Cisco CSACS-1121-K9 Reference Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Server
  5. CSACS-1121-K9
  6. Reference manual

Cisco CSACS-1121-K9 Reference Manual

Reference guide
Hide thumbs Also See for CSACS-1121-K9:
Table of Contents

Advertisement

Quick Links

Enlarged version
CLI Reference Guide for the
Cisco Secure Access Control System 5.1
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-18996-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco CSACS-1121-K9

Summary of Contents for Cisco CSACS-1121-K9

  • Page 1: Cli Reference Guide For The Cisco Secure Access Control System

    CLI Reference Guide for the Cisco Secure Access Control System 5.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18996-01...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.

  • Page 3: Table Of Contents

    Supported Hardware and Software Platforms Opening the CLI with Secure Shell Opening the CLI Using a Local PC Understanding Command Modes EXEC Mode ACS Configuration Mode Configuration Mode Configuration Submodes CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 4 A-26 application stop A-26 application upgrade A-27 backup A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 5 A-74 show inventory A-75 show logging A-76 show logins A-78 show memory A-78 show ntp A-79 show ports A-80 show process A-81 show repository A-82 show restore A-83 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 6 A-114 cdp timer A-115 clock timezone A-116 A-118 A-120 exit A-121 hostname A-122 icmp echo A-122 interface A-123 ip address A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 7 A-137 shutdown A-137 snmp-server community A-138 snmp-server contact A-139 snmp-server host A-139 snmp-server location A-140 username A-141 L O S S A R Y N D E X CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 8: Cli Reference Guide For The Cisco Secure Access Control System

    Contents CLI Reference Guide for the Cisco Secure Access Control System 5.1 viii OL-18996-01...

  • Page 9: Who Should Read This Guide

    (ACS) 5.1 by using the command-line interface (CLI). Each topic provides a high-level summary of the tasks required for using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in combination with ACS 5.1, runs on the CSACS-1121 appliance.

  • Page 10: How This Guide Is Organized

    Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 11: Documentation Updates

    Open Source Licenses Information for the Cisco Secure Access Control System, Release 5.1 • Release Notes for the Cisco Secure Access Control System 5.1 • For details on locating these documents, refer to the License and Documentation Guide for the Cisco Secure Access Control System, Release 5.1, available at: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/license_doc/ guide/acs_51_lic_doc_gd.html CLI Reference Guide for the Cisco Secure Access Control System 5.1...

  • Page 12: Obtaining Documentation And Submitting A Service Request

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...

  • Page 13: Chapter 1 Overview Of The Acs Command Line Interface

    C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running the Cisco Application Deployment Engine (ADE) OS 1.2. This chapter provides an overview of how to access the ACS command-line interface (CLI), the different command modes, and the commands that are available in each mode.

  • Page 14: Chapter 1 Overview Of The Ac Command Line Interface

     debug  debug-adclient  debug-log  decrypt-support-bundle  delete     exit  export-data  forceout  halt  hostname  icmp  import-data CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 15   show clock   show cpu  show debug-adclient  show debug-log   show disks   show icmp_status   show interface CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 16  write Logging in to the ACS server places you in the Operator (user) mode or the Admin (EXEC) mode. Typically, logging in requires a username and password. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 17: Types Of Command Modes In Acs

    Deletes an ACS run-time core file or JVM core log. acs delete log Deletes an ACS run-time core file or JVM core log excluding the latest log. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 18: Exec Commands

    Provides information about the ACS server. Starts an encrypted session with a remote system. tech Provides Technical Assistance Center (TAC) commands. telnet Telnets to a remote system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 19: Show Commands

    Displays the Internet Control Message Protocol (ICMP) echo response configuration information. interface Displays statistics for all the interfaces configured on ACS. inventory Displays information about the hardware inventory, including the ACS appliance model and serial number. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 20: Acs Configuration Commands

    These commands are briefly described in Table 1-4. For detailed information on roles in ACS 5.1, refer to the User Guide for the Cisco Secure Access Control System 5.1. To access the ACS configuration mode, run the acs-config command in EXEC mode. Table 1-4 lists the ACS Configuration commands and provides a short description of each.

  • Page 21: Acs Configuration Commands

    ACS node. reset-manageme Resets the management interface Only the super admin or system admin nt-interface-certif certificate to the default self-signed can issue this command. icate certificate. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 22: Configuration Commands

    Defines a default domain name that an ACS server uses to complete hostnames. ip name-server Sets the Domain Name System (DNS) servers for use during a DNS query. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-10 OL-18996-01...

  • Page 23: Cli Audit

    You can view these logs, using the show acs-logs command. For more information on log file types and the information stored in each log file, see show acs-logs, page A-61. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-11 OL-18996-01...

  • Page 24: Cli Audit

    Aborts specific (or all) import and export processes. reset-management-interf Resets the management interface certificate to the default self-signed ace-certificate certificate. replication Synchronizes configuration information between the primary and secondary ACS. CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-12 OL-18996-01...
  • Page 25 C H A P T E R Using the ACS Command Line Interface This chapter provides helpful tips for understanding and configuring the Cisco Secure ACS 5.1 from the CLI. It contains: Before Accessing the ACS CLI, page 2-1 •...

