06-20-2011 05:41 AM - edited 03-10-2019 06:10 PM
Hi,
I'd currently like to upgrade a primary / secondary ACS 5.0.0.21.6 to the latest version 5.2
The documentation says to use the recovery CDs for the interim 5.1 and then the 5.2 upgrades. Is this the same as the ISO image you can download from CCO ?
Will this cause an issue with licensing as you are effectively defaulting the box ?
Is it possible to use the ftp repository to do the upgrade without using an ISO/recovery image disk ? Thereby keeping the licenses intact ?
When you do the upgrades do you have to restore both the "router" type configuration and the databases on both ACS appliances ? I guess the answer to this depends on if the recovery / ISO image is used.
Should I get the Primary / Secondary relationship working on 5.1 or can I do each one 5.0 to 5.1 to 5.2 all in one hit then sort out the Primary / Secondary Distributed ACS environment ?
Thanks for any assistance on this
Mark
Solved! Go to Solution.
06-20-2011 07:41 AM
The recovery image would be an ISO format and upgrade would be a .tar format. Yes, these files can be downloaded from CCO.
You've read the correct procedure. After reimage, you have to install the license again.
We can't use FTP for ACS 5.0 --->ACS 5.1 upgrade. We have to reimage here, no other way.
backup
To perform a backup (including the ADE OS data like hostname, IP address) and place the backup in a repository, use the backup command in the EXEC mode.
backup backup-name repository repository-name
acs backup
To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode.
acs backup backup-filename repository repository-name
Upgrade can't be done while we have both the ACS in sync, you need to deregister and register them again.
Hope this helps.
Regards,
Jatin
Do rate helpful posts-
06-20-2011 11:30 PM
There is in fact an upgrade process that can be done without reimage by installing the following:
Upgrade 5.0 to 5.1
Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from:
Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21 // this path may have changed
After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz, available from the same path.
Use this command in order to install the upgrade:
application upgraderemote-repository-name
Upgrade 5.1 to 5.2
- Install latest 5.1 patch // 5.1.0.44.6
- There is a file that can be downloaded from CCO that allows to upgrade from ACS 5.1 version to 5.2 version
without needing to reimage the ACS. Information from the README is below
Instructions on how to install the application bundle
=====================================================
1. open CLI console.
2. define new repository in which the ACS_5.2.0.26.tar.gz resides.
3. issue: 'application upgrade ACS_5.2.0.26.tar.gz YOUR_REPOSITORY'
4. The system will reboot in few minutes.
5. After reboot login to the CLI and verify the acs & adeos version by issuing "show version" command.
ADE-OS Build Version: 1.2.0.182
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.2.0.26
There are a lot of moving parts here which is why I think the reimage way is recommended but am including this informaiton for completeness
Either way you need to break the deployment and upgrade the data on one of the machines. You should also perform the upgrade on the node that is the log collector if you want the M&T data to be retained. On the other machine you can just reimage (if you have the license) or upgrade and then rejoin the deployment
Couple final point. The license data is stored in the backup so if you reimage and restore backup from the CLI (without accessing the GUI) then license data should be restored. If you reimage you need to make sure data related to server certificate may be lost
06-20-2011 07:41 AM
The recovery image would be an ISO format and upgrade would be a .tar format. Yes, these files can be downloaded from CCO.
You've read the correct procedure. After reimage, you have to install the license again.
We can't use FTP for ACS 5.0 --->ACS 5.1 upgrade. We have to reimage here, no other way.
backup
To perform a backup (including the ADE OS data like hostname, IP address) and place the backup in a repository, use the backup command in the EXEC mode.
backup backup-name repository repository-name
acs backup
To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode.
acs backup backup-filename repository repository-name
Upgrade can't be done while we have both the ACS in sync, you need to deregister and register them again.
Hope this helps.
Regards,
Jatin
Do rate helpful posts-
06-20-2011 11:30 PM
There is in fact an upgrade process that can be done without reimage by installing the following:
Upgrade 5.0 to 5.1
Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from:
Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21 // this path may have changed
After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz, available from the same path.
Use this command in order to install the upgrade:
application upgraderemote-repository-name
Upgrade 5.1 to 5.2
- Install latest 5.1 patch // 5.1.0.44.6
- There is a file that can be downloaded from CCO that allows to upgrade from ACS 5.1 version to 5.2 version
without needing to reimage the ACS. Information from the README is below
Instructions on how to install the application bundle
=====================================================
1. open CLI console.
2. define new repository in which the ACS_5.2.0.26.tar.gz resides.
3. issue: 'application upgrade ACS_5.2.0.26.tar.gz YOUR_REPOSITORY'
4. The system will reboot in few minutes.
5. After reboot login to the CLI and verify the acs & adeos version by issuing "show version" command.
ADE-OS Build Version: 1.2.0.182
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.2.0.26
There are a lot of moving parts here which is why I think the reimage way is recommended but am including this informaiton for completeness
Either way you need to break the deployment and upgrade the data on one of the machines. You should also perform the upgrade on the node that is the log collector if you want the M&T data to be retained. On the other machine you can just reimage (if you have the license) or upgrade and then rejoin the deployment
Couple final point. The license data is stored in the backup so if you reimage and restore backup from the CLI (without accessing the GUI) then license data should be restored. If you reimage you need to make sure data related to server certificate may be lost
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide