cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Webcast- Catalyst 9000
3559
Views
15
Helpful
7
Replies
Highlighted
Beginner

Patch ACS 5.3

Currently, we are configured in a Primary/Secondary with two Cisco ACS 1121 Applainces running   Version 5.3.40.1.  We want to uipgrade to teh lastest patch, which was patch 5.

I know I need to deregister the backup and then upgrade the primary.  While that is rebooting, the secondary should take over and then I would upgrade the secondary.  At this point, I would then register the secondary with the primary to create redundancy.

Are there any lessons to be learned from this?  I do not expect an outage at all because of the redundancy. 

Are there any written steps to complete this process without a hitch? 

thanks to all.


Dwane               

Everyone's tags (4)
7 REPLIES 7
Advocate

Patch ACS 5.3

Dwane,

I think you have upgrading the ACS version and installing a patch confused. I have installed patches without breaking apart the distributed deployment. I usually start with the secondary, install the patch and wait for the services to start.

You can use cli commands from one of the ASAs or IOS device to test the authentication, once it passes that check, then I move to the primary and repeat the same steps.

If for some reason you run into issues with the sync, you can force a full replication.

Here are the steps on how to install the patch - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp198690

Hope that helps,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

Patch ACS 5.3

Thank you Tarik.

If it has been a while, is there like a show repository so I can get the name of the repository that we created during set up?  Also, if we are in redundant mode, do you or the group feel that we will experience an outage or a loss of service?  Patch 5 has been stable for all?


Thanks


Dwane

Advocate

Re: Patch ACS 5.3

You can issue a show run to get name of the configured repository.

My environment has patch 4 installed and works just fine.

As long as both server entries are configured on all your network devices and you follow my steps above you are good to go.

If you experience any issues with patch 5 you can always remove it by using the acs patch remove command.

Thanks,

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*
Beginner

Patch ACS 5.3

Tarik,

My apologies for taking so long to respond.  I have done a show run on both devices and there is no mention of a repository.  I need to create one prior to upgrading patches, correct?  Can I do this by doing a configuration terminal and then just typing in a repository FTP and write memory?

And once that is done, I can FTP the file to the repository at this point by using the acs patch install?  How do I get the file from my desktop to the repository?  I cannot seem to find step by step instructions on the Cisco page but i will continue looking.

Thanks

Dwane

Advocate

Re: Patch ACS 5.3

Dwane,

I have installed the patch on any box, but you start with monitoring ACS (since that can take a little longer) to start the upgrade.

Yes you will need to create a repository first before installing a patch:

SSH: login > config t > repository name > url ftp://x.x.x.x/ > username password plain

After you create the repository,

acs patch install repository

that should get you going.

Here are the steps:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp151352

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*

Re: Patch ACS 5.3

Tarik: Is that correct even for version 5.3.0.40 without patched? can I upgrade to patch 8 (which is the latest now) by applying the patch to the secondary (then reboot) then the primary (then reboot) without having to remove the redunduncy configuration between them? and I can maintain the service up?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Rising star

Re: Patch ACS 5.3

Yes you can