Currently, we are configured in a Primary/Secondary with two Cisco ACS 1121 Applainces running Version 188.8.131.52. We want to uipgrade to teh lastest patch, which was patch 5.
I know I need to deregister the backup and then upgrade the primary. While that is rebooting, the secondary should take over and then I would upgrade the secondary. At this point, I would then register the secondary with the primary to create redundancy.
Are there any lessons to be learned from this? I do not expect an outage at all because of the redundancy.
Are there any written steps to complete this process without a hitch?
thanks to all.
I think you have upgrading the ACS version and installing a patch confused. I have installed patches without breaking apart the distributed deployment. I usually start with the secondary, install the patch and wait for the services to start.
You can use cli commands from one of the ASAs or IOS device to test the authentication, once it passes that check, then I move to the primary and repeat the same steps.
If for some reason you run into issues with the sync, you can force a full replication.
Here are the steps on how to install the patch - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp198690
Hope that helps,
*Please rate helpful posts*
Thank you Tarik.
If it has been a while, is there like a show repository so I can get the name of the repository that we created during set up? Also, if we are in redundant mode, do you or the group feel that we will experience an outage or a loss of service? Patch 5 has been stable for all?
You can issue a show run to get name of the configured repository.
My environment has patch 4 installed and works just fine.
As long as both server entries are configured on all your network devices and you follow my steps above you are good to go.
If you experience any issues with patch 5 you can always remove it by using the acs patch remove command.
Sent from Cisco Technical Support iPad App
My apologies for taking so long to respond. I have done a show run on both devices and there is no mention of a repository. I need to create one prior to upgrading patches, correct? Can I do this by doing a configuration terminal and then just typing in a repository FTP and write memory?
And once that is done, I can FTP the file to the repository at this point by using the acs patch install? How do I get the file from my desktop to the repository? I cannot seem to find step by step instructions on the Cisco page but i will continue looking.
I have installed the patch on any box, but you start with monitoring ACS (since that can take a little longer) to start the upgrade.
Yes you will need to create a repository first before installing a patch:
SSH: login > config t > repository name
After you create the repository,
acs patch install
that should get you going.
Here are the steps:
*Please rate helpful posts*
Tarik: Is that correct even for version 184.108.40.206 without patched? can I upgrade to patch 8 (which is the latest now) by applying the patch to the secondary (then reboot) then the primary (then reboot) without having to remove the redunduncy configuration between them? and I can maintain the service up?
Rating useful replies is more useful than saying "Thank you"