Cisco CSACS-1121-K9 Reference Guide

Cisco CSACS-1121-K9 Manual

Get Cisco CSACS-1121-K9 PDF manuals and user guides View all Cisco CSACS-1121-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco CSACS-1121-K9 manual content summary:

  • Cisco CSACS-1121-K9 | Reference Guide - Page 1
    CLI Reference Guide for the Cisco Secure Access Control System 5.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 2
    SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL . CLI Reference Guide for the Cisco Secure Access Control System 5.1 © 2005-2010 Cisco Systems, Inc. All rights reserved.
  • Cisco CSACS-1121-K9 | Reference Guide - Page 3
    and Software Platforms 2-4 Opening the CLI with Secure Shell 2-5 Opening the CLI Using a Local PC 2-5 Understanding Command Modes 2-6 EXEC Mode 2-6 ACS Configuration Mode 2-7 Configuration Mode 2-8 Configuration Submodes 2-8 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iii
  • Cisco CSACS-1121-K9 | Reference Guide - Page 4
    reset-config A-25 application start A-26 application stop A-26 application upgrade A-27 backup A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 dir A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iv OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 5
    A-58 Show Commands A-59 show acs-config-web-interface A-60 show acs-cores A-60 show acs-logs A-61 show application A-64 logins A-78 show memory A-78 show ntp A-79 show ports A-80 show process A-81 show repository A-82 show restore A-83 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 6
    A-113 cdp holdtime A-114 cdp run A-114 cdp timer A-115 clock timezone A-116 do A-118 end A-120 exit A-121 hostname A-122 icmp echo A-122 interface A-123 ip address A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vi OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 7
    ntp server A-133 password-policy A-134 repository A-135 service A-137 shutdown A-137 snmp-server community A-138 snmp-server contact A-139 snmp-server host A-139 snmp-server location A-140 username A-141 Contents OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vii
  • Cisco CSACS-1121-K9 | Reference Guide - Page 8
    Contents CLI Reference Guide for the Cisco Secure Access Control System 5.1 viii OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 9
    Cisco Secure Access Control System (ACS) 5.1 by using the command-line interface (CLI). Each topic provides a high-level summary of the tasks required for using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in combination with ACS 5.1, runs on the CSACS-1121 appliance
  • Cisco CSACS-1121-K9 | Reference Guide - Page 10
    of an action or troubleshooting help, but could still contain useful information. Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. CLI Reference Guide for the Cisco Secure Access Control System 5.1 x OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 11
    ACS-specific documentation helpful: • Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 • User Guide for the Cisco Secure Access Control System 5.1 • Regulatory Compliance and Safety Information for Cisco 1121 Secure Access Control System 5.1 and Cisco NAC Appliance
  • Cisco CSACS-1121-K9 | Reference Guide - Page 12
    as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. CLI Reference Guide for the Cisco Secure Access Control System 5.1 xii OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 13
    A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running the Cisco Application Deployment Engine (ADE) OS 1.2. This chapter provides an overview of how to access the ACS command-line interface (CLI), the different command
  • Cisco CSACS-1121-K9 | Reference Guide - Page 14
    -log decrypt-support-bundle delete dir end exit export-data forceout halt hostname icmp import-data User Account Admin Operator (User)                           CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-2 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 15
    disks show icmp_status show interface User Account Admin Operator (User)                                               OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-3
  • Cisco CSACS-1121-K9 | Reference Guide - Page 16
                          Logging in to the ACS server places you in the Operator (user) mode or the Admin (EXEC) mode. Typically, logging in requires a username and password. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 17
    in ACS. Performs a backup of an ACS configuration. Enters the ACS Configuration mode. Deletes an ACS run-time core file or JVM core log. Deletes an ACS run-time core file or JVM core log excluding the latest log. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-5
  • Cisco CSACS-1121-K9 | Reference Guide - Page 18
    directory. show Provides information about the ACS server. ssh Starts an encrypted session with a remote system. tech Provides Technical Assistance Center (TAC) commands. telnet Telnets to a remote system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 19
    (ICMP) echo response configuration information. Displays statistics for all the interfaces configured on ACS. Displays information about the hardware inventory, including the ACS appliance model and serial number. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-7
  • Cisco CSACS-1121-K9 | Reference Guide - Page 20
    . The ACS configuration mode requires a specific, authorized user role to execute each ACS configuration command. These commands are briefly described in Table 1-4. For detailed information on roles in ACS 5.1, refer to the User Guide for the Cisco Secure Access Control System 5.1. To access the ACS
  • Cisco CSACS-1121-K9 | Reference Guide - Page 21
    on a secondary ACS node. reset-manageme Resets the management interface nt-interface-certif certificate to the default self-signed icate certificate. Only the super admin or system admin can issue this command. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-9
  • Cisco CSACS-1121-K9 | Reference Guide - Page 22
    configuration command. Defines or sets a default gateway with an IP address. Defines a default domain name that an ACS server uses to complete hostnames. Sets the Domain Name System (DNS) servers for use during a DNS query. 1-10 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 23
    clock by the NTP server for the system. You can view these logs, using the show acs-logs command. For more information on log file types and the information stored in each log file, see show acs-logs, page A-61. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-11
  • Cisco CSACS-1121-K9 | Reference Guide - Page 24
    -management-interf Resets the management interface certificate to the default self-signed ace-certificate certificate. replication Synchronizes configuration information between the primary and secondary ACS. 1-12 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 25
    for the CSACS-1121. For detailed information, see the Installation and Upgrade Guide for Cisco Secure Access Control System 5.1. 1. Starting the CSACS-1121, page 2-2 2. Running Setup to Configure ACS, page 2-2 OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-1
  • Cisco CSACS-1121-K9 | Reference Guide - Page 26
    the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1. Power up the CSACS-1121. The appliance boots automatically and the setup utility appears (see Running Setup to Configure ACS, page 2-2). Running Setup to Configure ACS When you power up the CSACS-1121 appliance for
  • Cisco CSACS-1121-K9 | Reference Guide - Page 27
    the username command. Accessing the ACS CLI Before logging in to the ACS CLI, ensure that you have completed the hardware installation and configuration process outlined in Before Accessing the ACS CLI, page 2-1. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-3
  • Cisco CSACS-1121-K9 | Reference Guide - Page 28
    6053 • 8510 • altos5 • amiga • ansi • apollo • Apple_Terminal • att5425 • ibm327x • kaypro • vt100 See the terminfo database for a complete listing. You can also access ACS through an SSH client or the console port. CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-4 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 29
    port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. Note If using a Cisco switch on the other side of the connection, set the switchport to duplex auto, speed auto (the default). OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-5
  • Cisco CSACS-1121-K9 | Reference Guide - Page 30
    of the ACS server and your username. You must have privileges to enter the ACS Configuration mode, and must supply the username and the password that you use to log in to the ACS web interface. See ACS Configuration Mode, page 2-7. CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 31
    the default password. Cisco recommends that you do so for security reasons. You can change your password for the first time only by logging in to the web interface. You will also be prompted to install the license. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-7
  • Cisco CSACS-1121-K9 | Reference Guide - Page 32
    Submodes In the configuration submodes, you can enter commands for specific configurations. For example: acs/admin# config t acs/admin(config)# interface GigabitEthernet 0 acs/admin(config-GigabitEthernet)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-8 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 33
    example, you must enter an IPv4 address. A carriage return does not appear; therefore, you must enter additional arguments to complete the command. CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-9
  • Cisco CSACS-1121-K9 | Reference Guide - Page 34
    navigate the commands and modes on ACS. • Getting Help, page 2-10 • Using the No and Default Forms of Commands, page 2-11 acs/admin# ? • To complete a command, enter a few known characters before ? (with no space): acs/admin# s? 2-10 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 35
    . Using the No and Default Forms of Commands Some EXEC or configuration commands have a no form ACS provides a number of keyboard shortcuts that you can use to edit an entered line. Tab Tries to finish the current command. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 36
    . For example, if you type sh and press Tab, ACS completes the sh with show. If ACS does not complete the command, you can enter a few more letters and press Tab again. For more information, see Tab, page 2-11. 2-12 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 37
    your configuration changes so that you preserve them during a system reload or power outage. Proceed to Appendix A, "ACS Command Reference," for command listings, descriptions, syntax, usage guidelines, and sample output. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 38
    Where to Go Next Chapter 2 Using the ACS Command Line Interface 2-14 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 39
    allocated for each set of log files. Table A-1 Disk Space Allocation for ACS Process Logs Process ADE OS 1.2 Monit Log File /var/log/ade/ADE.log /opt/CSCOacs/logs/monit.log Maximum Disk Space (in MB) 50 55 OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-1
  • Cisco CSACS-1121-K9 | Reference Guide - Page 40
    information on these log files, see Table A-2. For instance, the default maximum file size for log files that logrotate manages is 5 MB. ACS, logrotate runs as an hourly kron job and verifies the disk space allocated for the log files. CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 41
    User Guide for the Cisco Secure Access Control System 5.1. This appendix describes: • EXEC Commands, page A-4 • Show Commands, page A-59 • ACS Configuration Commands, page A-93 • Configuration Commands, page A-112 OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-3
  • Cisco CSACS-1121-K9 | Reference Guide - Page 42
    or stop an ACS instance, use the acs command in the EXEC mode. acs {start | stop} Syntax Description start stop Starts an ACS instance. Stops an ACS instance. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-4 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 43
    Shows the debug log level status for subsystems (enabled or disabled). Displays ACS server debug logs. Shows application status and version information. Displays information about the software version of the system. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-5
  • Cisco CSACS-1121-K9 | Reference Guide - Page 44
    ACS server that is not a log collector, the CLI displays the following error message: % Error: This is not a log collector node. Cannot start 'proc-name'. Where proc-name refers to the specific view process that you attempted to start. CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 45
    of the backup file. Up to 100 alphanumeric characters. Repository command. Location where files should be backed up to. Up to 30 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-7
  • Cisco CSACS-1121-K9 | Reference Guide - Page 46
    to the default setting. Performs a restoration of an ACS configuration. Gathers information for ACS troubleshooting. Performs a backup (ACS and ADE OS) and places the backup in a repository. Backs up system logs. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-8 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 47
    the default password. Cisco recommends that you do so for security reasons. You can change your password for the first time only by logging in to the web interface. You will also be prompted to install the license. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-9
  • Cisco CSACS-1121-K9 | Reference Guide - Page 48
    /D. This command requires ACS to be running. Issue 'acs start' command and try again. acs/admin Example 3 - Failure acs/admin# acs-config Escape character is CNTL/D. Username: user1 Password: Authentication failed. A-10 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 49
    to login with the default password. Use the web interface to modify the default password acs/admin# Example 5 - Success acs/admin# acs-config and confirm password must be the same acs/admin# EXEC Commands OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-11
  • Cisco CSACS-1121-K9 | Reference Guide - Page 50
    specific repository. Shows the debug log level status for subsystems (enabled or disabled). Displays ACS server debug logs. Shows application status and version information. Displays information about the software version of the system. A-12 CLI Reference Guide for the Cisco Secure Access Control
  • Cisco CSACS-1121-K9 | Reference Guide - Page 51
    the ACS configuration web interface is enabled or disabled. acs delete core To delete an ACS run-time core file or JVM core log, use the acs delete core command in the EXEC mode. acs delete core {filename} OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-13
  • Cisco CSACS-1121-K9 | Reference Guide - Page 52
    mode. acs delete log {filename} Syntax Description filename Name of the run-time core file or JVM core log. You can use up to 255 alphanumeric characters to specify the filename. Defaults No default behavior or values. A-14 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 53
    . Repository command. Location where files should installed from or removed to. Up to 30 alphanumeric characters. Defaults Patch installations and removals are logged to /opt/CSCOacs/logs/acsupgrade.log. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-15
  • Cisco CSACS-1121-K9 | Reference Guide - Page 54
    (such as network settings and backup repositories) are not affected. ACS does not need to be running when you use this command. Examples acs/admin# acs reset-config This command will reset the ACS configuration. A-16 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 55
    or keywords. Defaults This command resets the ACS administrator 'acsadmin' password to the default setting (default). Resetting this password does not affect other ACS administrators. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-17
  • Cisco CSACS-1121-K9 | Reference Guide - Page 56
    the system. acs restore To restore an ACS configuration (not including the ADE OS data) from one ACS node to another, use the acs restore command in the EXEC mode. acs restore backup-file-name repository repository-name A-18 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 57
    backup was performed, as the new ACS node might not have any local certificates to associate with. After a restoration is complete, you must use the ACS web interface to designate an ACS node as a log collector. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-19
  • Cisco CSACS-1121-K9 | Reference Guide - Page 58
    -logs {number-logs}] [include-system-logs {number-logs}] [include-logs {number-days} {all-categories | log-categories [aaa-accounting | aaa-audit | aaa-diagnostics | administrative-audit | system-diagnostics]}] A-20 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 59
    in the ACS support bundle. Includes messages from the administrative audit logging category in the ACS support bundle. Includes messages from the system diagnostics logging category in the ACS support bundle. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-21
  • Cisco CSACS-1121-K9 | Reference Guide - Page 60
    -logs 1 include-logs 7 log-categories aaa-audit administrative-audit Collecting support information ...(file01.tar.gz) ACS support file 'file01.tar.gz' successfully copied to repository 'myrepository' acs/admin# A-22 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 61
    Application bundle filename. Up to 255 alphanumeric characters. remote-repository-name Remote repository name. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-23
  • Cisco CSACS-1121-K9 | Reference Guide - Page 62
    . Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines Removes or uninstalls an application. Examples acs/admin# application remove acs acs/admin# A-24 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 63
    to factory defaults. application start To enable a specific application, use the application start command in the EXEC mode. To remove this function, use the no form of this command. application start application-name OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 64
    Shows application information for the installed application packages on the system. application stop To disable a specific application, use the application . Defaults No default behavior or values. Command Modes EXEC A-26 CLI Reference Guide for the Cisco Secure Access Control System 5.1
  • Cisco CSACS-1121-K9 | Reference Guide - Page 65
    1.2.0.146 version before you upgrade to ACS 5.1. You can perform ACS upgrade only on a standalone machine. For more details, refer to Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-27
  • Cisco CSACS-1121-K9 | Reference Guide - Page 66
    for the installed application packages on the system. backup ACS as well as the ADE OS. You can view backup files of the ADE-OS at: - /storedconfig - /storeddata • Database password file-dbcred.cal, located at /opt/CSCOacs/conf. A-28 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 67
    . Displays ACS server debug logs. Displays the backup history of the system. Shows the debug log-level status for subsystems (enabled or disabled). Displays the available backup files located on a specific repository. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 68
    for ACS troubleshooting. Performs a backup (ACS and ADE OS) and places the backup in a repository. Restores from backup the file contents of a specific repository. Enters the repository submode for configuration of backups. A-30 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 69
    must restart ACS. Do you want to restart ACS now? (yes/no) yes Stopping ACS Starting ACS acs/admin# Related Commands Command show clock Description Displays the time and date set on the system software clock. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-31
  • Cisco CSACS-1121-K9 | Reference Guide - Page 70
    your ACS server, you lose the configuration. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the ACS server startup configuration. A-32 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 71
    protocol hostname Represents the current running configuration file. Represents the configuration file used during initialization (startup). See Table A-4 for protocol keyword options. Hostname of destination. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-33
  • Cisco CSACS-1121-K9 | Reference Guide - Page 72
    ACS runtime debug logs from the system, bundles them as runtimelogs.tar.gz, and transfers them to the specified directory on the remote host. Defaults No default 1 acs/admin# copy run start Generating configuration... acs/admin# A-34 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 73
    the debug log level status for subsystems (enabled or disabled). Displays ACS server debug logs. Shows application status and version information. Displays information about the software version of the system. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-35
  • Cisco CSACS-1121-K9 | Reference Guide - Page 74
    Enables configuration debug output for CDP. Set level between 0 and 7 with 0 being severe and 7 being all. • infra-Enables infrastructure debug output for CDP. Set level between 0 and 7 with 0 being severe and 7 being all. A-36 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 75
    0 being severe and 7 being all. • init-Enables system init debug output. Set level between 0 and 7 with 0 being severe and 7 being all. File transfer. Set level between 0 and 7 with 0 being severe and 7 being all. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-37
  • Cisco CSACS-1121-K9 | Reference Guide - Page 76
    the debug command for various command situations. delete To delete a file from the ACS server, use the delete command in the EXEC mode. To remove this function, use the no form of this command. delete filename A-38 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 77
    . Requires disk:/ preceding the directory name. Lists a local directory or filename recursively. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# dir OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 78
    running-config Usage for disk: filesystem 49741824 bytes total used 6815842304 bytes free 7233003520 bytes available Related Commands Command delete Description Deletes a file from the ACS server. A-40 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 79
    ACS server, use the forceout command in the EXEC mode. forceout username Syntax Description username The name of the user. Up to 31 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 80
    the existing ACS configuration. ACS displays the following message: Saved the running configuration to startup successfully Examples acs/admin# halt acs/admin# Related Commands Command reload Description Reboots the system. A-42 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 81
    is entered and you want to know what arguments match the input (e.g. 'show pr?'.) acs/admin# To create a new directory on the ACS server, use the mkdir command in the EXEC mode. mkdir directory-name [disk:/path] OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-43
  • Cisco CSACS-1121-K9 | Reference Guide - Page 82
    system on the ACS server, use the nslookup command in the EXEC mode. nslookup word Syntax Description word IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters. Defaults No default behavior or values. A-44 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 83
    bytes from 209.165.200.225#53 in 5 ms Example 2 acs/admin# nslookup 209.165.200.225 Trying "225.200.165.209.in system to ping. Up to 32 alphanumeric characters. Hostname of the system to ping. Up to 32 alphanumeric characters. Specification Guide for the Cisco Secure Access Control System 5.1 A-45
  • Cisco CSACS-1121-K9 | Reference Guide - Page 84
    will notice any of the following warning messages: WARNING: A backup or restore is currently in progress! Continue with reload? WARNING: An install/upgrade/remove is currently in progress! Continue with reload? A-46 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 85
    ). Name of the repository you want to restore from backup. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines When you use this command for ACS, the ACS server restarts automatically. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-47
  • Cisco CSACS-1121-K9 | Reference Guide - Page 86
    characters. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples acs/admin# mkdir disk:/test/ acs/admin# dir Directory of disk:/ 16384 Jun 28 2007 00:09:50 lost+found/ A-48 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 87
    Displays file-system information of the disks. interface Displays statistics for all the interfaces configured on the ADE OS 1.0.2 system. logging Displays system logging information. (requires keyword) OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-49
  • Cisco CSACS-1121-K9 | Reference Guide - Page 88
    No default behavior or values. Command Modes EXEC Usage Guidelines All show commands require at least one keyword to function. Examples acs/admin# show application acs Cisco ACS 5.1 acs/admin# A-50 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 89
    network. Examples Example 1 acs/admin# ssh delete hostkey mtm-sun8 acs/admin# Example 2 acs/admin# ssh acs2 admin admin@acs2's password: Last login: Wed Jul 11 05:53:20 2008 from ACS.cisco.com acs2/admin# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-51
  • Cisco CSACS-1121-K9 | Reference Guide - Page 90
    1000 packets received by filter 0 packets dropped by kernel acs/admin# To log in to a host that supports Telnet, use the telnet command in Operator (user) or EXEC mode. telnet [ip-address | hostname] port number A-52 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 91
    of output. Defaults 24 lines Command Modes EXEC Usage Guidelines The system uses the length value to determine when to pause during multiple-screen output. Examples acs/admin# terminal length 0 acs/admin# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-53
  • Cisco CSACS-1121-K9 | Reference Guide - Page 92
    session-welcome command in EXEC mode. terminal session-welcome string Syntax Description string Welcome message. Up to 2,048 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC A-54 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 93
    that provide that type of service. Up to 80 alphanumeric characters. Defaults VT100 Command Modes EXEC Usage system. Up to 32 alphanumeric characters. Hostname of the remote system. Up to 32 alphanumeric characters. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 94
    output for backup-restore. CDP configuration files. • all-Disables all CDP configuration debug output. • config-Disables configuration debug output for CDP. • infra-Disables infrastructure debug output for CDP. A-56 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 95
    of the priority level at which you set the undebug output. Set level between 0 and 7 with 0 being severe and 7 being all. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-57
  • Cisco CSACS-1121-K9 | Reference Guide - Page 96
    Generating configuration... ! hostname ACS ! ip domain-name cisco.com ! interface GigabitEthernet 0 ip address 209.165.200.225 255.255.255.224 ! interface GigabitEthernet 1 shutdown ! ip name-server 209.165.201.1 ! A-58 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 97
    tech-support • show terminal • show timezone • show timezones • show udi • show uptime • show users • show version * 1. Commands marked with an asterisk (*) represent those that are specific to ACS functionality. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-59
  • Cisco CSACS-1121-K9 | Reference Guide - Page 98
    details Displays the modification time and size (in KB) for each core and log file. Defaults The ACS core files are located at /opt/CSCOacs/runtime/core and the JVM core logs are located at /hs_err_pid. A-60 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 99
    the latest log. Displays ACS server debug logs. show acs-logs To display ACS server debug logs, use the show acs-logs command in the EXEC mode. show acs-logs {details | filename whose contents you want to view. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-61
  • Cisco CSACS-1121-K9 | Reference Guide - Page 100
    configuration that are performed by administrators when using the ACS web interface or CLI. ACSManagement.log Stores information, warning, and debug messages from ACS web interface, CLI, and UCP web-service system. A-62 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-
  • Cisco CSACS-1121-K9 | Reference Guide - Page 101
    6 Oct 7 19:32 MonitoringAndReportingDatabase.log 3 Oct 7 19:33 MonitoringAndReportingProcess.log 0 Oct 7 19:17 MonitoringAndReportingScheduler.log 0 Oct 7 19:18 MonitoringAndReportingUI.log OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-63
  • Cisco CSACS-1121-K9 | Reference Guide - Page 102
    information about the software version of the system. show application To show application information of the installed application packages on the system, use the show application command in the EXEC mode. A-64 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 103
    to display. Default 10. |-Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines Here is a list of various application status displayed and their interpretation. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-65
  • Cisco CSACS-1121-K9 | Reference Guide - Page 104
    requiring enabling/disabling of processes. Status is unavailable. Please check again in a minute." acs/admin# This message appears when a set of processes change because of a view node selection or Active Directory configuration. A-66 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 105
    .tar.gz to repository fileserver007: success Wed Jul 18 12:55:53 UTC 2007: backup full-0718.tar.gpg to repository fileserver007: success acs/admin# Example 2 acs/admin# show backup history backup history is empty OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-67
  • Cisco CSACS-1121-K9 | Reference Guide - Page 106
    GigabitEthernet0. acs/admin# Example 2 acs/admin# show cdp neighbors CDP Neighbor : acs-test2 Local Interface Device Type Port Address : GigabitEthernet0 : cisco WS-C3560G-48PS : GigabitEthernet0/36 : 209.165.200.225 acs/admin# A-68 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 107
    time zones). Related Commands Command clock Description Sets the system clock for display purposes. show cpu To display CPU information, use the show cpu command in the EXEC mode. show cpu [statistics] [|] [|] OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-69
  • Cisco CSACS-1121-K9 | Reference Guide - Page 108
    (see Table A-9). • end-End with line that matches Default 10. |-Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# show cpu processor : 0 A-70 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 109
    2133.737 cache size: 2048 KB acs/admin# Example 2 acs/admin# show cpu statistics user time (see Table A-10). • end-End with line that matches. Up to Default 10. |-Output modifier variables (see Table A-10). OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-
  • Cisco CSACS-1121-K9 | Reference Guide - Page 110
    the amount of system memory that each system process uses. show icmp-status To display file-system information about the disks, use the show icmp_status command in EXEC mode. show icmp_status {> file | |} A-72 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 111
    . Default 10. |-Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# show icmp_status icmp echo response is turned on acs/admin# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 112
    interface. Add number after the word count. • end-End with line that matches. Up to 80 alphanumeric to display. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples acs/admin# Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 113
    Configures an interface type and enters the interface configuration submode. show inventory To display information about the hardware inventory, including the ACS appliance count. • end-End with line Default 10. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-75
  • Cisco CSACS-1121-K9 | Reference Guide - Page 114
    name. Up to 255 alphanumeric characters. - tail-Tail system syslog messages. - count-Tail last count messages. From 0 to 4,294,967,295. |-Output modifier variables (see below). Displays the syslogs configuration. A-76 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 115
    the word last. Up to 80 lines to display. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines This to continue) Example 2 acs/admin# show logging internal log server: localhost CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-77
  • Cisco CSACS-1121-K9 | Reference Guide - Page 116
    the memory usage of all the running processes, use the show memory command in the EXEC mode. show memory Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes EXEC A-78 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 117
    129) at stratum 2 time correct to within 37 ms polling server every 128 s acs/admin# Related Commands Command ntp server Description Allows synchronization of the software clock by the NTP server for the system. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-79
  • Cisco CSACS-1121-K9 | Reference Guide - Page 118
    ACS . • end-End with line Default 10. |-Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines When you run the show ports command, the port must have an associated active session. A-80 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 119
    java (10023) udp: :::20514 acs/admin# show process To display information the word count. • end-End with line that matches. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 120
    Command Reference Examples See Table A-13 for process field descriptions. acs/admin# show process USER PID TIME TT COMMAND root 1 00 characters. Defaults No default behavior or values. Command Modes EXEC A-82 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 121