  • Page 26: Using The Acs Command Line Interface

    Step 2 appears when the CSACS-1121 boots) only configures the Gigabit Ethernet 0 port. For information on connecting cables, see the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1. Power up the CSACS-1121. The appliance boots automatically and the setup utility appears (see...

  • Page 27: Chapter 2 Using The Ac Command Line Interface

    Accessing the ACS CLI Before logging in to the ACS CLI, ensure that you have completed the hardware installation and configuration process outlined in Before Accessing the ACS CLI, page 2-1. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 28: Supported Hardware And Software Platforms

    • ibm327x • kaypro • vt100 • See the terminfo database for a complete listing. You can also access ACS through an SSH client or the console port. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 29: Opening The Cli With Secure Shell

    The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. If using a Cisco switch on the other side of the connection, set the switchport to duplex auto, speed auto Note (the default).

  • Page 30: Understanding Command Modes

    You must have privileges to enter the ACS Configuration mode, and must supply the username and the password that you use to log in to the ACS web interface. See ACS Configuration Mode, page 2-7. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 31: Acs Configuration Mode

    The default username and password to access the ACS web interface are acsadmin and default, and the first time you log in to the web interface, you will be prompted to change the default password. Cisco recommends that you do so for security reasons. You can change your password for the first time only by logging in to the web interface.

  • Page 32: Configuration Mode

    In the Configuration mode, you can alternatively enter Ctrl-z instead of the end or exit command. Note Configuration Submodes In the configuration submodes, you can enter commands for specific configurations. For example: acs/admin# config t acs/admin(config)# interface GigabitEthernet 0 acs/admin(config-GigabitEthernet)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 33 In this example, you must enter an IPv4 address. A carriage return <cr> does not appear; therefore, you must enter additional arguments to complete the command. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 34: Navigating The Cli Commands

    For a list of available commands, enter a question mark (?): • acs/admin# ? To complete a command, enter a few known characters before ? (with no space): • acs/admin# s? CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-10 OL-18996-01...

  • Page 35: Using The No And Default Forms Of Commands

    • Command-Line Editing Key Conventions ACS provides a number of keyboard shortcuts that you can use to edit an entered line. Tries to finish the current command. CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-11 OL-18996-01...
  • Page 36 For example, if you type sh and press Tab, ACS completes the sh with show. If ACS does not complete the command, you can enter a few more letters and press Tab again. For more information, see Tab, page 2-11. CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-12 OL-18996-01...

  • Page 37: Where To Go Next

    You must save your configuration changes so that you preserve them during a system reload or • power outage. Proceed to Appendix A, “ACS Command Reference,” for command listings, descriptions, syntax, usage guidelines, and sample output. CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-13 OL-18996-01...
  • Page 38 Chapter 2 Using the ACS Command Line Interface Where to Go Next CLI Reference Guide for the Cisco Secure Access Control System 5.1 2-14 OL-18996-01...

  • Page 39: Appendix

    A P P E N D I X ACS Command Reference This appendix contains an alphabetical listing of the commands specific to the Cisco Secure ACS 5.1. The commands comprise these modes: EXEC • System-level – Show – ACS Configuration •...

  • Page 40: Appendix A Ac Command Reference

    Logrotate stores up to 10 log files at a given time. The latest log information, however, is always stored in acsupgrade.log. In ACS, logrotate runs as an hourly kron job and verifies the disk space allocated for the log files. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 41 /opt/CSCOacs/logs/ACSManagementAudit.log /opt/CSCOacs/logs/MonitoringAndReportingProcess.log AD Agent /opt/CSCOacs/logs/ACSADAgent.log Runtime /opt/CSCOacs/logs/acsRuntime.log For detailed information on logging in ACS 5.1, refer to the User Guide for the Cisco Secure Access Control System 5.1. This appendix describes: EXEC Commands, page A-4 • Show Commands, page A-59 •...

  • Page 42: Exec Commands

    To start or stop an ACS instance, use the acs command in the EXEC mode. acs {start | stop} Syntax Description start Starts an ACS instance. stop Stops an ACS instance. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 43: Exec Commands

    Shows the debug log level status for subsystems (enabled or disabled). show acs-logs Displays ACS server debug logs. show application Shows application status and version information. show version Displays information about the software version of the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...
  • Page 44 % Error: This is not a log collector node. Cannot start 'proc-name'. Where proc-name refers to the specific view process that you attempted to start. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 45: Acs (Process)

    This is not a log collector node. Attempting to stop 'proc-name' anyway. Where proc-name refers to the specific view process that you attempted to stop. Use this command only when you need to troubleshoot the operations of an ACS node; otherwise, Cisco Caution recommends that you maintain all of the ACS processes in running status, because ACS has high dependency on the ACS processes.

  • Page 46: Acs Backup

    Performs a restoration of an ACS configuration. acs support Gathers information for ACS troubleshooting. backup Performs a backup (ACS and ADE OS) and places the backup in a repository. backup-logs Backs up system logs. CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01...

  • Page 47: Acs-Config

    ACS web interface are acsadmin and default, and the first time you log in to the web interface, you will be prompted to change the default password. Cisco recommends that you do so for security reasons. You can change your password for the first time only by logging in to the web interface. You will also be prompted to install the license.

  • Page 48: Acs-Config

    This command requires ACS to be running. Issue 'acs start' command and try again. acs/admin Example 3 – Failure acs/admin# acs-config Escape character is CNTL/D. Username: user1 Password: Authentication failed. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-10 OL-18996-01...
  • Page 49 Escape character is CNTL/D. Username: acsadmin Password: Administrator must change password. Old password: New password: Confirm new password: Cannot change password: Password and confirm password must be the same acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-11 OL-18996-01...
  • Page 50 Shows the debug log level status for subsystems (enabled or disabled). show acs-logs Displays ACS server debug logs. show application Shows application status and version information. show version Displays information about the software version of the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-12 OL-18996-01...

  • Page 51: Acs Config-Web-Interface

    Enables or disables an interface to migrate the ACS database and change the user password through the CLI. If you do not want to migrate your ACS database or change the user password, Cisco recommends that you disable these interfaces.

  • Page 52: Acs Delete Log

    Name of the run-time core file or JVM core log. You can use up to 255 alphanumeric characters to specify the filename. Defaults No default behavior or values. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-14 OL-18996-01...

  • Page 53: Acs Patch

    Repository command. repository-name Location where files should installed from or removed to. Up to 30 alphanumeric characters. Defaults Patch installations and removals are logged to /opt/CSCOacs/logs/acsupgrade.log. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-15 OL-18996-01...

  • Page 54: Acs Patch

    ACS does not need to be running when you use this command. Examples acs/admin# acs reset-config This command will reset the ACS configuration. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-16 OL-18996-01...

  • Page 55: Acs Reset-Password

    No arguments or keywords. Defaults This command resets the ACS administrator ‘acsadmin’ password to the default setting (default). Resetting this password does not affect other ACS administrators. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-17 OL-18996-01...

  • Page 56: Acs Reset-Password

    To restore an ACS configuration (not including the ADE OS data) from one ACS node to another, use the acs restore command in the EXEC mode. acs restore backup-file-name repository repository-name CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-18 OL-18996-01...

  • Page 57: Acs Restore

    ACS node might not have any local certificates to associate with. After a restoration is complete, you must use the ACS web interface to designate an ACS node as a log collector. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-19 OL-18996-01...

  • Page 58: Acs Support

    [description {“text”}] [include-cores {number-days}] [include-db {original | secure}] [include-debug-logs {number-logs}] [include-local-logs {number-logs}] [include-system-logs {number-logs}] [include-logs {number-days} {all-categories | log-categories [aaa-accounting | aaa-audit | aaa-diagnostics | administrative-audit | system-diagnostics]}] CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-20 OL-18996-01...

  • Page 59: Acs Support

    Includes messages from the administrative audit logging category in the ACS support bundle. system-diagnostics Includes messages from the system diagnostics logging category in the ACS support bundle. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-21 OL-18996-01...
  • Page 60 3 include-db secure include-debug-logs 10 include-local-logs 5 include-system-logs 1 include-logs 7 log-categories aaa-audit administrative-audit Collecting support information ...(file01.tar.gz) ACS support file 'file01.tar.gz' successfully copied to repository 'myrepository' acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-22 OL-18996-01...

  • Page 61: Application Install

    Application bundle filename. Up to 255 alphanumeric characters. remote-repository-name Remote repository name. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-23 OL-18996-01...

  • Page 62: Application Install

    Application name. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines Removes or uninstalls an application. Examples acs/admin# application remove acs acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-24 OL-18996-01...

  • Page 63: Application Reset-Config

    To enable a specific application, use the application start command in the EXEC mode. To remove this function, use the no form of this command. application start application-name CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-25 OL-18996-01...

  • Page 64: Application Stop

    Disables an application. application-name Name of the predefined application that you want to disable. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-26 OL-18996-01...

  • Page 65: Application Upgrade

    You must upgrade the ADE-OS to 1.2.0.146 version before you upgrade to ACS 5.1. You can perform ACS upgrade only on a standalone machine. For more details, refer to Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-27 OL-18996-01...

  • Page 66: Backup

    Database—Database files include data related to ACS as well as the ADE OS. You can view backup • files of the ADE-OS at: /storedconfig – /storeddata – Database password file—dbcred.cal, located at /opt/CSCOacs/conf. • CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-28 OL-18996-01...

  • Page 67: Backup

    Displays the backup history of the system. show debug-adclient Shows the debug log-level status for subsystems (enabled or disabled). show repository Displays the available backup files located on a specific repository. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-29 OL-18996-01...

  • Page 68: Backup-Logs

    Performs a backup (ACS and ADE OS) and places the backup in a repository. restore Restores from backup the file contents of a specific repository. repository Enters the repository submode for configuration of backups. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-30 OL-18996-01...

  • Page 69: Clock

    Do you want to restart ACS now? (yes/no) yes Stopping ACS ....Starting ACS ...... acs/admin# Related Commands Command Description show clock Displays the time and date set on the system software clock. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-31 OL-18996-01...

  • Page 70: Configure

    ACS server startup configuration. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-32...

  • Page 71: Copy

    Represents the current running configuration file. startup-configuration Represents the configuration file used during initialization (startup). protocol Table A-4 for protocol keyword options. hostname Hostname of destination. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-33 OL-18996-01...
  • Page 72 The entire copying process might take several minutes and differs from protocol to protocol and from network to network. Use the filename relative to the directory for file transfers. Examples Example 1 acs/admin# copy run start Generating configuration... acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-34 OL-18996-01...
  • Page 73 Shows the debug log level status for subsystems (enabled or disabled). show acs-logs Displays ACS server debug logs. show application Shows application status and version information. show version Displays information about the software version of the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-35 OL-18996-01...

  • Page 74: Debug

    0 and 7 with 0 being severe and 7 being all. • infra—Enables infrastructure debug output for CDP. Set level between 0 and 7 with 0 being severe and 7 being all. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-36 OL-18996-01...

  • Page 75: Debug

    Set level between 0 and 7 with 0 • being severe and 7 being all. transfer File transfer. Set level between 0 and 7 with 0 being severe and 7 being all. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-37 OL-18996-01...

  • Page 76: Delete

    To delete a file from the ACS server, use the delete command in the EXEC mode. To remove this function, use the no form of this command. delete filename CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-38 OL-18996-01...

  • Page 77: Dir

    Lists a local directory or filename recursively. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# dir CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-39 OL-18996-01...
  • Page 78 Usage for disk: filesystem 49741824 bytes total used 6815842304 bytes free 7233003520 bytes available Related Commands Command Description delete Deletes a file from the ACS server. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-40 OL-18996-01...

  • Page 79: Exit

    EXEC mode. forceout username Syntax Description username The name of the user. Up to 31 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-41 OL-18996-01...

  • Page 80: Forceout

    ACS configuration. ACS displays the following message: Saved the running configuration to startup successfully Examples acs/admin# halt acs/admin# Related Commands Command Description reload Reboots the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-42 OL-18996-01...

  • Page 81: Help

    (e.g. 'show pr?'.) acs/admin# mkdir To create a new directory on the ACS server, use the mkdir command in the EXEC mode. mkdir directory-name [disk:/path] CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-43 OL-18996-01...

  • Page 82: Nslookup

    To look up the hostname of a remote system on the ACS server, use the nslookup command in the EXEC mode. nslookup word Syntax Description word IPv4 address or hostname of a remote system. Up to 64 alphanumeric characters. Defaults No default behavior or values. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-44 OL-18996-01...

  • Page 83: Ping

    3 to not set DF. Packetsize Size of the ping packet. packetsize Specify the size of the ping packet; the value can be between 0 and 65507. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-45 OL-18996-01...

  • Page 84: Reload

    WARNING: A backup or restore is currently in progress! Continue with reload? WARNING: An install/upgrade/remove is currently in progress! Continue with reload? CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-46 OL-18996-01...

  • Page 85: Restore

    Name of the repository you want to restore from backup. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines When you use this command for ACS, the ACS server restarts automatically. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-47 OL-18996-01...

  • Page 86: Rmdir

    Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples acs/admin# mkdir disk:/test/ acs/admin# dir Directory of disk:/ 16384 Jun 28 2007 00:09:50 lost+found/ CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-48 OL-18996-01...

  • Page 87: Show

    Displays file-system information of the disks. interface Displays statistics for all the interfaces configured on the ADE OS 1.0.2 system. logging Displays system logging information. (requires keyword) CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-49 OL-18996-01...

  • Page 88: Show

    Displays the contents of the startup configuration on the ACS server. tech-support Displays system and configuration information that you can provide to the Cisco Technical Assistance Center (TAC) when reporting a problem. terminal Displays information about the terminal configuration parameter settings for the current terminal line.

  • Page 89: Ssh

    Examples Example 1 acs/admin# ssh delete hostkey mtm-sun8 acs/admin# Example 2 acs/admin# ssh acs2 admin admin@acs2's password: Last login: Wed Jul 11 05:53:20 2008 from ACS.cisco.com acs2/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-51 OL-18996-01...

  • Page 90: Tech

    To log in to a host that supports Telnet, use the telnet command in Operator (user) or EXEC mode. telnet [ip-address | hostname] port number CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-52 OL-18996-01...

  • Page 91: Telnet

    24 lines Command Modes EXEC Usage Guidelines The system uses the length value to determine when to pause during multiple-screen output. Examples acs/admin# terminal length 0 acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-53 OL-18996-01...

  • Page 92: Terminal Session-Timeout

    EXEC mode. terminal session-welcome string Syntax Description string Welcome message. Up to 2,048 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-54 OL-18996-01...

