC commands 1 5 A 4 H help getting 2 10 L logs disk space table A 1 M mode about 1 4...

Page 190: ...6 01 show commands 1 7 A 49 A 59 SSH 1 1 2 5 starting the CSACS appliance server 2 2 submodes configuration 2 8 supported platforms hardware 2 4 software 2 4 T types of commands 1 5 U user accounts 1 1 command privileges table 1 2 modes 1 4 using PC locally 2 5 SSH 2 5 utility setup 2 2 ...

Reviews:

No comments

Related manuals for CSACS-1121-K9

Panasonic KX-NS1000 Quick Reference Manual preview
KX-NS1000
Brand: Panasonic Pages: 28
TP-Link TL-PS110P Quick Installation Manual preview
TL-PS110P
Brand: TP-Link Pages: 16
IBM Netfinity 1000-8477 21Y Hardware Maintenance Manual preview
Netfinity 1000-8477 21Y
Brand: IBM Pages: 268
IBM eserver iSeries 270 Installation Manual preview
eserver iSeries 270
Brand: IBM Pages: 40
Supero SuperServer 6024H-82 User Manual preview
SuperServer 6024H-82
Brand: Supero Pages: 122
Axis NPS 550 User Manual preview
NPS 550
Brand: Axis Pages: 85
Gigabyte R272-P32 User Manual preview
R272-P32
Brand: Gigabyte Pages: 86
Gigabyte G492-HA0 User Manual preview
G492-HA0
Brand: Gigabyte Pages: 110
Gigabyte R283-Z93-AAF1 User Manual preview
R283-Z93-AAF1
Brand: Gigabyte Pages: 173
Gigabyte H273-Z81-AAN1 User Manual preview
H273-Z81-AAN1
Brand: Gigabyte Pages: 166
Gigabyte G492-ZD2 User Manual preview
G492-ZD2
Brand: Gigabyte Pages: 134
GRASS VALLEY HDMA-4000SYNC Datasheet preview
HDMA-4000SYNC
Brand: GRASS VALLEY Pages: 2
Bosanova XTC-1300 Specifications preview
XTC-1300
Brand: Bosanova Pages: 2
Bosanova RBT-470 Specifications preview
RBT-470
Brand: Bosanova Pages: 2
Bosanova RBT-416 Specifications preview
RBT-416
Brand: Bosanova Pages: 2
Red Hat NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT Reference Manual preview
NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT
Brand: Red Hat Pages: 318
Planet Multi-Port Fast Ethernet Print Server FPS-3121 Quick Installation Manual preview
Multi-Port Fast Ethernet Print Server FPS-3121
Brand: Planet Pages: 12
360 Systems MAXX-2420-EX Operation Manual preview
MAXX-2420-EX
Brand: 360 Systems Pages: 148

Brands by name

Popular brands

Load more brands