08-04-2013 09:28 AM - edited 03-10-2019 08:43 PM
Hello all, we are planning migrating off our ACS 4.2.0.124 ( non appliance ) to ACS 5.4. I'm looking for any advice or tips from anyone that has done the migration.
Is the migration tool intrusive or can it be run at anytime?
I thought about not using the migration tool and do a new install however we have a few hundred MAC address entered for a Mac authenticated SSID as well as about a 100 switches and routers for TACACS.
We have about a half dozen WIreless Controllers that use AAA with a mix of SSID's that are doing WPA2 with Mac authentication, LEAP, and, PEAP. We also use TACACS for routers and switches and AAA for anyconnect users.
Any advice on the migration process would be appreciated.
Thanks,
Dan
08-04-2013 09:12 PM
It's just my 2 cents. It may be easier to rebuild the new 5.x from the ground up .. It's a great learning process. 5.x is so much different from 4.x . The time invested in the rebuild will help tremendously to get you started ..
Sent from Cisco Technical Support iPad App
08-04-2013 10:21 PM
I would not mind the ground up approach however, I have several MAC address in our old ACS server for MAC authentication. Seems like that would be a little bit of a headache to manually put those address in.
Thanks,
Dan
08-05-2013 12:28 AM
Hello Dan,
I've done the migration without using the migration tool. I had too many MAC addresses for MAB.
I used a CSV file to import the MAC addresses to the new ACS.
In the ACS 5.x you can prepar a CSV file (file format is downloadable from ACS itself after you install it) and put all your MAC Addresses (or IP addresses in case of TACACS+ AAA clients) and then the file can be imported to the ACS to add all the addresses (or users, machines...etc) listed in the file.
check the following links for more information:
https://supportforums.cisco.com/docs/DOC-32606
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
08-05-2013 08:17 PM
Thanks Amjad, how did you export the data on the old ACS 4 server? Is there a another utiltiy that will grab the users/passwords that are in a paticular group?
Thanks,
Dan
08-06-2013 01:56 AM
Actually I managed to copy/paste from the ACS4.2 to the CSV file. The passwords will not be imported though so you have to reset the password for all users and let them change it.
If I were you I would have use the import utility to migrate users to keep the password then I will update the information of users (including group membership) via update template CSV file.
The migration I used before included few users that I could create on the spot and ask them to reset the password. Most of the data were MAC addresses for MAC auth and IP addresses for TACACS+ AAA clients (switches, routers...etc).
If you have too many users then the migration tool is your friend to get them imported without having to reset the password.
It is also important that you read the migration guide before you use the utility. You'll find valuable information about what will be imported and how. What data will be maintained and what will not.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
05-08-2014 05:24 AM
Hi,
Recently i migrated from ACS 4.2 ( in windows) to ACS 5.4 ( in sns 3415) using Migration utility. It was smooth migration, everything works except the log files in the .csv format were not migrated.
Please help me on how to migrate the log files.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide