Acs License File Installation Failed
Table of Contents
Release Notes for Cisco Secure Access Control System 5.3
Oct 1, 2010 - Hi Everyone, I installed ACS 5.1.0.44 on vmware server and. I got message ' License file installation failed: The license file failed to parse.' First we'll need to get the ACS.ISO file from www. Will boot up and automatically install ACS to the primary. Your password and enter a license. Security Cisco acs license file download. Acs License File Installation Failed. Cisco Secure Access Control System (ACS) 5.
Revised: July 20, 2016 OL-24203-01
These release notes pertain to the Cisco Secure Access Control System (ACS), release 5.3, hereafter referred to as ACS 5.3. These release notes provide information on the features, related documentation, resolved issues, and known issues for functionality in this release.
This document contains:
- Introduction
- New and Changed Features
- SFTP Copy
- Features Not Supported
- Supported Virtual Environments
- Supported Web Client/Browsers
- Installation and Upgrade Notes
- Resolved ACS Issues
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.1
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.2
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.3
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.4
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.5
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.6
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.7
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.8
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.9
- Resolved Issues in Cumulative Patch ACS 5.3.0.40.9
- Limitations in Different ACS Deployments
- Known ACS Issues
- Documentation Updates
- Product Documentation
- Notices
- Supplemental License Agreement
- Obtaining Documentation and Submitting a Service Request
Introduction
ACS is a policy-driven access control system and an integration point for network access control and identity management.
The ACS 5.3 software runs either on a dedicated Cisco 1121 Secure Access Control System (CSACS-1121) appliance, or on a VMware server. However, ACS 5.3 continues to support the CSACS-1120 appliances that you have used for previous releases of ACS that you can upgrade to ACS 5.3.
This release of ACS provides new and enhanced functionality. Throughout this documentation, CSACS-1121 refers to the appliance hardware, and ACS Server refers to the ACS software.
Note When you install ACS 5.3 or upgrade any older version of ACS to ACS 5.3, you are strongly recommended to install the cumulative patch 5.3.0.40.4 or a later patch as a part of this installation or upgrade process. This patch includes some important fixes that are related to the upgrade process and Active Directory operations. You must install this patch if you are using Active Directory as the identity store in ACS.
You can upgrade ACS using two methods. For more information on the upgrading ACS, see http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_upg.html#wp1194859.
If you use Re-imaging and Upgrading ACS Server method to upgrade ACS, then you must install the cumulative patch 5.3.0.40.4 or a later patch before restoring the backed up data from ACS 5.1 or 5.2 versions.
If you use Upgrading an ACS Server Using Application Upgrade Bundle method to upgrade ACS, then you must install the cumulative patch 5.3.0.40.4 or a later patch after the successful completion of the upgrade process.
Note that, while upgrading ACS with upgrade bundle method, some log collection related processes may not be restarted successfully. The log collection related processes will be restarted after installing the cumulative patch 5.3.0.40.4 or later. See Applying Cumulative Patches to install the cumulative patch in ACS.
Note ACS 5.3 does not retrieve domain local groups of users when you install patch 3 or a later patch.
Note When you import or export a.csv file from ACS 5.x, you need to turn off the popup blocker.
Note Cisco runs a security scan on the ACS application during every major release. We do not recommend you to run vulnerability scanning in ACS Production Environment because such an operation carries risks that could impact the ACS application. You can execute the vulnerability scan operation in a preproduction environment.
New and Changed Features
This release of ACS provides improved parity with 4.x. The following sections briefly describe the new and changed features in the 5.3 release:
- Dial-In Attribute Support
- PEAP(EAP-TLS)
- Policy and Identity Enhancements
- New CLI Commands
- View Log Message Recovery
- Programmatic Interface Enhancements
Dial-In Attribute Support
The Dial-In Attribute feature enhancement includes:
- Dial-in permissions
You can allow, deny, and control access of dial-in permissions of a user. The permissions are checked during authentications or queries from Active Directory. It is set on the Active Directory dedicated dictionary.
- Callback
You can set up callback options. The server calls the caller back during the connection process if this option is enabled. The phone number that is used by the server, is set either by a the caller or the network administrator.
PEAP(EAP-TLS)
The Protocol enhancements in ACS 5.3 includes:
- TACACS+ Proxy
You can use the proxy server to relay requests to remote AAA servers and return the responses from them to Network Devices.
- TACACS+ CHAP and MSCHAP authentication types are supported in ACS 5.3
- Attribute Substitution for TACACS+ shell profiles
Allows you to substitute a value of TACACS+ attribute to the value of another attribute from one of the available dynamic dictionaries on the shell profile configuration. For more information related to TACACS + Authentications, see User Guide for Cisco Secure Access Control System 5.3
- EAP Authentication Protocols
Supports EAP-TLS inner method for PEAP, in addition to EAP-MSCHAPv2 and EAP-GTC.
Policy and Identity Enhancements
The Policy and Identity enhancements in ACS 5.3 include:
- Display RSA node secret missing
Reports the status of a RSA Node Secret on the ACS Instance Setting section.
- Maximum user sessions
Allows you to restrict the user from too many concurrent user sessions. The permitted number of concurrent user sessions is between 1 and 65535.
For more information on this see, User Guide for Cisco Secure Access Control System 5.3
- Account Disablement
Allows you to disable the users of Internal Identity Store when the configured date is beyond the permitted date, the configured number of days are beyond the permitted days, or the number of consecutive unsuccessful login attempts, exceeds the threshold.
The default value for date exceeds is 30 days from the current date. The default value for days should not be more than 60 days from the current day. The default value for failed attempts is 5.
For more information on this, see User Guide for Cisco Secure Access Control System 5.3
- User Check Attributes
Allows you to create conditions that compares the values of two different attributes.
- Identity Sequence Advanced Options
ACS 5.3 authenticates the user in a sequence against the Identity Store. Now, it is possible to configure whether to proceed to the next identity source in a sequence when it is not possible to connect to the identity store. ACS goes to the next Identity Store when:
– A user is not found in the first Identity Store.
– An Identity Store is not available in the sequence
- User Password Type
Allows you to set the password type of users in internal identity stores. You can select any one of the external identity store names along with internal users, to indicate against which identity store, this user needs to be authenticated.
For more information on User Password Type, see
User Guide for Cisco Secure Access Control System 5.3.
- Additional Attributes available in the policy condition
Supports two new additional attributes in the policy condition. The administrator should customize the Simple or Compound Condition option in the rule table to use these two attributes.
– Authentication Identity Store
Enables you to configure the policy rule conditions based on the Authentication Identity Store.
For example: IF AuthenticationIdentityStore=LDAP_NY then reject”
This attribute contains the name of the Identity Store used and it is updated with the relevant Identity Store name after successful authentication.
– Number of Hours Since User Creation
Enables you to configure the policy rule conditions, based on the time at which the user was created in ACS Internal Identity Store.
For example: IF group=HelpDesk&NumberofHoursSinceUserCreation>48 then reject”
This attribute contains the number of hours since the user was created in Internal Identity Store to the time of the current authentication request.
- Wildcards for Hosts
Allows you to use wildcards while you add new hosts into the Internal Identity Store. It also allows you to enter wildcards (after you enter the first three octets) to specify all devices from the identified manufacturer. For more information on this, see
User Guide for Cisco Secure Access Control System 5.3.
- Network Device Ranges
Allows you to configure single or multiple ranges of IP address, using wildcards. The Exclude Range option allows you to exclude a set of IP address from the configured range. You can also filter devices, based on IP addresses.
- Look up Network Device by IP address
Allows you to search a network device, using its IP address. You can also use wildcards and the range to search a specific set of network devices.
New CLI Commands
The following are the new CLI commands in ACS 5.3:
- database-compress
database-compress reduces the ACS Database size with an option to delete the ACS Transaction table.
ACS administrators can run this command to reduce the database size. This helps to reduce the database size and the time taken for backups and full synchronization that is needed for maintenance. For more information on this command, see the CLI Reference Guide for Cisco Secure Access Control System 5.3
- acsview-db-compress
acsview-db-compress reduces the Monitoring and Report viewer database size. ACS administrator can run this command to reduce the Monitoring and Report viewer database size.
