Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1441
Views
0
Helpful
2
Replies

ACS upgrade from 5.0 to 5.2

Go to solution
markturner
Level 1
Level 1

‎06-20-2011 05:41 AM - edited ‎03-10-2019 06:10 PM

Hi,

I'd currently like to upgrade a primary / secondary ACS 5.0.0.21.6  to the latest version 5.2

The documentation says to use the recovery CDs for the interim 5.1 and then the 5.2 upgrades. Is this the same as the ISO image you can download from CCO ?

Will this cause an issue with licensing as you are effectively defaulting the box ?

Is it possible to use the ftp repository to do the upgrade without using an ISO/recovery image disk ? Thereby keeping the licenses intact ?

When you do the upgrades do you have to restore both the "router" type configuration and the databases on both ACS appliances ? I guess the answer to this depends on if the recovery / ISO image is used.

Should I get the Primary / Secondary relationship working on 5.1 or can I do each one 5.0 to 5.1 to 5.2 all in one hit then sort out the Primary / Secondary Distributed ACS environment ?

Thanks for any assistance on this

Mark

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-20-2011 07:41 AM

The recovery image would be an ISO format and upgrade would be a .tar format. Yes, these files can be downloaded from CCO.

You've read the correct procedure. After reimage, you have to install the license again.

We can't use FTP for ACS 5.0 --->ACS 5.1 upgrade. We have to reimage here, no other way.

backup

To perform a backup (including the ADE OS data like hostname, IP address) and place the backup in a repository, use the backup command in the EXEC mode.

backup backup-name repository repository-name

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1888749

acs backup

To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode.

acs backup backup-filename repository repository-name

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1886805

Upgrade can't be done while we have both the ACS in sync, you need to deregister and register them again.

Hope this helps.

Regards,

Jatin

Do rate helpful posts-

~Jatin

View solution in original post

0 Helpful

Go to solution
jrabinow
Level 7
Level 7
In response to Jatin Katyal

‎06-20-2011 11:30 PM

There is in fact an upgrade process that can be done without reimage by installing the following:

Upgrade 5.0 to 5.1

  1. Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from:

    Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21    // this path may have changed


  2. After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz, available from the same path.


  3. Use this command in order to install the upgrade:

    application upgrade  remote-repository-name


Upgrade 5.1 to 5.2

- Install latest 5.1 patch // 5.1.0.44.6

- There is a file that can be downloaded from CCO that allows to upgrade from ACS 5.1 version to 5.2 version

without needing to reimage the ACS. Information from the README is below

Instructions on how to install the application bundle

=====================================================

1. open CLI console.

2. define new repository in which the ACS_5.2.0.26.tar.gz resides.

3. issue: 'application upgrade ACS_5.2.0.26.tar.gz YOUR_REPOSITORY'

4. The system will reboot in few minutes.

5. After reboot login to the CLI and verify the acs & adeos version by issuing "show version" command.

   ADE-OS Build Version: 1.2.0.182

   Cisco ACS VERSION INFORMATION

   -----------------------------

   Version : 5.2.0.26

There are a lot of moving parts here which is why I think the reimage way is recommended but am including this informaiton for completeness

Either way you need to break the deployment and upgrade the data on one of the machines. You should also perform the upgrade on the node that is the log collector if you want the M&T data to be retained. On the other machine you can just reimage (if you have the license) or upgrade and then rejoin the deployment

Couple final point. The license data is stored in the backup so if you reimage and restore backup from the CLI (without accessing the GUI) then license data should be restored. If you reimage you need to make sure data related to server certificate may be lost

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-20-2011 07:41 AM

The recovery image would be an ISO format and upgrade would be a .tar format. Yes, these files can be downloaded from CCO.

You've read the correct procedure. After reimage, you have to install the license again.

We can't use FTP for ACS 5.0 --->ACS 5.1 upgrade. We have to reimage here, no other way.

backup

To perform a backup (including the ADE OS data like hostname, IP address) and place the backup in a repository, use the backup command in the EXEC mode.

backup backup-name repository repository-name

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1888749

acs backup

To back up an ACS configuration (not including the ADE OS data), use the acs backup command in the EXEC mode.

acs backup backup-filename repository repository-name

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1886805

Upgrade can't be done while we have both the ACS in sync, you need to deregister and register them again.

Hope this helps.

Regards,

Jatin

Do rate helpful posts-

~Jatin
0 Helpful

Go to solution
jrabinow
Level 7
Level 7
In response to Jatin Katyal

‎06-20-2011 11:30 PM

There is in fact an upgrade process that can be done without reimage by installing the following:

Upgrade 5.0 to 5.1

  1. Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from:

    Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21    // this path may have changed


  2. After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz, available from the same path.


  3. Use this command in order to install the upgrade:

    application upgrade  remote-repository-name


Upgrade 5.1 to 5.2

- Install latest 5.1 patch // 5.1.0.44.6

- There is a file that can be downloaded from CCO that allows to upgrade from ACS 5.1 version to 5.2 version

without needing to reimage the ACS. Information from the README is below

Instructions on how to install the application bundle

=====================================================

1. open CLI console.

2. define new repository in which the ACS_5.2.0.26.tar.gz resides.

3. issue: 'application upgrade ACS_5.2.0.26.tar.gz YOUR_REPOSITORY'

4. The system will reboot in few minutes.

5. After reboot login to the CLI and verify the acs & adeos version by issuing "show version" command.

   ADE-OS Build Version: 1.2.0.182

   Cisco ACS VERSION INFORMATION

   -----------------------------

   Version : 5.2.0.26

There are a lot of moving parts here which is why I think the reimage way is recommended but am including this informaiton for completeness

Either way you need to break the deployment and upgrade the data on one of the machines. You should also perform the upgrade on the node that is the log collector if you want the M&T data to be retained. On the other machine you can just reimage (if you have the license) or upgrade and then rejoin the deployment

Couple final point. The license data is stored in the backup so if you reimage and restore backup from the CLI (without accessing the GUI) then license data should be restored. If you reimage you need to make sure data related to server certificate may be lost

0 Helpful
Customers Also Viewed These Support Documents