In this post we will cover the recovery procedure steps of a Cisco ACS aka Secure Access Server. I assume you have the ACS Recovery disc, that you have physical access to the appliance and a valid Cisco license key. If you lost the recovery disc, I think it is possible to download an ISO file from cisco.com and burn it into a CD-ROM.
What does Cisco ACS do?
Cisco Access Secure Server is a AAA server from Cisco that integrates with your IT infrastructure and provides authentication, authorization and accounting. It is sure a more robust TACACS+ alternative.
What could cause an ACS to crash?
because it is based on Linux, an improper power off of the appliance may corrupt the database. Using an unsupported Internet browser is also risky. I faced this scenario in the past and the GUI went crazy. So I had to restore the box completely. Thank God I had backups!
Cisco ACS recovery steps
First, I attach a keyboard and monitor to the Cisco ACS server. I Insert the recovery disc into the drive and boot the appliance.
The appliance boots from the CD-ROM and displays available boot options:
I select the first option.
Let the appliance boot the necessary files and mount filesystems:
After that, ACS formats the local file system and copies necessary packages:
the process can take a while, so be patient.
At the prompt, enter setup
Configure all IP information:
Now the basic device configuration is restored. We will enable SSHd with the following command:
We enable the GUI interface with:
acs config-web-interface migration enable
If we want to add GUI user accounts, it is done with the following command, then end with CTRL-D:
As we can see, the appliance shows an error message. It says it needs a valid license. This is because the GUI of the ACS appliance is only accessible after we install a license that is generated from the Product Activation Key.
Let’s say at this stage we have configured an ip address. We will use it to access the GUI interface.
When we access the GUI, ACS prompts for a username and a password. For a fresh install here are the default credentials:
Once you get past this menu, ACS requests a license file:
This license should have been generated out of the PAK. The PAK is written on a sheet of paper that should have come with the product.Unfortunately, if you don’t have the right PAK, you can not generate the license:
I’m going to skip this step because I don’t have a valid license.
Once you finish the configuration, save the configuration with write mem and halt the appliance with halt:
We’ve seen in this post what it takes to restore a Cisco ACS appliance. We learned that a recovery disc and a valid license key are mandatory. But above all what is important is to keep regular backups.
What was your experience with Cisco ACS? Did you experience any crashes or bugs?