This command compresses the ACS Monitoring and Report viewer database by rebuilding each table in the database and releases the unused space. This reduces the physical size of the view database. For more information on this command, see CLI Reference Guide for Cisco Secure Access Control System 5.3.
View Log Message Recovery
ACS 5.3 provides a new feature to recover any logs that are missed when the view is down. ACS collects these missed logs and stores them in its database. Using this feature, you can retrieve the missed logs from the ACS database to the view database after the view is up.
To use this feature, you must set the Log Message Recovery Configuration as on. For more details on configuring the View Log Message Recovery, see
User Guide for Cisco Secure Access Control System 5.3.
Programmatic Interface Enhancements
ACS 5.3 provides a new configuration web service. This interface allows you to perform the CRUD (Create, Read, Update, and Delete) methods. The Configuration web services are implemented as REST interfaces over HTTPS. This support is only for the user definitions.
For more information on this, see
Software Developer’s Guide for Cisco Secure Access Control System 5.3.
SFTP Copy
In ACS 5.3, SSH File Transfer Protocol (SFTP) is implemented by Secure Copy Protocol (SCP).
Features Not Supported
The following features are not supported in ACS 5.3:
- The Create, Read, Update, and Delete (CRUD) operations for network device objects in REST PI.
- The Create, Read, Update, and Delete (CRUD) operations for end devices (hosts) in REST PI.
- Ability to provide IP addresses from IP address pools defined in ACS.
- Additional comparison operators for policy definitions such as full range or string and integers matching operators.
- Instance specific configuration
- Ability to show the IP address from where the request came, in the Failed Authentications report
- Ability to authenticate the users against an external ODBC database.
- RDBMS support for synchronization of user accounts with an external database.
- Online certificate status protocol (OSCP).
- Support for on VMware installations with less than 500 GB hard disk.
- Support for VMware Tools.
- Support for Multiple Network Interface Card (NIC).
- Remote Database with cluster setup is not supported.
Supported Virtual Environments
ACS 5.3 supports the following virtual environment platforms:
- VMware ESX 3.5
- VMware ESX 4.0
- VMware ESXi 4.1
- VMware ESXi 5.0
Supported Web Client/Browsers
You can access ACS 5.3 administrative user interface using the following Web Client/Browsers:
- Windows 7 32 bit
- Windows XP Professional (Service Pack 2 and 3)
- Windows Vista
- Internet Explorer version 7.x
- Internet Explorer version 8.x
- Internet Explorer version 9.x
- Mozilla Firefox version 3.x
- Mozilla Firefox version 4.x
The above mentioned browsers are supported only with one of the following cipher suits:
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- RSA_WITH_3DES_EDE_CBC_SHA
You should install Windows XP SP3 to use SHA2 256-bit certificates as management certificates.
Installation and Upgrade Notes
This section provides information on the installation tasks and configuration process for ACS 5.3. This section contains:
- Installing, Setting up and Configuring CSACS 1121
- Running the Setup Program
- Licensing in ACS 5.3
- Upgrading an ACS Server
- Applying Cumulative Patches
Installing, Setting up and Configuring CSACS 1121
This section describes how to install, set up and configure the CSACS 1121 Series appliance. The CSACS 1121 Series appliance is preinstalled with the software.
To set up and configure the CSACS 1121:
Step 1 Open the box containing the CSACS 1121 Series appliance and verify that it includes:
- The CSACS 1121 Series appliance
- Power cord
- Rack-mount kit
- Cisco Information Packet
- Warranty card
- Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler
Step 2 Go through the specifications of the CSACS 1121 Series appliance.
For more details, see Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3.
Step 3 Read the general precautions and safety instructions that you must follow before installing the CSACS 1121 Series appliance.
For more details, see Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3 and pay special attention to all safety warnings.
Step 4 Install the appliance in the 4-post rack, and complete the rest of the hardware installation.
For more details on installing the CSACS 1121 Series appliance, see
Installation and Upgrade guide for the Cisco Secure Access Control System 5.3.
Step 5 Connect the CSACS 1121 Series appliance to the network and connect either a USB keyboard and Video Graphics Array (VGA) monitor or a serial console to the serial port.
Figure 1 shows the back panel of the CSACS 1121 Series appliance and the various cable connectors.
Note For the initial setup, you must have either a USB keyboard and VGA monitor or a serial console running terminal-emulation software.
For more details, see Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3.
For information on installing ACS 5.3 on VMware, see Installing ACS in a VMware Virtual Machine chapter in the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3.
Figure 1 CSACS 1121 Series Appliance Rear View
The following table describes the callouts in Figure 1.
.
1 | AC power receptacle | 5 | (Blocked) Gigabit Ethernet 1 |
2 | (Blocked) Gigabit Ethernet | 6 | (In Use) Gigabit Ethernet 0 |
3 | Serial connector | 7 | USB 3 connector |
4 | Video connector | 8 | USB 4 connector |
Step 6 After completing the hardware installation, power up the appliance.
The first time you power up the appliance, you must run the setup program to configure the appliance. For more information, see Running the Setup Program.
Running the Setup Program
The setup program launches an interactive CLI that prompts you for the required parameters. An administrator can use the console or a dumb terminal to configure the initial network settings and enter the initial administrator credentials for the ACS 5.3 server that is using the setup program. The setup process is a one-time configuration task.
To configure the ACS Server:
Step 1 Power up the appliance.
The setup prompt appears:
localhost login:
Step 2 At the login prompt, enter setup and press Enter.
The console displays a set of parameters. You must enter the parameters as described in Table 1.
Matlab License File
Note You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.
Default | Description | ||
---|---|---|---|
Hostname | localhost | First letter must be an ASCII character. Length must be more that 2 but less than 20 characters. Valid characters are alphanumeric (A-Z, a-z, 0-9), hyphen (-), and the first character must be a letter. | Enter the hostname. |
IPv4 IP Address | None, network specific | Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. | Enter the IP address. |
IPv4 Netmask | None, network specific | Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. | Enter a valid netmask. |
IPv4 Gateway | None, network specific | Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. | Enter a valid default gateway. |
Domain Name | None, network specific | Cannot be an IP address. Valid characters are ASCII, any digit, hyphen (-), and period (.) | Enter the domain name. |
IPv4 Primary Name Server Address | None, network specific | Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. | Enter a valid name server address. |
Add/Edit another nameserver | None, network specific | Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255. | To configure multiple name servers, enter Y. |
Username | admin | The name of the first administrative user. You can accept the default or enter a new username. Must be more than 2 but less than 9 characters, and must be alphanumeric. | Enter the username. |
Admin Password | None | No default password. Enter your password. The password must be at least six characters in length and have at least one lower case letter, one upper case letter, and one digit. In addition:
| Enter the password. |
After you enter the parameters, the console displays:
Enter hostname[]: acs-server-1
Enter IP default netmask[]: 255.255.255.0
Enter default DNS domain[]: mycompany.com
Add/Edit another nameserver? Y/N : n
Enter password:
Pinging the gateway..
Do not use `Ctrl-C' from this point on..
Installing applications..
Generating configuration..
After the ACS server is installed, the system reboots automatically. Now, you can log into ACS with the CLI username and password that was configured during the setup process.
You can use this username and password to log into ACS using only the CLI. To log into the GUI, you must use the predefined username ACSAdmin and password default.
When you access the GUI for the first time, you are prompted to change the predefined password for the administrator. You can also define access privileges for other administrators who will access the GUI application.
Licensing in ACS 5.3
To operate ACS, you must install a valid license. ACS prompts you to install a valid license when you first access the web interface.
Each ACS instance (primary or secondary) in a distributed deployment requires a unique base license.
This section contains:
- Types of Licenses
- Auto-Installation of Evaluation License
Types of Licenses
Table 2 lists the types of licenses available in ACS 5.3.
Description | |
---|---|
Base License | The base license is required for all deployed software instances, as well as for all appliances. The base license enables you to use all ACS functions except license controlled features, and it enables standard centralized reporting features. The base license:
The following are the types of base licenses:
The number of devices is determined by the number of unique IP addresses that you configure. This includes the subnet masks that you configure. For example, a subnet mask of 255.255.255.0 implies 256 unique IP addresses, and hence the number of devices is 256. |
Add-On Licenses | Add-on licenses can only be installed on an ACS server with a permanent base license. A large deployment requires the installation of a permanent base license. The Security Group Access feature licenses are of three types: Permanent, Eval, and NFR. However, the permanent Security Group Access feature license can be used only with a permanent base license. |
Auto-Installation of Evaluation License
If you are using a virtual machine (VM) for ACS with disk space between 60 GB and 512 GB, ACS automatically installs the evaluation license. However, you can also get the evaluation license and install it manually on the ACS server.
