05-14-2015 09:54 AM - edited 03-12-2019 05:45 PM
Hi Everyone,
I am currently using Cisco ACS 5.4 with patch 7 only to manage users logging into network devices (i.e. TACACS+ and radius).
Cisco just releases 5.7 on May 12th. Any benefits to upgrade from 5.4 patch 7 to ACS 5.7?
on the release notes, I see this on 5.7:
Maximum Failed Attempts Count Policy
New Sub-Attributes for Service Type RADIUS IETF Attribute
Supporting SNMP Traps for Monitoring Disk Utilization
Log Message for CLI Administrator Account Locked Out
Establishing New Connection from Sybase if Oracle is down
Length Included Flags in Access Policies for TWLU Clients
ACS CLI Changes to TCP Parameters
New Light Weight REST API (getAllDevices)
RSA Public Key Authentication for SFTP Repository
Based on the release note, I am not seeing any benefits of upgrading from 5.4 patch 7 to 5.7.
Comments anyone?
Thanks,
05-16-2015 11:02 PM
Hi there, in addition to new features, newer versions of ACS also address known bugs and vulnerabilities. Those can be found in the release notes for each version. For instance, just in v5.7 there were tons of bugs and vulnerabilities that were resolved (see below). You are in version 5.4 so you can check the release notes for 5.5, 5.6 and 5.7 and you will find a pretty lengthy list :)
Table 4 lists the issues that are resolved in ACS 5.7.
As result, I recommend that you try to stay on a pretty recent version. Now, 5.7 was just released so I would not go to that one right away. I personally like to wait till the first patch is released. The first patch usually addresses all of the issues that were reported by people who upgrade right away. :) However, I would recommend that you upgrade to v5.6!
I hope this helps!
Thank you for rating helpful posts!
05-20-2015 12:38 AM
Cisco Secure ACS 5.7 adds the following new features :
● Option for storing passwords’ hashes instead of in clear text
● Ability to disable users after N days of inactivity
● Disable users after N failed attempts on a user or group basis
● Notify users/Admins via e-mail N days before their password expires
● Ability to add new values for attributes in RADIUS dictionary
● Create a new connection to Oracle Sybase database for every export job
● Option to expire MAB (host) entries in internal database
● Customization of TACACS+ port number
● SNMP MIB support for monitoring disk utilization
● Support use of PKI infrastructure keys for backing up database and logs via SFTP
● Support for logging into Microsoft SQL 2012 database
● New REST API call to read device info faster
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide