Unflappings

Introduction

Cisco ACS is the newest revision (as of 8/2010) of their RADIUS/TACACS+ authentication server, which allows you to centrally manage user access and all that good stuff. One big thing people may ask is why not just use Windows IAS or Network Access Policy role on the newer servers. The Windows solution makes a whole lot of sense for small to medium installs, or where the IT staff is not strictly defined as “server” and “network” guys.  In larger installations or where this is the case, a box removed from the Active Directory servers and able to be controlled by “network” staff can more effectively delegate management throughout the organization.  Now lets dive in to the installation procedures.

Note: Keep in mind this install needs 60GB of free disk space and 1GB of usable memory, otherwise installations will fail.

Procedures

First boot your machine and on the installer prompt, press 1 to get installing.

After this it will go ahead and format the file system on its own and do some automatic configuration, not much needed during this time. The Cisco ACS 5.1 ISO is just a program that runs on CentOS (free Red Hat Enterprise Linux) and so anyone familiar with Linux installs should be pretty comfortable with this. If not, it’s automatic anyway.

After this automatic configuration, it’s going to go ahead and reboot the system and begin the system initialization. You will then be prompted with the login screen, and since this is the first time, we can type in “setup” to begin the setup application.

After this you should check to make sure all of the application components are running properly. You can check this by issuing the following command:
acstest/admin# show application status acs

ACS role: PRIMARY

Process ‘database’                  running
Process ‘management’                running
Process ‘runtime’                   running
Process ‘view-database’             running
Process ‘view-jobmanager’           running
Process ‘view-alertmanager’         running
Process ‘view-collector’            running
Process ‘view-logprocessor’         running

The first bit of information you need to input is the hostname, so choose accordingly to your organizational needs. I put “ciscoacs” since this is a test machine that wont likely to be used extensively.

The next is the IP address of the ACS server, input this accordingly, in this example I used 192.168.0.98 with a netmask of 255.255.255.0 since this is the server VLAN of my environment.

Next is the DNS information which includes DNS realm and nameservers. The DNS realm is the DNS suffix that would be appended to your hostname in order to complete a fully qualified domain name. For this I used “test.lcl” and a nameserver (DNS) address of 192.168.0.10 which is my Domain Controller IP. Hit “Y” after this to add more name servers as required, however I only need one for this example.

The user information is next, and you can specify whatever username and password combination you desire. I kept “admin” and changed the password to “ACSTestServer1″ just for simplicity sake. In a production environment you should obviously ensure a strong password is used.

This will then bring up the network interfaces and activate services within the ACS server.

After this you can navigate to the web interface for ACS at https://serverip/ and log in with ACSAdmin, password “default” where you will be prompted to change your password to something more secure.

If you do not see processes running when showing the status command, make sure that they have sufficient time to start up, this could take a long time depending on the hardware but prepare to be patient.