If you use an ACS server with less than 500 GB hard disk space, Cisco does not provide support for scalability, performance, and disk space-related issues.
For more information on installing ACS 5.3 on VMware, see Installing ACS in a VMware Virtual Machine chapter in the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3.
Upgrading an ACS Server
See Installation and Upgrade Guide for Cisco Secure Access Control System 5.3 for information on upgrading your ACS Server.
Applying Cumulative Patches
Periodically, patches will be posted on Cisco.com that provide fixes to the ACS 5.3. These patches are cumulative. Each path includes all the fixes that were included in previous patches for the release.
You can download ACS 5.3 cumulative patches from the following location: http://www.cisco.com/cisco/web/download/index.html
To download and apply the patches: Network Management > Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.3.
Step 1 Log into Cisco.com and navigate to Network Management > Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.3.
Step 2 Download the patch.
Step 3 Install the ACS 5.3 cumulative patch. To do this:
a. Enter the following acs patch command in the EXEC mode to install the ACS patch:
acs patch install patch-name.tar.gpg repository repository-name
ACS displays the following confirmation message:
Installing an ACS patch requires a restart of ACS services.
Would you like to continue? yes/no
Step 4 Enter yes.
The ACS version is upgraded to the applied patch. Check whether all services are running properly, using the CLI show application status acs from the EXEC mode.
Resolved ACS Issues
Table 3 lists the issues that are resolved in ACS 5.3.
Description | |
---|---|
CSCtg36142 | Indication of secureid file did not work properly in the Node Secret set. This problem is resolved now. |
CSCta75080 | MSCHAP authentication with UTF8 SAM & NETBIOS did not work against AD in Centrify configuration. This problem is resolved now. |
CSCtb99448 | An error was displayed in ACS Management log while performing PAP Authentication. This problem is resolved now. |
CSCte57427 | SNMP location and contact information were not saved on reboot in ACS 5.1. This problem is resolved now. |
CSCte70665 | An error message was displayed while launching the Authentication Trend page from the Dashboard. This problem is resolved now. |
CSCte98032 | ACS 5 partitions were not aligned properly when they were installed on VMware. This problem is resolved now. |
CSCtf09891 | Remote log targets did not accept classless IP formats. This problem is resolved now. |
CSCtf77292 | The Evaluation of domain local groups resulted in delayed authentication [AD PERF]. This problem is resolved now. |
CSCtg62673 | The Feature license with & character in the company name could not be loaded. This problem is resolved now. |
CSCtg71016 | Primary and Secondary servers did not accept same server certificates. This problem is resolved now. |
CSCth66492 | Recovery mechanism was required while reconnecting the log-collector. This problem is resolved now. |
CSCti00159 | Network did not function properly when the MAC address of the host was changed in ACS 5 on VMware. This problem is resolved now. |
CSCti30276 | Admin users could not log in after a password reset. This problem is resolved now. |
CSCti36058 | The user authentication is ACS 5.1 failed while searching for the server in a remote domain. This problem is resolved now. |
CSCti70509 | In ACS 5, Restored DB from TFTP may result in corrupted configuration. This problem is resolved now. |
CSCti95750 | The filter did not show any result in ACS 5.1 while using a filter for AD groups in AD1:ExternalGroups. This problem is resolved now. |
CSCtj58965 | AD page did not load when there were issues in DNS or DCs. This problem is resolved now. |
CSCtj61100 | When adding three IP name-server through CLI, you were prompted to restart ACS three times. This problem is resolved now. |
CSCtj68184 | Evaluation License for AM&R was not being overwritten. This problem is resolved now. |
CSCtk32478 | CPU utilized high memory related to CDPD process in VMware. This problem is resolved now. |
CSCtk32664 | ACS sent change-pass request to a wrong ID -store in the sequence. This problem is resolved now. |
CSCtk76151 | Changing NIC's IP address caused NTP to go out of synchronization. This problem is resolved now. |
CSCtk82961 | RADIUS Proxy did not forward unknown attributes. This problem is resolved now. |
CSCtl05923 | Remote DB sql schema related information has to be updated for export run failed operation in ACS 5.3 documents. This problem is resolved now. |
CSCtl07445 | Negative integer in AV pair caused exception for ACS Log Collector. This problem is resolved now. |
CSCtl07664 | Unable to change the Error code. This problem is resolved now. |
CSCtl11307 | SNMP preferences setting existed in a wrong place on the ACS VIEW. This problem is resolved now. |
CSCtl42972 | Runtime process restarted after adding Shell Profile. This problem is resolved now. |
CSCtl52327 | ACS LDAP authorization was case sensitive. This problem is resolved now. |
CSCtl84778 | Sometimes two processes did not run after ACS reboot. This problem is resolved now. |
CSCtl85457 | The unreachable servers from DNS SRV resulted in a delay in ACS. This problem is resolved now. |
CSCtn05827 | The enable password option in TACACS did not work properly. This problem is resolved now. |
CSCtn13731 | Importing or updating TACACS+ devices need COA field to be filled. This problem is resolved now. |
CSCtn18359 | When ACS CLI password expires with password policy cannot be reset. This problem is resolved now. |
CSCtn21381 | CDP data containing & character resulted in show run to fail. This problem is resolved now. |
CSCtn26604 | ACS 5 did not support UNICODE characters in certificates. This problem is resolved now. |
CSCtn62214 | Could not import the.CSV file when the custom attribute was defined for local user/hosts. This problem is resolved now. |
CSCtn67457 | Dynamic attributes in authorization profiles stopped working after it was changed. This problem is resolved now. |
CSCtn76469 | Setting RADIUS accounting on got rejected with 11014 msg. This problem is resolved now. |
CSCtn78315 | Backing up data failed while using SFTP if it was not transferred within 60 seconds. This problem is resolved now. |
CSCtn81510 | ACS 5 documents did not have clear information on getACSViewWebServicesPort() for M&R. This problem is resolved now. |
CSCto09231 | ACS Interpreted Username in NetBIOS Format with Dot in DOMAIN as DNS. This problem is resolved now. |
CSCto09337 | ACS had problems with Network device filter using location or dev type.This problem is resolved now. |
CSCto42187 | EAP Authentication Method was not available for policy during PEAP fast reconnect. This problem is resolved now. |
CSCto72525 | Writing a Custom application to integrate M&R generated errors. This problem is resolved now. |
CSCto72918 | ACS 5.2 did not support Unicode characters in AAA client shared secret. This problem is resolved now. |
CSCto77214 | When ACS was overloaded, an error server workspace storage appeared. This problem is resolved now. |
CSCtq07534 | ACS 5 did not verify RSA keys for SFTP repositories. This problem is resolved now. |
CSCtq15610 | ACS Intermittent was Disconnected from AD. This problem is resolved now. |
CSCtq17598 | Runtime services failed to start in a shell profile attribute. This problem is resolved now. |
CSCtq46433 | ACS 5: Web page errors were found while filtering the device using IE8 if the device contain u. This problem is resolved now. |
CSCtq61094 | AD configuration affected the ACS Runtime process. This problem is resolved now. |
CSCtq61125 | ACS did not follow the identity store sequence. This problem is resolved now. |
CSCtq61267 | The password was not accepted after installing ESXi 4.x. This problem is resolved now. |
CSCtq62007 | Unable to save AD configuration when only user name or password was changed. This problem is resolved now. |
CSCtq64672 | Failure reason editor under System Configuration displayed an error for COD. This problem is resolved now. |
CSCtq65124 | ACS 5.2: Boolean LDAP attribute was incorrectly interpreted by ACS. This problem is resolved now. |
CSCtq76307 | CLI documentation did not have the updated SFTP information. This problem is resolved now. |
CSCtq78681 | Group Queries to Virtual Directory Server failed to return results. This problem is resolved now. |
CSCtr23536 | ACS 5.2: Appending domain name to SAN when trying to match account in AD resulted in the user not being found in external store database and a failed authentication. This problem is resolved now. |
CSCtr24473 | Radius Request were dropped by ACS without any explanation. This problem is resolved now. |
CSCtr43053 | The port attribute could not be used to match the rule if you used ASCII as authentication type for TACACS + authentications. This problem is resolved now. |
CSCtr57687 | ACS 5.x documents did not have the information on Replicated Items. This problem is resolved now. |
CSCts55739 | ACS 5.2Configuration Guide did not explain the failover scenarios. This problem is resolved now. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.1
Table 4 lists the issues that are resolved in the ACS 5.3.0.40.1 cumulative patch.
You can download the ACS 5.3.0.40.1 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtn94094 | Web interface for compound rules uses non-standard boolean notation. |
CSCts38477 | In ACS 5.2 Compound Condition, replacing 'And' logic with 'Or' Duplicate of CSCtn94094. |
CSCtq81172 | Admin Wen interface takes time to load for large NDG tree. |
CSCtg51846 | Enum values are not shown in compound conditions in the rule. |
CSCto73527 | Network Device Filter fails with AND Condition while using Location and Device Type. |
CSCts17763 | ACS may crash when Shell Profile name contains special characters. |
CSCtq76294 | Need an alert to be triggered when backup operation fails. |
CSCts40901 | Shared secret key is displayed in clear text. |
CSCtq80926 | Select option is not working in Compound condition> LDAP > External groups. |
CSCts61733 | Bulk CRUD operations for Shell Profile Custom Attributes. |
CSCtr78192 | Multiple vulnerabilities in the Cisco ACS 5 web interface. |
CSCts85741 | Possible SQL injection point in ACS 5.2. |
CSCtr78143 | Multiple Cross--Site Request Forgery and stored XSS in ACS 5.2. |
CSCtu15651 | ACS view upgrade failure. |
CSCtu07065 | ACS 5.2 to 5.3 upgrade fails. |
CSCts23451 | ACS 5.x needs to update the RSA SecureID API. |
CSCtu36433 | ACS 5.3 web interface gives very slow access after an upgrade from ACS5.2 |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.2
Table 5 lists the issues that are resolved in the ACS 5.3.0.40.2 cumulative patch.
You can download the ACS 5.3.0.40.2 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtw97686 | Could not edit the ACS 5.2 users after upgrading the system to AS 5.3. |
CSCtu74476 | MAC address format is inconsistent in activity reports. |
CSCtn26538 | EAP-TLS reauthentication fails - principal username is missing. |
CSCte39351 | The SNMP agent process in ACS appliance daemon stops. |
CSCtu89783 | ACS 5 password expiration policy triggered for token users. |
CSCtt14745 | Cannot add groups to LDAP identity store. |
CSCtt17019 | ACS 5.x has issues while retrieving additional AD groups when referenced in rule. |
CSCtt21122 | Cannot import the command sets if you have the character slash ( /) in the argument. |
CSCto95888 | sh acs-logs details command does not display local store log file names. |
CSCtw64212 | view-logprocessor Process gets stuck and the status is shown as not monitored. |
CSCtu36357 | ACS 5 cannot duplicate user accounts. |
CSCtw67208 | Administrative and Operational Audit logs are not getting recorded in ACS. Sarah's about to come downstairs, and she's going on her date tonight. Cheaper by the dozen script pdf. She looks a little different, so I would really appreciate it if you guys could give her the respect that you never gave me, and not ridicule her style choices before she enters the world of multi-gender interaction. So go about your little chores and act completely natural. I need everybody's attention. |
CSCtw56498 | TACACS+ 'enable' request is dropped in unknown authentication type. |
CSCtw97877 | Installing a patch after 5.3 upgrade did not reduce the network device page loadtime. |
CSCtx19470 | ACS 5 shows an runtime error while trying to login to the GUI when all process are running properly. |
CSCtx53340 | NIL-CONTEXT error causes TACACS+ failure in ACS 5.3 TCP Listener Process. |
CSCto88134 | Temporary table was missing in 5.2 database after the restoring 5.1 backup. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.3
Table 6 lists the issues that are resolved in the ACS 5.3.0.40.3 cumulative patch.
You can download the ACS 5.3.0.40.3 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtx11180 | Sometimes, ACS fails to fetch the group info for users in trusted domain |
CSCty19628 | Unassigning MS-CHAPV2 group retrieval fails. It is a duplicate of the bug CSCtx11180. |
CSCtw59129 | ACS5 tries to contact the domains which are not in trusted list, based on the username. |
CSCty11627 | ACS5 sends MS-CHAP-MPPE-Keys attribute in all access-accept packets. |
CSCtw71563 | ACS gets disconnected from AD if it receives duplicate A records for DC. |
CSCtx90637 | ACS MS-CHAPV2 is not hashing the MS-CHAP success correctly. |
CSCtu15832 | ACS 5.2 does not recover from an RPC failure with a domain controller. |
CSCtx71254 | ACS 5.3 is disconnecting from AD and unlatch is seen in ADclient logs. |
CSCtx18638 | Cannot add custom shell attribute with the keyword alert. |
CSCtx83260 | NDG locations are not showing up on the web interface. |
CSCts14694 | Accounting requests are seen as authentication requests. |
CSCty60512 | User authentication fails when having Authorization rule with built-in group. |
CSCty60915 | ACS 5.3 pre-authentication gets failed with AD for some users. |
CSCtz03041 | AD Agent cores management. |
CSCty88457 | ACS support bundle does not include ADclient core files. |
CSCtz03084 | /opt and /var full-Large AD Agent file contains file descriptor errors. |
CSCtz03036 | AD Agent cache should be flushed when core is generated. |
CSCtz03943 | ACS exposes the AD account username and password. |
CSCtz03211 | ACS 5.3 sends multiple authentication attempts to Active Directory. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.4
Table 7 lists the issues that are resolved in the ACS 5.3.0.40.4 cumulative patch.
You can download the ACS 5.3.0.40.4 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtz35383 | Restoring ACS 5.1 and 5.2 backup on ACS 5.3 patch 3 fails. |
CSCtz35418 | Unexpected error occurs while selecting the maximum user session after restoring the backup. |
CSCua46796 | LDAP connection is interrupted for one minute every 10 hours due to Kerberos TGT expiration. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.5
Table 8 lists the issues that are resolved in the ACS 5.3.0.40.5 cumulative patch.
You can download the ACS 5.3.0.40.5 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtu21456 | ACS 5.x: Intermittent password change is not working in secondary ACS. |
CSCtx12249 | ACS 5.x: ACS does not support TACACS Service 0x1a (Auth-Proxy). |
CSCty48702 | ACS 5.3 cannot export data to Oracle. |
CSCtx68133 | Some Secondary ACS machines show status as offline when the setup is idle. |
CSCtx57296 | ACS fails to open the view log collector with an irresolvable hostname in the primary machine. |
CSCtx72675 | ACS supports repository user name with domain name. |
CSCtx55824 | ACS 5.x: SQL schema file for view database export is incorrect. |
CSCtu19690 | Random Parse error alarms are triggered due to the radius accounting messages. |
CSCtx90623 | ACS web server is vulnerable to the HTTP slow header attack. |
CSCty80996 | Admin user with ResetUserPassword privilege cannot reset user passwords. |
CSCty18371 | Users without enable password option are able to set their own authentication password. |
CSCtx40345 | MAC addresses shown on end station filter list are incorrect. |
CSCtx32481 | Description is shown as null while importing NDG without a description. |
CSCty16614 | Resource not found or internal server error is seen with bulk filter option in ACS. |
CSCtx71963 | ACS 5.2: Bulk update of users ignores the changes that are made in the custom boolean attribute. |
CSCtz31830 | In some scenarios, Active Directory web interface group retrieval feature takes a long time to respond. |
CSCtz42111 | Password expiry timer is not replicated after changing the password using TACACS+. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.6
Table 9 lists the issues that are resolved in the ACS 5.3.0.40.6 cumulative patch.
