Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
891
Views
9
Helpful
2
Replies

Cisco ACS Upgrade from 5.1 to 5.4

Abayomi Smith
Level 1
Level 1

‎02-11-2014 02:31 AM - edited ‎03-10-2019 09:22 PM

Hello All,

I need to upgrade an ACS deployment (Primary & Secondary with the Secondary as the log collector) from 5.1 to 5.4.

From what I understand, I need to do a stepped upgrade from 5.1 to 5.2 then to 5.4

However the Cisco guidance on upgrading from 5.1 to 5.2 isnt very clear to me and I was hoping to get some clarity from anyone who has performed this or has got experience in performing this.

I would appreciate a practical step by step guide.

Cisco recommends the following steps below (http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/csacs_upg.html#wp1152302), however I have added my questions in red

1. Backing up the log collector on CLI to remote repository.

2. Assign another secondary server as log collector in the deployment. (however I believe this means assigning the primary server as the log collector as I have only 2 servers in my deployment). Am I correct?

3. Restoring log collector data back "uped" to new 5.2 log collector. They have subtly missed the step where former secondary server is upgarded to 5.2 (Do they mean you need to have another server which is already running on 5.2 already to install the backup data on or am I the one missing something here?)

4. De-register the old log collector from deployment and delete the instance on the primary ACS

5. Back up Primary ACS (configuration and monitoring) to repository

6. Upgrade ACS to 5.2

7. Backup ACS 5.2 to repository

8. Restore ACS 5.1 data to ACS 5.2 Server

9. On Primary Server of 5.1 deployment, define remote log target for 5.2 log collector server (at the end of this step,  Upgraded server will function as ACS 5.2 Primary server as well as log collector)

10.On the ACS 5.1 Primary Server Configure appropiate logging categories for remote log target

11. Import local and outstanding Certificate Sign Requests

I would greatly appreciate comments that will provide some clarity on the issues highlighted above or on the whole process as a whole.

Many Thanks.

Labels:
0 Helpful
2 Replies 2

Naveen Kumar
Level 4
Level 4

‎02-12-2014 09:11 PM

You are correct, you will have to upgrade first to 5.2 or 5.3 and  apply latest patch. For ACS 5.2 the latest patch is 11 and for 5.3 the  latest patch is 8

Deregister  the secondary from the primary first, once you have the two servers as  standalone units you can proceed to upgrade one of the servers, if it  goes fine then continue with the other one.

Once you have upgraded both units you can register the old secondary back to the old primary.

Upgrade paths:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html#wp1194843

Abayomi Smith
Level 1
Level 1
In response to Naveen Kumar

‎02-13-2014 01:27 AM

Thanks Nkumarsr,

I have reviewed the upgrade path because the documentation on upgrading from 5.1 to 5.2 was unclear.

I will upgrade from 5.1 to 5.3 then to 5.4.

Basically will patch the servers first (with the last 5.1 patch) then move the log collector to the primary so as to upgrade the secondary,

deregister it and delete the secondary instance and then upgrade the old log collector.

Afterwards set it as the remote log target for the primary then upgrade the primary and then register it as the secondary back to the upgraded old log collector, which at that point is the primary and then promote it to the primary making the upgraded old log collector the secondary and then patch with the last 5.3 patch, which is 9.

Afterwards I will carry out the process all over again to upgrade the deployment from 5.3 to 5.4.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents