Kerim,

If you take a backup and rebuild your virtual machines you should be able to restore with the licenses and all the application configuration. *command is acs backup repository "

Thanks,

Tarik Admani
*Please rate helpful posts*

hi Tarik,

while you are at it, i want ot ask you about patching acs servers. i used "patch install" CLI command to install cumulative patch. it asks for file name and remote repository name. i gave it the patch name 5-3-0-40-3.tar.gpg and also the remote tftp user which i use for inceremental backup and for patching too. But, i keep on getting this error message % Manifest file not found in the bundle. can you help with this as usual?

thanks,

Kerim

The command you want to run when installing a patch is 'acs patch install...' and you need to use a ftp server, I was never able to get the patch installed using a tftp repository.

Thanks,

Tarik Admani
*Please rate helpful posts*

thanks tarik!

what if i choose to no to back up abd rather use clean install. will that cause problem related to licensing?

If you open the license file with a text editor, do you see anything in the file that has the serial number, mac address (anything that makes it hardware specific) if not, then you can use the licenses. I am drawing a blank in the way the acs licenses are structured. ISE uses the mac address and serial number so when you create a new virtual machine you have to have the licenses rehosted.

Thanks,

Tarik Admani
*Please rate helpful posts*

Hi Tarik,

I was trying to configure sftp based repository. it asks for username and password. we don't have local password configured on our sftp server. we use RSA. so although i will be able to assing user name can't assing password.. how do i go about solving this?

thanks

Kerim

If you are using rsa tokens (meaning one time passwords) then you can issue the following command from cli:

copy sftp://x.x.x.x disk:

That should prompt you for username and use your one time token for password.

After this you can create a repository called localdisk and point the url to disk:/

Then you can issue the acs patch install repository

Thanks,

Tarik Admani
*Please rate helpful posts*

hi Tarik,

i tried to do sftp. i just couldn't. am able to SSH to sftp server like acs/admin# ssh sftpserver user. this has worked and i see authntication log on the RSA server.But, when I do acs/admin#copy sftp://sftpserver disk:/, it prompts for user name and password and then fails with error message:

%Error:  transfer failed.

Kerim,

Your best option at this point is to use ftp, it works like a charm.

thanks,

Tarik Admani
*Please rate helpful posts*

Hi Tarik,

I just can't get Radius work the way it used to in acs4.2. it is as if RADIUS is dedicated to default network access as opposed to deault network admin. even when i let RADIUS being used to default netowrk access, i was not able to associate profile-shell that allows Priv-level 15. in acs 4.2 if you are in admin group u just see the switch # prompt but in ACS5.3 if you use RADIUS you will be in switch> prompt. how do i go about solving this? the other problem I am facing is, when my two acs instances are standalone, they work fine but as soon as i make one of them secondary, the secondary can't authenticate against RSA server it just authenticates only local users. whay is that so? i believe if we can solve this am ready to go into production with 5.3.

thanks,

Kerim

Hi Tarik,

it all worked out well. thanks much!

Hi Tarik,

When i thought I am done, i realized i forgot the VPN users. we are using Cisco VPN concentrater we have address pools configured on acs 4.2. i realized when i do the migration to 5.3, the address pools did not migrate. is this because 5.3 opperates differently? do i have to create the pools manually? just give me something to kickstart me.

thanks Tarik