You can download the ACS 5.3.0.40.6 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCtz24314 | ACS 5.x runs out of disk space. |
Download yuri's revenge. CSCtz49470 | In ACS 5.3, you can create and restore the ACS View database from a support bundle without the help of a root patch. |
CSCty53608 | Core file with 4000 users is generated in TACACS+ proxy. |
CSCty75050 | In ACS 5.3, CHAP authentication for TACACS+ fails. |
CSCtx03590 | Adding NDG filter with “Replace from File” fails. |
CSCty92102 | RADIUS proxy does not process the response from an external RADIUS server. |
CSCtz09614 | Validation error that results in an ACS runtime crash occurs while editing the end station filters. |
CSCtz91356 | Evaluation of Local groups lead to an increase in time delay during authentication. |
CSCtz83523 | AD client crashes because of the passwords with non-UTF-8 characters in it. |
CSCty64763 | Multiple groups are selected in authorization policy. |
CSCua01925 | SNMP monitoring cron job is deleted when you configure a scheduled backup. |
CSCua51373 | Support for On Demand Purge in ACS View. |
CSCua60625 | ACS View database restore fails when there is enough space available in /opt. |
CSCua51804 | ACS View backup fails even when there is enough disk space available. |
CSCua60611 | Runtime service memory utility is increasing during TACACS+ authentication and accounting requests. |
CSCty97947 | Importing large scale configurations in ACS results in runtime memory errors upon restart. |
CSCub17638 | Replication fails when you import devices in to the primary server. |
CSCua69912 | Config database gets corrupted after changing the authorization profile name which results in an internal error while accessing the web interface. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.7
Table 10 lists the issues that are resolved in the ACS 5.3.0.40.7 cumulative patch.
You can download the ACS 5.3.0.40.7 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCua66744 | The ACS view database transaction log reaches more than 50 GB, which fills the /opt partition size. |
CSCtq46211 | The Lexmark Printer works fine with ACS 4.x, but it is not working properly with ACS 5.x versions. |
CSCtx53223 | ACS 5.3 fails to join AD domain, and the Centrify license is missing when you upgrade ACS from its previous versions. |
CSCtx63760 | Scalability issue: ACS drops TACACS+ requests due to a high connection rate. |
CSCtx56129 | The ACS 5.x replication service fails because it cannot bind to port 2030. |
CSCua67150 | The network device is not recorded in the RADIUS Authentication logs. |
CSCub15396 | ACS 5.3 does not support blank spaces in the TACACS shared secret key. |
CSCua90369 | ACS 5.x is creating the error message: ShellProfile.ERROR..DeviceAttrFactory.cpp:29. |
CSCtw84073 | Unable to enter acs-config in the ACS CLI. |
CSCua81734 Bombay velvet movie torrent download. | In ACS 5.x, Identity groups are truncated when you use Internet Explorer 8.x version. |
CSCty57491 | ACS health logs are purged incorrectly. |
CSCub46074 | ACS 5.3 response is very slow with a large number of identity groups. |
CSCub40278 | XSS vulnerabilities were found in ACS view pages. |
CSCub40291 | CSRF vulnerabilities were found in ACS 5.3. |
CSCub40498 | The password field in ACS 5.3 has the autocomplete operation enabled. |
CSCub40527 | Unauthenticated download flaws were found in ACS 5.3. |
CSCub40480 | Cookie vulnerabilities were found in ACS 5.3. |
CSCuc65634 | TACACS+ authentication bypass vulnerabilities were found in ACS 5.3. |
CSCub98158 | The replication is not working when you register or deregister a secondary ACS instance. |
Note Internet Explorer and Mozilla Firefox have a password auto completion option to remember the passwords entered via browsers. This operation is disabled in ACS 5.3 Patch 7 due to security issues. If you have enabled the password auto completion option, then you must install patch 7 and clear the cache manually to overcome this security issue.
Resolved Issues in Cumulative Patch ACS 5.3.0.40.8
Table 11 lists the issues that are resolved in the ACS 5.3.0.40.8 cumulative patch.
You can download the ACS 5.3.0.40.8 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCuc31452 | In ACS 5.3, exporting users to.csv file is not working properly. |
CSCtn99545 | Administrators with numerical username are unable to use the dashboard. |
CSCuc80049 | Editing device filters results in validation error and ACS runtime to crash. |
CSCuc28306 | Unable to export the ACS_Log_Information from ACS view to a.csv file. |
CSCub98880 | Sometimes, the details icon in the troubleshooting reports page is not shown. |
CSCuc68843 | Secondary ACS server is reported to be in Local mode incorrectly |
CSCuc93106 | Upgrading from ACS 5.3 to ACS 5.4 fails. |
CSCuc11436 | In ACS 5.3, promoting a secondary ACS remotely from a primary ACS fails. |
CSCuc06451 | ACS cannot find the global catalogs. |
CSCub82913 | ADclient cache issue - Authentication fails when you change the OU in multiple domain controller environment. |
CSCud06310 | TCP socket exhaustion causes ACS 5.x to crash. |
CSCub60424 | Unable to register ACS in the deployment while the import operation is in progress. |
CSCuc08568 | Unable to register machines to the deployment. |
CSCtx45515 | PI REST support for Network Devices, Device Groups, and Hosts. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.9
Table 12 lists the issues that are resolved in the ACS 5.3.0.40.9 cumulative patch.
You can download the ACS 5.3.0.40.9 cumulative patch from the following location:
http://www.cisco.com/public/sw-center/index.shtml
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCud40928 | The secondary instance management process remains in initializing state after deregistering it from the deployment. |
CSCue86879 | Added NTP service as a part of ACS services in ACS 5.3. |
CSCud88921 | NTP fails for some time after changing the local clock time. |
CSCue35765 | An invalid alarm is shown that says, “DBPurge is not running for the past two days.” |
CSCue43289 | Rules in Access Policies are pushed to the end of the list when you use filter to search or make any changes in them. |
CSCud75174 | Client-side filtering option in ACS leads to XSS Attack |
CSCud75177 | CSRF vulnerabilities found in ACS admin and ACS view pages. |
Resolved Issues in Cumulative Patch ACS 5.3.0.40.10
Table 13 lists the issues that are resolved in the ACS 5.3.0.40.10 cumulative patch.
You can download the ACS 5.3.0.40.10 cumulative patch from the following location:
http://software.cisco.com/download/navigator.html?a=a&i=rpm
Refer to “Applying Cumulative Patches” section for instructions on how to apply the patch to your system.
Description | |
---|---|
CSCur00511 | ACS evaluation for CVE-2014-6271 and CVE-2014-7169. |
Note It is highly recommended to execute the Reboot operation when the patch installation process prompts for it.
Limitations in Different ACS Deployments
ACS 5.3 has the following limitations with respect to Small, Medium, and Large deployment scenarios.
Small | Large | ||
---|---|---|---|
Users | 1000 | 10000 | 300000 |
Hosts | 100 | 1000 | 50000 |
Identity Group | 10 | 200 | 1000 |
Network Devices | 100 | 5000 | 50000 |
Network Device Groups | 2 (default) | 2 (default) | 2 (default) |
Device Hierarchies | 2 | 3 | 6 |
All Locations | 5 | 10 | 20 |
All Device Types | 5 | 10 | 20 |
Services | 2 | 5 | 25 |
Authorization Rules | 5 | 25 | 320 |
Conditions | 3 | 5 | 8 |
Authorization Profile | -- | -- | 600 |
SSP | 5 | 25 | 50 |
Result Sets | 1 | 2 | 3 |
NARs | 50 | 500 | 3000 |
ACS Instances | 1-2 | 3-6 | 7-10 |
ACS Admins | 5 | 15 | 50 |
2 roles | 5 roles | 9 roles | |
dACLs | 1K Size | 1K Size | 600 dACL with 100 ACEs each |
Known ACS Issues
This section lists the known issues for the ACS 5.3 release.
Table 15 lists the known issues in ACS 5.3. You can also use the Bug Toolkit on Cisco.com to find any open bugs that do not appear here.
