Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
4
Replies

Can set any IP on ACS 4.0 SE - accept the one I need

John_Richards
Level 1
Level 1

‎02-16-2007 09:24 AM - edited ‎03-10-2019 02:59 PM

We are trying to upgrade from an ACS 3.2 for Windows server to our new ACS 4.0 SE box. We have upgraded the Windows box to 4.0, backed up the configuration and restored it to the new box. We have pointed a couple of clients to the new box for testing, and can authenticate. So far so good, but when we went to the final step, assigning the IP address of the old server to the new box, we had a problem ? the ACS SE box will not let us assign the address to the local NIC ? I get an message that the configuration could not be assigned to the NIC.

To go into detail on what was done:

The Windows server was changed from x.x.3.45 to x.x.0.45 (we use a 255.255.248.0 subnet mask), and rebooted.

On the ACS SE box, I used set IP to change the IP from x.x.0.20 (used for testing and setting up the configuration) to x.x.3.45. The system would not complete this step - This is when The system indicated that the configuration could not be applied to the NIC.

I then set the NIC to DHCP, which was success fully applied. I then set the NIC to x.x.3.46, which it also accepted. At this point I thought it may be doing DNS lookup, and seeing another host name for the IP, so I deleted the PTR record for x.x.3.45, and tried setting that as the IP again. I got the same response.

I thought it for some reason could be detecting an IP conflict, so I tried setting the IP to an address I knew was in use. As I expected, this did not work, but the error did say IP conflict ? and I was not getting that error on x.x.3.45.

At this point I moved the connection on the ACS to the other Ethernet interface, but that did not improve the issue.

I tried performing a reboot on the ACS box, but still could not set the desired IP address. At this point what I thought would be a 5 minute outage for VPN authentication had lasted 45 minutes, and I had to put the target address back on the Windows ACS server.

Any idea what is causing this? I can set the IP address of the ACS SE to any IP accept for the one that I need! Since we have 70+ Cisco devices that point to x.x.3.45 for authentication, we really do not want to change the address of our ACS.

Labels:
0 Helpful
4 Replies 4

daviddtran
Level 1
Level 1

‎02-16-2007 10:16 AM

You need to open a TAC case with Cisco for this.

If I recalled this correctly, the old IP

address is save into a registry file and when

you backup the configuration, that registry

containing the old IP address will be in there.

When you restored the configuration, it will

restore the old IP address along with it.

Cisco TAC can help you modified the registry

to fix this problem.

You do not have this problem when you run

Freeware TACACS+. You can change the IP of

the box at anytime and not breaking anything.

David

CCIE Security

0 Helpful

John_Richards
Level 1
Level 1
In response to daviddtran

‎02-16-2007 01:08 PM

It strikes me as odd that it will not let me set the IP address to the value that is already part of the restored config, since the product documentation gives this as the migration procedure. I'd think that this would be a common problem, but I can't find any reference to it.

I guess my next step is to schedule a longer outage, reload the appliance with a fress O/S, shut down the older server, give the appliance the correct IP and attempt to restore the config from the old box

0 Helpful

daviddtran
Level 1
Level 1
In response to John_Richards

‎02-16-2007 01:12 PM

You can do that or you can call call call Cisco TAC and they can do this for you rather quickly.

There is no need to rebuild the box from scratch.

David

0 Helpful

somishra
Cisco Employee
Cisco Employee

‎02-16-2007 03:30 PM

you need to re image the appliance with the

Ethernet 0 NIC attached - set up the initial configs with the same IP ie - x.x.3.45 and do a restore again

0 Helpful
Customers Also Viewed These Support Documents