    11backup_Local.File2.tar.gpg from repository executeBackupRepo: success Wed Sep 5 12:31:21 UTC 2008: restore cdromRestore.tar.gpg from repository cdrom1: success admin# acs/admin# Example 2 acs/admin# show restore history CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-83
  • Cisco CSACS-1121-K9 | Reference Guide - Page 122
    ! hostname acs ! ip domain-name cisco.com ! interface GigabitEthernet 0 ip address 209.165.200.225 255.255.255.224 ! interface GigabitEthernet 1 shutdown ! ! clock timezone UTC ! ! username admin password groove role admin A-84 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 123
    . show startup-configuration Syntax Description No arguments or keywords. Defaults The show startup-configuration command displays all of the startup configuration information. Command Modes EXEC Usage Guidelines None. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 124
    Save any technical support data as a file in the local disk. Filename to save. Up to 80 alphanumeric characters. Defaults Passwords and other security information do not appear in the output. Command Modes EXEC A-86 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 125
    show process show running-configuration Description Displays the usability status of the interfaces. Displays information about active processes. Displays the contents of the current running configuration. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-87
  • Cisco CSACS-1121-K9 | Reference Guide - Page 126
    session, after which the connection closes. show timezone To display the time zone as set on the system, use the show timezone command in the EXEC mode. show timezone Syntax Description No arguments or keywords. A-88 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 127
    , page A-116, for examples of the time zones available for the ACS server. Examples OL-18996-01 acs/admin# show timezones PST8PDT Hongkong Etc/GMT-7 Etc/GMT-12 Etc/GMT-4 Etc/GMT-13 Etc/GMT-11 Etc/GMT-1 Etc/GMT+5 Etc/GMT-14 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-89
  • Cisco CSACS-1121-K9 | Reference Guide - Page 128
    Appendix A ACS Command CSACS-1121's UDI, use the show udi command in the EXEC mode. show udi Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. A-90 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 129
    after the word last. Up to 80 lines to display. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples acs/admin# show uptime 4 day(s), 16:36:58 acs/admin# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-91
  • Cisco CSACS-1121-K9 | Reference Guide - Page 130
    or keywords. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines This command displays information about the ADE-OS 1.2 software version running on the ACS server, and the ACS version. A-92 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 131
    pages of an ACS server, use the access-setting accept-all command in the ACS Configuration mode. Only the super admin has the privilege to use this command on a primary ACS node. access-setting accept-all OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-93
  • Cisco CSACS-1121-K9 | Reference Guide - Page 132
    Defaults None. Command Modes ACS Configuration Usage Guidelines Use the access-setting accept-all command when all system administrators' access to an ACS node through the GUI is blocked. This problem • mgmt A-94 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 133
    with the no severity level. Defaults All ACS debug logging is set to warn. Command Modes ACS Configuration Usage Guidelines You can select any of the following options (including suboptions) as a component: OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-95
  • Cisco CSACS-1121-K9 | Reference Guide - Page 134
    ACS Configuration Commands Appendix A ACS Command Reference • runtime-If you select this - mgmt-cli - mgmt-gui - mgmt-system - mgmt-notification - mgmt-bus - mgmt-dbal - mgmt-replication - mgmt-distmgmt A-96 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 135
    the debug log level status for subsystems (enabled or disabled). Displays ACS server debug logs. Shows application status and version information. Displays information about the software version of the system. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-97
  • Cisco CSACS-1121-K9 | Reference Guide - Page 136
    configuration data to a remote repository. export-data {user | host | device | idgroup | ndg | dacl | cmdset} repository file-name result-file-name {full secret-phrase | none | only-sec-repo | only-sec-files secret-phrase} A-98 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 137
    execute other CLI commands when the export operation is in progress. Examples acs/admin(config-acs)# export-data user repostiory01 file01 resultfile01 full password Export process Id is: 1 acs/admin(config-acs)# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-99
  • Cisco CSACS-1121-K9 | Reference Guide - Page 138
    . Uses the secured remote repository to import the file. If you specify the security type as only-sec-repo, you must specify a repository of the type SFTP. Encrypts the import file using GPG encryption mechanism. A-100 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 139
    ACS Command Reference ACS Configuration Commands Defaults None. Command Modes ACS Configuration Usage Guidelines When you issue this command, the ACS server starts a process to import the ACS configuration data to the local ACS Guide for the Cisco Secure Access Control System 5.1 A-101
  • Cisco CSACS-1121-K9 | Reference Guide - Page 140
    5 acs/admin(config-acs)# import-export-abort id 201 No such process ID #201. acs/admin(config-acs)# Related Commands Command export-data Description Exports configuration data from an ACS local store to a remote repository. A-102 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 141
    ; 10 out of 10 records are processed, 0 failed.[] acs/admin(config-acs)# Example 3 acs/admin(config-acs)# import-export-status id 4 Process id# 3 is pending; its number in the pending queue is 8. acs/admin(config-acs)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-103
  • Cisco CSACS-1121-K9 | Reference Guide - Page 142
    -adclient enable acs/admin(config-acs)# Related Commands Command debug-adclient debug-log Description Enables debug logging for an Active Directory client. Defines the local debug logging level for the ACS components. A-104 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 143
    return debug logging to the default configuration for all components or specific ACS components, use the no debug-log command in the ACS Configuration mode. Any user, - runtime-infrastructure - runtime-logging OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-105
  • Cisco CSACS-1121-K9 | Reference Guide - Page 144
    the ACS configuration to factory defaults. Gathers information for troubleshooting. Performs a backup (ACS and ADE OS) and places the backup in a repository. Defines the local debug logging level for the ACS components. A-106 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 145
    is complete. Examples acs/admin(config-acs)# replication force-sync Success. Related Commands Command acs (instance) acs (process) Description Starts or stops an ACS instance. Starts or stops an ACS process. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-107
  • Cisco CSACS-1121-K9 | Reference Guide - Page 146
    assign an invalid GUI certificate for the management interface and your login to ACS GUI is denied, or when you want to reset the existing management interface certificate to the default self-signed certificate. A-108 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 147
    ACS Configuration mode. Any user, irrespective of role, can issue this command. show debug-adclient Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes ACS Configuration OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 148
    or for specific ACS components, use the show debug-log command in the ACS Configuration mode. Any configured local debug logging status for all components. Defaults No default behavior or values. Command Modes ACS Configuration Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 149
    the ACS server starts up, the show debug-log mgmt command produces the following output: Mgmt current configured disabled disabled After issuing the debug-log mgmt enable command, the show debug-log mgmt command displays: CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-111
  • Cisco CSACS-1121-K9 | Reference Guide - Page 150
    Note Some of the Configuration commands require you to enter the configuration submode to complete the command configuration. To access the Configuration mode, you must use the configure command in the EXEC mode. A-112 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 151
    (:) is required after the server. Defaults No default behavior or values. Command Modes Configuration Usage Guidelines The URL is NFS only. The format of the command is backup-staging-url nfs://server:path. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-113
  • Cisco CSACS-1121-K9 | Reference Guide - Page 152
    how often the ACS server sends CDP updates. Enables the CDP. cdp run To enable the CDP, use the cdp run command in Configuration mode. To disable the CDP, use the no form of this command. cdp run [GigabitEthernet] A-114 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996
  • Cisco CSACS-1121-K9 | Reference Guide - Page 153
    Modes Configuration Usage Guidelines CDP packets transmit with a time to live, or hold time, value. The receiving device will discard the CDP information in the CDP packet after the hold time has elapsed. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-115
  • Cisco CSACS-1121-K9 | Reference Guide - Page 154
    Up to 64 alphanumeric characters. Defaults UTC Command Modes Configuration Usage Guidelines The system internally keeps time in UTC. If you do not know your specific time zone, you can enter , as UTC + 1 hour A-116 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 155
    Appendix A ACS Command Reference Configuration Commands OL-18996-01 Table A-16 Common Time Zones (continued) Acronym or name Time and city or country together separated by a forward slash (/); for example, Asia/Aden. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-117
  • Cisco CSACS-1121-K9 | Reference Guide - Page 156
    password to the default setting. Performs a restoration of an ACS configuration. Starts an ACS instance. Stops an ACS instance. Gathers information for ACS troubleshooting. Installs a specific application. A-118 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 157
    debug command for various command situations; for example, backup and restore, configuration, copy, resource locking, file transfer, and user management. write Copies, displays, or erases the running ACS server information. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-119
  • Cisco CSACS-1121-K9 | Reference Guide - Page 158
    session and return to the EXEC mode, use the end command in Configuration mode. end Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes Configuration A-120 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 159
    EXEC) command). Examples acs/admin(config)# exit acs/admin# Related Commands Command end exit (EXEC) Description Exits Configuration mode. Closes the active terminal session by logging out of the ACS server. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-121
  • Cisco CSACS-1121-K9 | Reference Guide - Page 160
    {off | on} Syntax Description echo off on Configures ICMP echo response. Disables ICMP echo response Enables ICMP echo response. Defaults The system will behave as if the ICMP echo response is on (enabled). A-122 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 161
    command, you enter the config-GigabitEthernet configuration submode (see the following Syntax Description). do end exit ip no shutdown EXEC command. , page A-137). Defaults No default behavior or values. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-123
  • Cisco CSACS-1121-K9 | Reference Guide - Page 162
    )# interface GigabitEthernet 1 acs/admin(config-GigabitEthernet)# ip address 209.165.200.227 255.255.255.224 IP Address was modified. ACS is restarting and a new HTTP certificate will be generated. Stopping ACS A-124 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 163
    . ip domain-name To define a default domain name that the ACS server uses to complete hostnames, use the ip domain-name command in Configuration mode. To disable this function, use the no form of this command. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-125
  • Cisco CSACS-1121-K9 | Reference Guide - Page 164
    * Address of a name server. (Optional) IP addresses of additional name servers. Note You can configure a maximum of three name servers. Defaults No default behavior or values. Command Modes Configuration A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 165
    IP route prefix for the destination. Prefix mask for the destination. IP address of the next hop that can be used to reach that network. Defaults No default behavior or values. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-127
  • Cisco CSACS-1121-K9 | Reference Guide - Page 166
    the policy lists should be repeated. Specifies a Command Scheduler policy list to be run by the occurrence. Identifies that the occurrences run on a recurring basis. Defaults No default behavior or values. A-128 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 167