Description | |
---|---|
CSCtl08320 AD is down in Add Attribute list, PEAP/EAP-fast MSCHAP auth marked fail | The PEAP-GTC and EAP-FAST-GTC authentications are marked as Passed (green line in log) when attribute retrieval phase fails, and the FailOpen option is configured as DROP. This problem occurs when Identity Sequence configured in such a way that authentication phase passes but attribute retrieval phase fails. The default FailOpen option for a failed process is DROP' Workaround: None |
CSCtl10839 Break sequence fails for the same User authentication when AD is down (because of cache) | Attribute retrieval tries to retrieve groups from AD which is Down, and then continues to Next ID store in the Additional Attribute retrieval list. This occurs although you have selected the break sequence option. This problem occurs when you: 1. Configure ACS as: – AD with groups, with no attributes. – Identity Sequence: Authentication ID Stores list is Internal – Additional Attribute retrieval list is {AD, Internal, Radius server (or any other)} 2. Select the break sequence option. 3. Authenticate using AD. 4. Shut down AD. 5. Authenticate using Identity Sequence. Workaround: None |
CSCtl93760 Search option does not work for MAC Address | Unable to list out the MAC addresses that are in the database. This problem occurs when you create MAC addresses using wildcards and then try to list a single MAC address while searching. Workaround: Use other options such as starts with. |
CSCtl95969 Sometimes Machine Authentication fails in Odyssey supplicant | Odyssey supplicant sometimes fails in machine authentication. The authentication fails and displays the message Workaround: 1. Select the EAP-TLS authentication as authentication type in Odyssey supplicant. EAP-TLS authentication passes. 2. Change the authentication type to PEAP-TLS. This makes the machine work well with Odyssey supplicant. |
CSCtn19739 TLS Session Resume fails in PEAP-TLS with CSSC/Odyssey supplicant. | TLS Session Resume fails in PEAP-TLS with CSSC/Odyssey supplicant. This problem occurs when you enable the TLS session resume in ACS and perform an authentication with the CSSC/Odyssey client. Workaround: None |
CSCtn49931 Management processes do not come up after the application upgrade | Management processes are not restored when ACS services gets restarted. This issue is not consistent. This problem occurs sometimes when you restart ACS services. For example, after upgrading ACS 5.2 to 5.3. Workaround: Restart the ACS services manually. |
CSCto29474 Bulk edit is not supported for maximum session group value. | There is no option for bulk editing groups. This problem occurs when there are many identity groups. (For example. 50 or more) It is difficult to edit the values for the groups one by one and there is no option to update many groups together. Workaround: Use the Import option to update the maximum session value for many groups at the same time. |
CSCto52767 Centrify: Wrong user is being authenticated. | The wrong AD user is authenticated. This problem occurs when you mix and match UPN and NetBios names for two given user. For example: 1. Enter user 1 as: UPN: a1 NETBIOS:a2 psw : www123!@# user 2: UPN: a2 NETBIOS:a1 psw : ttt123!@# 2. Authenticate the first user as user : a1 psw: www123!@# 3. Authenticate the second user as user : a2 psw: ttt123!@# Any one of the above two authentications fails. Workaround: Make sure AD user names are consistent and avoid naming conventions such that UPN and NetBios of different users are identical. |
CSCto56190 AD interface operations take a long time if LDAP SSL is not enabled in AD. | AD interface operations (test connect, select groups, and select attributes) take a long time if LDAP SSL is not enabled in AD. The delay time in such cases, is the number of domain controllers in the domain in the same site as ACS * 15 seconds This problem occurs if:
Workaround: Configure or enable LDAP SSL on AD domain controllers |
CSCtq12058 Log level set to debug for Monitoring and Collector log but it shows the warning logs. | The Debug logs are not displayed in the Monitoring and Collector log. Default warning logs are displayed even after the log level is set to Debug. This problem also occurs while the system performs Authentication. Workaround: Restart ACS |
CSCtq34427 CARS: Centrify imposed host name limitation of 15 characters | AD account is created only for the latest machine that is joined to the AD, while joining multiple hosts. This problem occurs if hosts have:
Workaround: When working with AD, the hostname length should not be more than 15 characters or the 15 character prefix for each host name should be unique. |
CSCtq45439 Core file of management is generated while running stress in ACS | The management process crashes on a secondary ACS server in a distributed deployment and a core file is generated. This problem occurs when a heavy authentication stress is applied to the primary server for a long time (one or two days). Workaround: None. |
CSCtq52001 It is possible to install non CA certificates under CTL. | ACS allows you to install non CA certificates under Certificate Authorities. This problem occurs because a CA certificate has the keyCertSign bit under Key Usage attribute. It is possible to install a non CA certificate without this bit. Workaround: Make sure the installed certificate is indeed a CA certificate. |
CSCtq52032 No checks for the type of certificate while installing the server certificate | Invalid server certificate (such as, one that can be used for client authentication only) can be installed as a server certificate in ACS This problem occurs when you install a client certificate (such as, extended key usage set to be 'Client Authentication' only) as a server certificate in ACS Workaround: Verify the extended key usage, manually. |
CSCtq61557 Cannot create AAA client after an error message appears in the Network Device Ranges. | Unable to create AAA client, after an error message appears. This problem occurs if you: 1. Create an AAA client with IP Ranges and enter an invalid character in the Exclude option. The interface displays an error. 2. Delete the Exclude value and add the IP and click Submit. The AAA client is not created. Workaround: 1. Edit the IP and enter a proper Exclude value 2. Add the AAA client. 3. Click Cancel and create the AAA client with the proper Exclude value. |
CSCtq67174 The username in the view displays an invalid escape character at line 1 column 2. | If you click on a username that contains the character ! in it, an error appears. This problem occurs if the username contains the ! character in it. Workaround: Remove the character! from the username. |
CSCtq80926 Select option gets disabled while selecting the string enum attribute. | The Select option is disabled and you cannot select the groups configured under Compound Condition and LDAP External Groups. This problem occurs if you select Authorization > Customize selected compound condition, under Compound condition > LDAP > External groups. This applies to LDAP and AD External groups configuration. Workaround1: Select some other attribute with a different dictionary, to enable the Select option for all types of attributes. Workaround 2: Select the external groups under Customize > LDAP: External groups in both Authorization and Group mapping. |
CSCtr56396 Filtering Network Devices according to the new NDG type. | You do not get the correct records that match the filter, if you try to filter Network Devices according to the value of the Network device group that is added after adding the Network Devices. This problem occurs when a new NDG is created after adding the Network Devices. Workaround: Create the NDG before adding the Network Devices |
CSCtr74964 Wrong error message is displayed when you try to change the password of an LDAP user. | An error message This problem occurs if you change the password while performing TACACS+ authentication for a user account located on an LDAP server Workaround: Ignore the incorrect error message. |
CSCtr95923 Log messages are recovered after Restore. | Log recovery feature retrieves the missing logs after Restore. This problem occurs when you take a backup of the view with the Log recovery feature enabled and then restore the backup in same setup. Workaround: Disable the feature for 5 minutes and then enable it. This prevents it from restoring the old logs. |
CSCts07491 NDG: Duplicate option does not work | You cannot create a duplicate for an existing NDG. This problem occurs if you want to create a new NDG by duplicating the existing NDG. In this case, the duplication does not work properly. Workaround: Create a new NDG using the Create option. |
CSCts08356 ACS follows internal identity sequence twice when Fast Reconnect is enabled. | ACS performs the attribute retrieval twice in Internal ID store for a non-existent user. This occurs when authenticating by PEAP with fast reconnect enabled with W7 supplicant. This problem occurs when ACS is configured with the following identity store sequence: AD + Internal and PEAP-MSCHAP with fast reconnect. Here a user is configured in AD but not in the Internal ID store. When you are negotiating PEAP fast reconnect, the supplicant returns the result as TLV failure and then an inner method is invoked. The user is successfully authenticated in AD. The attribute retrieval is performed twice in Internal ID store (both unsuccessful since the user is not found). The following log messages appear in the log: 22023 Proceed to attribute retrieval 22038 Skipping the next IDStore for attribute retrieval because it is the one we authenticated against 24210 Looking up User in Internal Users IDStore - ram 24216 The user is not found in the internal users identity store. 22038 Skipping the next IDStore for attribute retrieval because it is the one we authenticated against 22015 Identity sequence continues to the next IDStore 24210 Looking up User in Internal Users IDStore - ram 24216 The user is not found in the internal users identity store. 22016 Identity sequence completed iterating the IDStores Workaround: Configure the PEAP fast reconnect in the W7 supplicant correctly, so Fast Reconnect is enabled. |
CSCts31991 AD join may fail when there are multiple DNS entries in ACS | ACS fails to join to AD This problem occurs when there are multiple IP name-server entries configured in an ACS configuration CLI, but not all of the IP name-server entries are configured with Active Directory DNS Records. It occurs where the AD DNS responds slower than the corporate DNS or if there is a DNS that does not resolve in AD DC/GC SRVs Workaround1: Ensure that all IP name-server entries have the required configuration for Active Directory. This way, the fastest responding name server will have the required Active Directory configuration. Workaround 2: Configure ACS 5.3 to use only a specific name server that has the required Active Directory configuration. Use the ACS 5.3 CLI to do this. The ACS administrator should: 1. Log into the ACS configuration mode using the command acs-config. 2. Use ad-agent-configuration dns.servers to set the IP of the correct IP name-server to use. For example, if the name of the server to use is 10.56.60.150, then the following commands should be entered, using the ACS 5.3 CLI: cd-acs5-13-50/admin# acs-config Escape character is CNTL/D. Username: acsadmin Password: cd-acs5-13-50/acsadmin(config-acs)# ad-agent-configuration dns.servers 10.56.60.150 Performing AD agent internal setting modification is only allowed with ACS support approval. continue (y/n)? cd-acs5-13-50/acsadmin(config-acs)# show ad-agent-configuration dns-servers dns-servers: 10.56.60.150 cd-acs5-13-50/acsadmin(config-acs)# exit This operation should be performed when the ACS machine is joined to the required domain for each server in the deployment. |
CSCts52687 Centrify service gets frozen while starting and does not move to the next available DC. | AD functionality is down This problem occurs when the joined DC is offline. There are other DCs online but ACS will not join one of them. Workaround: Bring the joined DC online or resubmit the AD configuration For further problem description, see the guidelines discussed in http://nmtg2.cisco.com/wiki/index.php/RNE_Template |
CSCto50246 CentrifyDC mode is displayed as 'connected' when the current DC is shutdown. | ACS takes a long time to update the DC details to which it is currently connected. This problem occurs when ACS is connected to another fastest reachable DC, while the previously connected DC is down. Workaround - None |
CSCts95867 The View database processes freeze when the system gets restarted while upgrading. | ACS view database process gets frozen if you restart the services while upgrading. This problem occurs if you: 1. Configure the data in ACS 5.2 patch 6 when the machine is in a distributed setup where it has a primary server and a secondary server. The secondary server is the log collector. 2. Change the log collector to the primary server. 3. Deregister the secondary server from the primary server. 4. Upgrade the secondary server using the CLI command application upgrade acs.tar.gz repo to ACS 5.3 build #38. The following message is displayed.
5. Check the process status now using the CLI command show app upgrade acs. The View Database process gets frozen for more than six hours while restarting the application 6. Upgrade the primary server using the CLI command application upgrade acs.tar.gz repo to 5.3 build #38. The following message is displayed.
The View Database process gets frozen for more than six hours while restarting the application Workaround: Use acs stop and acs start commands in CLI and restart the ACS services manually. |
CSCts79921 Authentication fails if you miss the UPN attribute. | Authentication fails against the Active Directory. This problem occurs when you try to add users using the command NET USER aaa qqq123!@# /ADD. Workaround: Add the users through the Active web interface. |
CSCtq29587 Radius Authentication fails in Switch with same VSA name and different data type. | Authentication fails in switch. This problem occurs while creating VSA attributes in Proxy and Remote ACS that have the same name, but different types. Workaround: Define the VSA attributes with the same names and types. |
CSCtq60960 Could not close the frames in the Authentication reports. | Expand and Collapse of Authentication results in Authentication details page are not working in both Mozilla in 4.x and 5.x versions. This problem occurs when you use third party tools like Actuate BIRT. Since, by default, the html5 stricter parsing engine is enabled in Mozilla 4.x and 5.x versions. You will face this issue if the validation is not proper in the third party tools. Workaround: When you are using Mozilla 4.x and 5.x versions, complete the following steps. 1. Open a new tab. 2. Enter about:config in the address bar and press Enter. 3. Click I will be careful, I promise!. 4. Enter html5 in the Filter box. 5. Double-click the html5.parser.enable to change its value to false. 6. Now, reload Authentication results in Authentication details page. The expand and collapse option of Authentication results in Authentication details page works fine. |
CSCts04765 Switching from IP ranges to single IP address displays an error message. | An error message is displayed while switching from IP ranges or IP ranges by mask to single IP option when you are creating AAA clients. This problem occurs when you switch from IP ranges or IP ranges by mask to single IP option in the network range multi column list box. The following error message is displayed.
This error is shown even after deleting the IP range and switched to single IP option. Workaround: Click Cancel and create a new AAA client. |
CSCtt04675 Repositories are missing from the Global backup after restoring it. | The changes that you made to the running configuration through CLI are not available after a global restore. For example, 1. Configure a repository. 2. Take a global backup. 3. Now, restore the backedup data. You can observe that the newly configured repository is not available in the running configuration. This problem occurs if the new configuration was not saved to startup configuration. Workaround: You should make sure that the changes are saved to the startup configuration whenever you make changes to the running configuration. |
CSCts67174 Database fail (TACACS Accounting) alarms are caused due to decimal value in AV pair. | Critical system alarms are caused in TACACS Accounting [Collector]: Database failure (<acs hostname >, TACACS Accounting). This problem occurs when you use a decimal value in the AV pair elapsed time in TACACS Accounting packet sent by NAS. Workaround: None |
CSCtr40972 Could not launch ACS with new IP address after a global Backup during upgrade. | Could not launch ACS using the new IP address after restoring a global backup. This problem occurs when you restore a global back up of one ACS machine in to another ACS machine. Workaround: None |
CSCua46796 LDAP connection is interrupted for one minute every 10 hours due to Kerberos TGT expiration. | LDAP connection is interrupted for one minute every 10 hours due to Kerberos TGT expiration. The connection is automatically re-established after the TGT renewal. This problem occurs when you use AD or LDAP as an external database. Workaround: None |
CSCua99537 Network Time Protocol Daemon (NTPD) running with ACS sometimes does not synchronize its clock with the windows time service | Network Time Protocol Daemon (NTPD) running with ACS, sometimes, does not synchronize its clock with the windows time service This problem occurs often when ACS or AD is running as a virtual machine. Workaround: None. |
Documentation Updates
Table 16 lists the updates to Release Notes for the Cisco Secure Access Control System 5.3.
Description | |
---|---|
10/17/2014 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.9” section. |
03/29/2013 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.9” section. |
11/21/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.8” section. |
10/22/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.7” section. |
08/24/2012 | Added a known issue CSCua99537 in the Known ACS Issues section and not supporting multiple NIC in Features Not Supported section. |
08/21/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.6” section. |
08/10/2012 | Updated Known ACS Issues and “Resolved Issues in Cumulative Patch ACS 5.3.0.40.4” section. |
05/29/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.5” section. |
05/18/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.4” section. |
04/17/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.3” section. |
02/28/2012 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.2” section. |
12/16/2011 | Added “Resolved Issues in Cumulative Patch ACS 5.3.0.40.1” section. |
12/01/2011 | Fixed the bug CSCts96708. |
10/04/2011 | Cisco Secure Access Control System, Release 5.3. |
Product Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 17 lists the product documentation that is available for ACS 5.3. To find end-user documentation for all the products on Cisco.com, go to: http://www.cisco.com/go/techdocs
Select Network Management > Security and Identity Management > Cisco Secure Access Control Server Products > Cisco Secure Access Control System.
Available Formats | |
---|---|
License and Documentation Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
Migration Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
User Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
CLI Reference Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
Supported and Interoperable Devices and Softwares for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
Software Developer’s Guide for the Cisco Secure Access Control System 5.3 | http://www.cisco.com/en/US/products/ps9911/ |
Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler | http://www.cisco.com/en/US/docs/net_mgmt/ |
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS”' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
“This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)”.
The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptography-related.
