Solved: Changing shared key in bulk for Clients in ACS 4.2.1

jain.nitin · ‎01-23-2011

HI,

is there any way to change the shared secret key for all devices in bulk instead of going to each clients and changing key in ACS 4.2.1 ?

Please let me know if is there any way to perform it faster.

Thanks

Jatin Katyal · ‎01-23-2011

Hi Nitin,

Well, if you have all the devices in a single NDG then just click on that NDG >> at the bottom click edit properties >> enter the new shared secret key there and it will take precedence from there on. Even though if you click on any AAA client inside that NDG, it will show the OLD shared secret key but due to the presence of this feature where NDG key will always override the AAA client, this will surely work for you.

If you're not convinced with the above suggestion and really want to change the shared secret key then let me know;

Are you using ACS SE or ACS windows. I'm assuming that you have ACS SE

Here you need a CSV file with the action code to certain NAS and you should be able to synch the CSV file with RDBMS to the database using
4.2 version

Code 224 - UPDATE_NAS

VN = AAA client Name

V1 = IP-Address

V2 = shared secret key

V3 = vendor

RDBMS Synchronization Import Definitions
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

Action Codes for Modifying Network Configuration
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp78096

HTH

Jatin

Do rate helpful posts~

~Jatin

View solution in original post

Jatin Katyal · ‎01-23-2011

Hi Nitin,

Well, if you have all the devices in a single NDG then just click on that NDG >> at the bottom click edit properties >> enter the new shared secret key there and it will take precedence from there on. Even though if you click on any AAA client inside that NDG, it will show the OLD shared secret key but due to the presence of this feature where NDG key will always override the AAA client, this will surely work for you.

If you're not convinced with the above suggestion and really want to change the shared secret key then let me know;

Are you using ACS SE or ACS windows. I'm assuming that you have ACS SE

Here you need a CSV file with the action code to certain NAS and you should be able to synch the CSV file with RDBMS to the database using
4.2 version

Code 224 - UPDATE_NAS

VN = AAA client Name

V1 = IP-Address

V2 = shared secret key

V3 = vendor

RDBMS Synchronization Import Definitions
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

Action Codes for Modifying Network Configuration
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp78096

HTH

Jatin

Do rate helpful posts~

~Jatin

jain.nitin · ‎01-26-2011

Hi thanks so much for your reply. Yes I have ACS SE. Yeah I know we can change shared key on group which will overwrite AAA client key but problem is that customer has not created any NDG so all the devices are in default group which is not assigned.... and I can not set any thing on this group...so I will have to move all the device in new group...or I will have to export these devices some how & then edit the exported data and change the key in that then import abck in ACS SE.....

As you suggested that I can import data from CSV and can sync with RDBMS....can I export as well from ACS SE...if this is possible then I will export data in CSV will edit and then import back it with changes....

Thanks once again for your help....

Jatin Katyal · ‎01-26-2011

Yes, you can also export them from the ACS SE.You can get the aaa clients/devices information in excel sheet from below mentioned steps:

Go to Network Configuration > Search > Keeps the search setting to default i.e. to search all. Then press search. There will be a "Download" option that will appear in the left corner of the search result. Click on it save that list.

This list will contain,
- Name
- IP Address
- Type
- NDG name (if any)

I doubt that this contains the shared secret key for AAA clients.

Rgds,

Jatin

Do rate helpful posts-

~Jatin