    to run on the ACS server at a specified time. ACS configuration. kron policy-list To specify a name for a Command Scheduler policy and enter the kron-Policy List configuration submode, use the kron policy-list command in Configuration Guide for the Cisco Secure Access Control System 5.1 A-129
  • Cisco CSACS-1121-K9 | Reference Guide - Page 168
    scheduled to run on the ACS server at a specified time. Use the kron occurrence and policy list commands to schedule one or more policy lists to run at the same time or interval. See kron occurrence, page A-129. A-130 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 169
    Defaults No default behavior or values. Command Modes Configuration Usage Guidelines This command requires an IP address or hostname or the loglevel keyword; an error occurs if you enter two or more of these arguments. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 170
    take up to 20 minutes to complete. Examples acs/admin(config)# ntp server 209.165.201.31 NTP Server was modified. You must restart ACS. Do you want to restart ACS now? (yes/no) yes Stopping ACS Starting ACS A-132 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 171
    password-policy command, you enter the config-password-policy configuration submode. digit-required Requires a digit in the password. disable-repeat-characters Disables a password after several failures. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-133
  • Cisco CSACS-1121-K9 | Reference Guide - Page 172
    EXEC mode. exit Exits this mode. no Negates the command in this mode. Two keywords available: • url-Repository URL. • user-Repository username and password for access. A-134 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 173
    myrepository acs/admin(config-Repository)# url sftp://starwars.test.com/repository/system1 acs/admin(config-Repository)# user luke password skywalker acs/admin(config-Repository)# exit acs/admin(config)# OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-135
  • Cisco CSACS-1121-K9 | Reference Guide - Page 174
    the interface configuration mode. To disable this function, use the no form of this command. Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes Interface Configuration A-136 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 175
    read-only access. Defaults No default behavior or values. Command Modes Configuration Usage Guidelines The snmp-server community command requires a community string and the ro argument; otherwise, an error occurs. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 176
    SNMP traps to a remote user, use the snmp-server host command in Configuration mode. To remove trap forwarding, use the no form of this command. snmp-server host {ip-address | hostname} version {1 | 2c} community A-138 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 177
    snmp-server location word Syntax Description word String that describes the system's physical location information. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes Configuration OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 178
    level for the user. Disables the user according to the user's e-mail address. The user's e-mail address. For example, [email protected]. Defaults The initial user during setup. Command Modes Configuration A-140 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 179
    )# Related Commands Command password-policy show users Description Enables and configures the password policy. Displays a list of users and their privilege level. It also displays a list of logged-in users. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-141
  • Cisco CSACS-1121-K9 | Reference Guide - Page 180
    Configuration Commands Appendix A ACS Command Reference A-142 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 181
    system by entering commands and optional arguments. client Node or software program that requests services from a server. For example, the Secure Shell (SSH) client. See also server. the manager and the agent. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-1
  • Cisco CSACS-1121-K9 | Reference Guide - Page 182
    host number addresses an individual host within the network or subnetwork. A subnet mask extracts network and subnetwork information from the IP address. GL-2 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 183
    to run such an application or applications, often for extended periods of time, with minimal human direction. Examples of servers include web servers, e-mail servers, and file servers. See also client. See SNMP. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-3
  • Cisco CSACS-1121-K9 | Reference Guide - Page 184
    your computer to one of your servers. Once the connection is established, you would then log in with your account information and execute the operating system commands remotely on that computer, such as ls or cd. GL-4 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 185
    an entity, as defined by the Entity MIB (RFC 2737) and its supporting documents. Some entities, such as a chassis, will have subentities like slots identifies an individual, specific instance of a product. See UDI. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-5
  • Cisco CSACS-1121-K9 | Reference Guide - Page 186
    Glossary GL-6 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01
  • Cisco CSACS-1121-K9 | Reference Guide - Page 187
    A-116 do A-118 end A-120 exit A-121 hostname A-122 icmp echo A-122 interface A-123 ip address A-124 ip default-gateway A-125 ip domain-name A-126 ip name-server A-126 ip route A-127 kron occurrence A-129 kron policy-list A-130 CLI Reference Guide for the Cisco Secure Access Control System 5.1 IN-1
  • Cisco CSACS-1121-K9 | Reference Guide - Page 188
    show acs-logs A-61 show application A-64 show backup history A-67 show cdp A-68 show clock A-69 show cpu A-69 show disks A-71 show icmp-status A-72 show interface A-74 show inventory A-75 show logging A-76 show logins A-78 IN-2 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL
  • Cisco CSACS-1121-K9 | Reference Guide - Page 189
    2-7 configuration 2-8 configuration, submodes 2-8 EXEC 2-6 N navigating, commands 2-10 no forms of commands, using 2-11 O Operator (user) 1-1 organization, document iii-x R related documentation iii-xi S setup utility 1-2, 2-2 CLI Reference Guide for the Cisco Secure Access Control System
  • Cisco CSACS-1121-K9 | Reference Guide - Page 190
    appliance server 2-2 submodes, configuration 2-8 supported platforms hardware 2-4 software 2-4 T types of commands 1-5 U user accounts 1-1 command privileges (table) 1-2 modes 1-4 using PC locally 2-5 SSH 2-5 utility, setup 2-2 IN-4 CLI Reference Guide for the Cisco Secure Access Control System
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
CLI Reference Guide for the
Cisco Secure Access Control System 5.1
Text Part Number: OL-18996-01