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: “This product includes software written by Tim Hudson (tjh@cryptsoft.com)”.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Supplemental License Agreement
END USER LICENSE AGREEMENT SUPPLEMENT FOR CISCO SYSTEMS ACCESS CONTROL SYSTEM SOFTWARE:
IMPORTANT: READ CAREFULLY
This End User License Agreement Supplement ('Supplement') contains additional terms and conditions for the Software Product licensed under the End User License Agreement ('EULA') between you and Cisco (collectively, the 'Agreement'). Capitalized terms used in this Supplement but not defined will have the meanings assigned to them in the EULA. To the extent that there is a conflict between the terms and conditions of the EULA and this Supplement, the terms and conditions of this Supplement will take precedence.
In addition to the limitations set forth in the EULA on your access and use of the Software, you agree to comply at all times with the terms and conditions provided in this Supplement. DOWNLOADING, INSTALLING, OR USING THE SOFTWARE CONSTITUTES ACCEPTANCE OF THE AGREEMENT, AND YOU ARE BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT (COLLECTIVELY, 'CUSTOMER') TO THE AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THE AGREEMENT, THEN CISCO IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND (A) YOU MAY NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE (INCLUDING ANY UNOPENED CD PACKAGE AND ANY WRITTEN MATERIALS) FOR A FULL REFUND, OR, IF THE SOFTWARE AND WRITTEN MATERIALS ARE SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE ORIGINAL END USER PURCHASER.
1. Product Names
For purposes of this Supplement, the Product name(s) and the Product description(s) you may order as part of Access Control System Software are:
A. Advanced Reporting and Troubleshooting License
Enables custom reporting, alerting and other monitoring and troubleshooting features.
B. Large Deployment License
Allows deployment to support more than 500 network devices (AAA clients that are counted by configured IP addresses). That is, the Large Deployment license enables the ACS deployment to support an unlimited number of network devices in the enterprise.
C. Advanced Access License (not available for Access Control System Software 5.0, will be released with a future Access Control System Software release)
Enables Security Group Access policy control functionality and other advanced access features.
2. ADDITIONAL LICENSE RESTRICTIONS
- Installation and Use. The Cisco Secure Access Control System (ACS) Software component of the Cisco 1121 Hardware Platform is preinstalled. CDs containing tools to restore this Software to the 1121 hardware are provided to Customer for reinstallation purposes only. Customer may only run the supported Cisco Secure Access Control System Software Products on the Cisco 1121 Hardware Platform designed for its use. No unsupported Software product or component may be installed on the Cisco 1121 Hardware Platform.
- Software Upgrades, Major and Minor Releases. Cisco may provide Cisco Secure Access Control System Software upgrades for the 1121 Hardware Platform as Major Upgrades or Minor Upgrades. If the Software Major Upgrades or Minor Upgrades can be purchased through Cisco or a recognized partner or reseller, the Customer should purchase one Major Upgrade or Minor Upgrade for each Cisco 1121 Hardware Platform. If the Customer is eligible to receive the Software release through a Cisco extended service program, the Customer should request to receive only one Software upgrade or new version release per valid service contract.
- Reproduction and Distribution. Customer may not reproduce nor distribute software.
3. DEFINITIONS
Major Upgrade means a release of Software that provides additional software functions. Cisco designates Major Upgrades as a change in the ones digit of the Software version number [(x).x.x].
Minor Upgrade means an incremental release of Software that provides maintenance fixes and additional software functions. Cisco designates Minor Upgrades as a change in the tenths digit of the Software version number [x.(x).x].
4. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS
Please refer to the Cisco Systems, Inc., End User License Agreement.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Release Notes for Cisco Secure Access Control System 5.3
© 2011 Cisco Systems, Inc. All rights reserved
Security Products and Solutions - Cisco
Security. Security designed to work together. Simplify security complexity. Keep business more secure. Make IT more productive. Join us at Cisco Live
http://www.cisco.com/c/en/us/products/security/index.html
Cisco License Manager - Cisco
Easily manage Cisco IOS Software activation and license management for a wide range of Cisco platforms running IOS as well as other operating systems with the secure ..
http://www.cisco.com/c/en/us/products/cloud-systems-management/license-manager/index.html
Cisco Software Central
Buy Directly from Cisco Configure, price, and order Cisco products, software, and services. Available to partners and to customers with a ..
https://software.cisco.com/
Cisco Secure Access Control Server Evaluation License Key - ACS ..
May 16, 2015 .. In the License File field of the ACS 5.0 Welcome page, enter the complete .. You can download a 90-day trial version of the Cisco Secure ACS ..
https://supportforums.cisco.com/document/12509071/cisco-secure-access-control-server-evaluation-license-key-acs-evaluation
ACS - Wikipedia
This disambiguation page lists articles associated with the title ACS. If an internal link led you here, you may wish to change the link to point directly to the ..
https://en.wikipedia.org/wiki/ACS
Cisco.com Login Page
Create a New Account. There are various levels of access depending on your relationship with Cisco. Review the benefits of registration and find the level that is ..
http://tools.cisco.com/SWIFT/LicensingUI/Home
License and Documentation Guide for the Cisco Secure Access ..
Nov 11, 2009 .. For each PAK that you submit, a license file is generated and sent to you .. ACS software release, log in to the Cisco Software Download Site at ..
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/license_doc/guide/acs_51_lic_doc_gd.html
ACS Licensing Cisco Communities
Nov 23, 2015 .. .. add-on licenses. For license PIDs/SKUs, please see the ACS v5.x Ordering. .. You may download a 90-day evaluation base license: Go to the .. ACS 5 requires a base license file to be applied to each ACS server. ACS will ..
https://communities.cisco.com/docs/DOC-64011
Early death of Cisco VPN Client forces VPN …
Cisco has ceased development on the IPSec VPN client, and shifted to pushing the SSL VPN client for remote VPN access for both IOS and ASA platforms.
http://etherealmind.com/premature-death-cisco-vpn-client-end-of-life/
Cisco ACS 5.4 - Google Docs
If you have 90 days trial license, you can follow this link Installing Cisco ACS 5.x. .. three files, then again you can search the particular file names on Internet.
https://docs.google.com/document/d/1r0BhE7c3wOKf76d80W8FZ0nIinsFkAvKmPqjKzpj9lI/edit
How to get Cisco ACS trial license - YouTube
Dec 19, 2015 - 2 min - Uploaded by Adel Sheplhttps://www.cisco.com/go/license username: adelshepl2 , pass: P@ ssw0rdcisco123 get other ..
https://www.youtube.com/watch?v=LkXQh9xhgrw
Adding licenses without a .lic file? : Cisco - Reddit
Nov 6, 2014 .. I was emailed the guts of a license file from my team lead rather than the .lic file itself, .. NOTE: The 'Reddit Cisco Ring', its associates, subreddits, and creator ' mechman991' .. It's a non-production ACS 5.4 Virtual Machine.
https://www.reddit.com/r/Cisco/comments/2ligt0/adding_licenses_without_a_lic_file/
Install Cisco ACS v5.4 for GNS3 ethernuno
Apr 1, 2014 .. Now Download ACS 5.4 and get the license key from Cisco in order to run .. Now point the CD image to where you downloaded the iso file and ..
https://ethernuno.wordpress.com/2014/04/01/install-cisco-acs-v5-4-for-gns3/
installation and configuration of cisco secure acs 5.3 (vmware) – part 4
Jul 11, 2012 .. installation and configuration of cisco secure acs 5.3 (vmware) – part 3 .. Follow the instructions on the screen to download the license file or let ..
https://chasingmyccie.wordpress.com/2012/07/11/installation-and-configuration-of-cisco-secure-acs-5-3-vmware-part-4/
Cisco ASA - [Lab 1.2] Crack Cisco ACS 5.8 - part 2 - SVUIT.VN
18 Tháng Sáu 2016 .. Cisco Secure ACS giúp xác thực người dùng bằng cách điều khiển việc xác thực .. Download File license để crack ACS 5.8: DOWNLOAD ..
http://svuit.vn/threads/lab-1-2-crack-cisco-acs-5-8-part-2-1226/
Acs License File Installation Failed - picturekazino - Weebly
Nov 8, 2016 .. Acs License File Installation Failed .. Cisco Secure Access Control System (ACS) 5. .. Just to say that im able to download the license file.
http://picturekazino.weebly.com/blog/acs-license-file-installation-failed