  • Page 93: Terminal Session-Timeout

    [ip-address | hostname] Syntax Description ip-address IP address of the remote system. Up to 32 alphanumeric characters. hostname Hostname of the remote system. Up to 32 alphanumeric characters. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-55 OL-18996-01...

  • Page 94: Undebug

    • CDP configuration files. • all—Disables all CDP configuration debug output. config—Disables configuration debug output for CDP. • infra—Disables infrastructure debug output for CDP. • CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-56 OL-18996-01...

  • Page 95: Undebug

    Number of the priority level at which you set the undebug output. Set level between 0 and 7 with 0 being severe and 7 being all. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-57 OL-18996-01...

  • Page 96: Write

    Example 2 acs/admin# write terminal Generating configuration... hostname ACS ip domain-name cisco.com interface GigabitEthernet 0 ip address 209.165.200.225 255.255.255.224 interface GigabitEthernet 1 shutdown ip name-server 209.165.201.1 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-58 OL-18996-01...
  • Page 97 • show logins • show version • show memory • 1. Commands marked with an asterisk (*) represent those that are specific to ACS functionality. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-59 OL-18996-01...

  • Page 98: Show Commands

    Displays the modification time and size (in KB) for each core and log file. Defaults The ACS core files are located at /opt/CSCOacs/runtime/core and the JVM core logs are located at /hs_err_pid. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-60 OL-18996-01...

  • Page 99: Show Acs-Cores

    Displays the modification time and size (in KB) for each log file. Also lists the available logfiles. filename Specifies a file whose contents you want to view. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-61 OL-18996-01...
  • Page 100 Stores the logs from all of the ACS view processes. MonitoringAndReportingScheduler.log Stores the logs from view-jobmanager process. MonitoringAndReportingUI.log Stores the logs from Monitoring and Report Viewer web interface. acsLocalStore.log Stores the logs from the local system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-62 OL-18996-01...
  • Page 101 Oct 7 19:33 monit.log Oct 7 19:17 MonitoringAndReportingAlert.log Oct 7 19:34 MonitoringAndReportingCollector.log Oct 7 19:32 MonitoringAndReportingDatabase.log Oct 7 19:33 MonitoringAndReportingProcess.log Oct 7 19:17 MonitoringAndReportingScheduler.log Oct 7 19:18 MonitoringAndReportingUI.log CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-63 OL-18996-01...

  • Page 102: Show Application

    Displays information about the software version of the system. show application To show application information of the installed application packages on the system, use the show application command in the EXEC mode. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-64 OL-18996-01...

  • Page 103: Show Application

    Up to 80 lines to display. Default 10. |—Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines Here is a list of various application status displayed and their interpretation. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-65 OL-18996-01...
  • Page 104 Status is unavailable. Please check again in a minute." acs/admin# This message appears when a set of processes change because of a view node selection or Active Directory configuration. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-66 OL-18996-01...

  • Page 105: Show Backup History

    Wed Jul 18 12:55:21 UTC 2007: backup logs logs-0718.tar.gz to repository fileserver007: success Wed Jul 18 12:55:53 UTC 2007: backup full-0718.tar.gpg to repository fileserver007: success acs/admin# Example 2 acs/admin# show backup history backup history is empty CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-67 OL-18996-01...

  • Page 106: Show Cdp

    Example 2 acs/admin# show cdp neighbors CDP Neighbor : acs-test2 Local Interface : GigabitEthernet0 Device Type : cisco WS-C3560G-48PS Port : GigabitEthernet0/36 Address : 209.165.200.225 acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-68 OL-18996-01...

  • Page 107: Show Clock

    Sets the system clock for display purposes. show cpu To display CPU information, use the show cpu command in the EXEC mode. show cpu [statistics] [|] [|] CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-69 OL-18996-01...

  • Page 108: Show Cpu

    Up to 80 lines to display. Default 10. |—Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# show cpu processor : 0 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-70 OL-18996-01...

  • Page 109: Show Disks

    Add number after the word last. • Up to 80 lines to display. Default 10. |—Output modifier variables (see Table A-10). CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-71 OL-18996-01...

  • Page 110: Show Disks

    Displays the amount of system memory that each system process uses. show icmp-status To display file-system information about the disks, use the show icmp_status command in EXEC mode. show icmp_status {> file | |} CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-72 OL-18996-01...
  • Page 111 |—Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples Example 1 acs/admin# show icmp_status icmp echo response is turned on acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-73 OL-18996-01...

  • Page 112: Show Interface

    Bcast:209.165.200.255 Mask:255.255.255.224 inet6 addr: fe80::216:36ff:fe56:61d2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8783423 errors:0 dropped:0 overruns:0 frame:0 TX packets:4178157 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-74 OL-18996-01...

  • Page 113: Show Inventory

    Up to 80 alphanumeric characters. • last—Display last few lines of output. Add number after the word last. Up to 80 lines to display. Default 10. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-75 OL-18996-01...

  • Page 114: Show Logging

    Up to 255 alphanumeric characters. tail—Tail system syslog messages. – count—Tail last count messages. From 0 to 4,294,967,295. – |—Output modifier variables (see below). internal Displays the syslogs configuration. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-76 OL-18996-01...

  • Page 115: Show Logging

    7 13:24:51 localhost debugd[2050]: [3482]: logging: logutils_cli.c[253]: Got Logserver: localhost 7 13:24:51 localhost debugd[2050]: [3482]: logging: logutils_cli.c[261]: Got loglevel: 6 --More-- (press Spacebar to continue) Example 2 acs/admin# show logging internal log server: localhost CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-77 OL-18996-01...

  • Page 116: Show Logins

    To display the memory usage of all the running processes, use the show memory command in the EXEC mode. show memory Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-78 OL-18996-01...

  • Page 117: Show Ntp

    37 ms polling server every 128 s acs/admin# Related Commands Command Description ntp server Allows synchronization of the software clock by the NTP server for the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-79 OL-18996-01...

  • Page 118: Show Ports

    |—Output modifier variables. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines When you run the show ports command, the port must have an associated active session. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-80 OL-18996-01...

  • Page 119: Show Process

    Add number after the word last. • Up to 80 lines to display. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-81 OL-18996-01...

  • Page 120: Show Repository

    Syntax Description repository-name Name of the repository whose contents you want to view. Up to 30 alphanumeric characters. Defaults No default behavior or values. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-82 OL-18996-01...

  • Page 121: Show Restore

    4 03:54:35 PDT 2008: restore 11backup_Local.File2.tar.gpg from repository executeBackupRepo: success Wed Sep 5 12:31:21 UTC 2008: restore cdromRestore.tar.gpg from repository cdrom1: success admin# acs/admin# Example 2 acs/admin# show restore history CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-83 OL-18996-01...

  • Page 122: Show Running-Configuration

    Generating configuration... hostname acs ip domain-name cisco.com interface GigabitEthernet 0 ip address 209.165.200.225 255.255.255.224 interface GigabitEthernet 1 shutdown clock timezone UTC username admin password groove role admin CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-84 OL-18996-01...

  • Page 123: Show Startup-Configuration

    EXEC mode. show startup-configuration Syntax Description No arguments or keywords. Defaults The show startup-configuration command displays all of the startup configuration information. Command Modes EXEC Usage Guidelines None. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-85 OL-18996-01...

  • Page 124: Show Tech-Support

    Save any technical support data as a file in the local disk. word Filename to save. Up to 80 alphanumeric characters. Defaults Passwords and other security information do not appear in the output. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-86 OL-18996-01...
  • Page 125 Description show interface Displays the usability status of the interfaces. show process Displays information about active processes. show running-configuration Displays the contents of the current running configuration. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-87 OL-18996-01...

  • Page 126: Show Terminal

    To display the time zone as set on the system, use the show timezone command in the EXEC mode. show timezone Syntax Description No arguments or keywords. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-88 OL-18996-01...

  • Page 127: Show Timezones

    A-116, for examples of the time zones available for the ACS server. Examples acs/admin# show timezones PST8PDT Hongkong Etc/GMT-7 Etc/GMT-12 Etc/GMT-4 Etc/GMT-13 Etc/GMT-11 Etc/GMT-1 Etc/GMT+5 Etc/GMT-14 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-89 OL-18996-01...

  • Page 128: Show Udi

    To display information about the CSACS-1121’s UDI, use the show udi command in the EXEC mode. show udi Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-90 OL-18996-01...

  • Page 129: Show Uptime

    Up to 80 lines to display. Default 10. Defaults No default behavior or values. Command Modes EXEC Usage Guidelines None. Examples acs/admin# show uptime 4 day(s), 16:36:58 acs/admin# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-91 OL-18996-01...

  • Page 130: Show Users

    No default behavior or values. Command Modes EXEC Usage Guidelines This command displays information about the ADE-OS 1.2 software version running on the ACS server, and the ACS version. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-92 OL-18996-01...

  • Page 131: Acs Configuration Commands

    ACS Configuration mode. Only the super admin has the privilege to use this command on a primary ACS node. access-setting accept-all CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-93 OL-18996-01...

  • Page 132: Debug-Adclient

    Similarly, when you disable the DEBUG log level on one of these components, the active directory logs are disabled: • • mgmt CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-94 OL-18996-01...

  • Page 133: Debug-Adclient

    All ACS debug logging is set to warn. Command Modes ACS Configuration Usage Guidelines You can select any of the following options (including suboptions) as a component: CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-95 OL-18996-01...
  • Page 134 – mgmt-common – mgmt-aac – mgmt-bl – – mgmt-cli – mgmt-gui – mgmt-system – mgmt-notification mgmt-bus – mgmt-dbal – mgmt-replication – mgmt-distmgmt – CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-96 OL-18996-01...
  • Page 135 Shows the debug log level status for subsystems (enabled or disabled). show acs-logs Displays ACS server debug logs. show application Shows application status and version information. show version Displays information about the software version of the system. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-97 OL-18996-01...

  • Page 136: Decrypt-Support-Bundle

    GUI can export that specific configuration data to a remote repository. export-data {user | host | device | idgroup | ndg | dacl | cmdset} repository file-name result-file-name {full secret-phrase | none | only-sec-repo | only-sec-files secret-phrase} CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-98 OL-18996-01...

  • Page 137: Export-Data

    The export-data command is asynchronous, which allows you to execute other CLI commands when the export operation is in progress. Examples acs/admin(config-acs)# export-data user repostiory01 file01 resultfile01 full password Export process Id is: 1 acs/admin(config-acs)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-99 OL-18996-01...

  • Page 138: Import-Data

    Uses the secured remote repository to import the file. If you specify the security type as only-sec-repo, you must specify a repository of the type SFTP. only-sec-files Encrypts the import file using GPG encryption mechanism. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-100 OL-18996-01...

  • Page 139: Import-Export-Abort

    Aborts if any import or export processes is in progress. Aborts if any import or export processes is in progress or waiting in queue to be processed. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-101 OL-18996-01...

  • Page 140: Import-Export-Abort

    201 No such process ID #201. acs/admin(config-acs)# Related Commands Command Description export-data Exports configuration data from an ACS local store to a remote repository. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-102 OL-18996-01...

  • Page 141: Import-Export-Status

    Process id# 3 completed; 10 out of 10 records are processed, 0 failed.[] acs/admin(config-acs)# Example 3 acs/admin(config-acs)# import-export-status id 4 Process id# 3 is pending; its number in the pending queue is 8. acs/admin(config-acs)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-103 OL-18996-01...

  • Page 142: Import-Export-Status

    Related Commands Command Description debug-adclient Enables debug logging for an Active Directory client. debug-log Defines the local debug logging level for the ACS components. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-104 OL-18996-01...

  • Page 143: No Debug-Log

    – – runtime-authenticators – runtime-authorization – runtime-config-manager – runtime-config-notification-flow runtime-customerlog – runtime-crypto – runtime-dataaccess – runtime-dbpassword – runtime-eap – runtime-event-handler – runtime-idstores – runtime-infrastructure – runtime-logging – CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-105 OL-18996-01...

  • Page 144: No Debug-Log

    Gathers information for troubleshooting. backup Performs a backup (ACS and ADE OS) and places the backup in a repository. debug-log Defines the local debug logging level for the ACS components. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-106 OL-18996-01...

  • Page 145: Replication Force-Sync

    ACS restarts after the primary-to-secondary synchronization is complete. Examples acs/admin(config-acs)# replication force-sync Success. Related Commands Command Description acs (instance) Starts or stops an ACS instance. acs (process) Starts or stops an ACS process. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-107 OL-18996-01...

  • Page 146: Reset-Management-Interface-Certificate

    Issue this command when you assign an invalid GUI certificate for the management interface and your login to ACS GUI is denied, or when you want to reset the existing management interface certificate to the default self-signed certificate. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-108 OL-18996-01...

  • Page 147: Show Debug-Adclient

    ACS Configuration mode. Any user, irrespective of role, can issue this command. show debug-adclient Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes ACS Configuration CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-109 OL-18996-01...

  • Page 148: Show Debug-Log

    • items in the list below: – runtime-admin – runtime-authenticators runtime-authorization – runtime-config-manager – runtime-config-notification-flow – runtime-customerlog – runtime-crypto – CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-110 OL-18996-01...

  • Page 149: Show Debug-Log

    When the ACS server starts up, the show debug-log mgmt command produces the following output: current configured Mgmt disabled disabled After issuing the debug-log mgmt enable command, the show debug-log mgmt command displays: CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-111 OL-18996-01...

  • Page 150: Configuration Commands

    Some of the Configuration commands require you to enter the configuration submode to complete the Note command configuration. To access the Configuration mode, you must use the configure command in the EXEC mode. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-112 OL-18996-01...

  • Page 151: Backup-Staging-Url

    1. Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server. Defaults No default behavior or values. Command Modes Configuration Usage Guidelines The URL is NFS only. The format of the command is backup-staging-url nfs://server:path. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-113 OL-18996-01...

  • Page 152: Backup-Staging-Url

    To enable the CDP, use the cdp run command in Configuration mode. To disable the CDP, use the no form of this command. cdp run [GigabitEthernet] CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-114 OL-18996-01...

  • Page 153: Cdp Holdtime

    Specifies how often the ACS server sends CDP updates. cdp timer To specify how often the ACS server sends Cisco Discovery Protocol (CDP) updates, use the cdp timer command in Configuration mode. To revert to the default setting, use the no form of this command.

  • Page 154: Cdp Timer

    Greenwich Mean Time, as UTC GMT+0, UTC, Greenwich, Universal, Zulu British GB-Eire, Eire Irish Western Europe Time, as UTC Central Europe Time, as UTC + 1 hour CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-116 OL-18996-01...
  • Page 155 1. The Asia time zone includes cities from East Asia, Southern Southeast Asia, West Asia, and Central Asia. 2. Enter the region and city or country together separated by a forward slash (/); for example, Asia/Aden. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-117...
  • Page 156 Performs a restoration of an ACS configuration. acs-start Starts an ACS instance. acs-stop Stops an ACS instance. acs support Gathers information for ACS troubleshooting. application install Installs a specific application. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-118 OL-18996-01...
  • Page 157 Copies, displays, or erases the running ACS server information. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-119 OL-18996-01...
  • Page 158 To end the current configuration session and return to the EXEC mode, use the end command in Configuration mode. Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes Configuration CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-120 OL-18996-01...

  • Page 159: Exit

    A-41, for a description of the exit (EXEC) command). Examples acs/admin(config)# exit acs/admin# Related Commands Command Description Exits Configuration mode. exit (EXEC) Closes the active terminal session by logging out of the ACS server. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-121 OL-18996-01...

  • Page 160: Hostname

    Configures ICMP echo response. Disables ICMP echo response Enables ICMP echo response. Defaults The system will behave as if the ICMP echo response is on (enabled). CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-122 OL-18996-01...

  • Page 161: Interface

    IP address and netmask for the interface. shutdown—Shuts down the interface. • shutdown Shuts down the interface (see shutdown, page A-137). Defaults No default behavior or values. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-123 OL-18996-01...

  • Page 162: Ip Address

    GigabitEthernet 1 acs/admin(config-GigabitEthernet)# ip address 209.165.200.227 255.255.255.224 IP Address was modified. ACS is restarting and a new HTTP certificate will be generated. Stopping ACS ...... CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-124 OL-18996-01...

  • Page 163: Ip Address

    To define a default domain name that the ACS server uses to complete hostnames, use the ip domain-name command in Configuration mode. To disable this function, use the no form of this command. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-125 OL-18996-01...

  • Page 164: Ip Name-Server

    (Optional) IP addresses of additional name servers. Note You can configure a maximum of three name servers. Defaults No default behavior or values. Command Modes Configuration CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-126 OL-18996-01...

  • Page 165: Ip Route

    Prefix mask for the destination. ip-address IP address of the next hop that can be used to reach that network. Defaults No default behavior or values. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-127 OL-18996-01...

  • Page 166: Kron Occurrence

    Specifies a Command Scheduler policy list to be run by the occurrence. recurring Identifies that the occurrences run on a recurring basis. Defaults No default behavior or values. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-128 OL-18996-01...

  • Page 167: Kron Policy-List

    Configuration mode. To delete this, use the no form of this command. kron {policy-list} list-name Syntax Description policy-list Specifies a name for Command Scheduler policies. list-name Name of the policy list. Up to 80 alphanumeric characters. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-129 OL-18996-01...

  • Page 168: Kron Occurrence

    Use the kron occurrence and policy list commands to schedule one or more policy lists to run at the same time or interval. See kron occurrence, page A-129. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-130 OL-18996-01...

  • Page 169: Kron Policy-List

    Configuration Usage Guidelines This command requires an IP address or hostname or the loglevel keyword; an error occurs if you enter two or more of these arguments. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-131 OL-18996-01...

  • Page 170: Ntp Server

    209.165.201.31 NTP Server was modified. You must restart ACS. Do you want to restart ACS now? (yes/no) yes Stopping ACS ...... Starting ACS ...... CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-132 OL-18996-01...

  • Page 171: Password-Policy

    Requires a digit in the password. disable-repeat-characters Disables the password’s ability to contain more than four identical characters. disable-cisco-password Disables the ability to use the word Cisco or any combination as the password. lower-case-required Requires a lowercase letter in the password. min-password-length Specifies a minimum number of characters for a valid password.

  • Page 172: Repository

    Exits the config-Repository mode and returns you to the EXEC mode. exit Exits this mode. Negates the command in this mode. Two keywords available: url—Repository URL. • user—Repository username and password for access. • CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-134 OL-18996-01...
  • Page 173 Defaults No default behavior or values. Command Modes Configuration Usage Guidelines None. Examples acs/admin(config)# repository myrepository acs/admin(config-Repository)# url sftp://starwars.test.com/repository/system1 acs/admin(config-Repository)# user luke password skywalker acs/admin(config-Repository)# exit acs/admin(config)# CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-135 OL-18996-01...

  • Page 174: Repository

    To shut down an interface, use the shutdown command in the interface configuration mode. To disable this function, use the no form of this command. Syntax Description No arguments or keywords. Defaults No default behavior or values. Command Modes Interface Configuration CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-136 OL-18996-01...

  • Page 175: Snmp-Server Community

    Defaults No default behavior or values. Command Modes Configuration Usage Guidelines The snmp-server community command requires a community string and the ro argument; otherwise, an error occurs. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-137 OL-18996-01...

  • Page 176: Snmp-Server Contact

    To send SNMP traps to a remote user, use the snmp-server host command in Configuration mode. To remove trap forwarding, use the no form of this command. snmp-server host {ip-address | hostname} version {1 | 2c} community CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-138 OL-18996-01...

  • Page 177: Snmp-Server Location

    Syntax Description word String that describes the system’s physical location information. Up to 255 alphanumeric characters. Defaults No default behavior or values. Command Modes Configuration CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-139 OL-18996-01...

  • Page 178: Snmp-Server Contact

    Configuration Commands Usage Guidelines Cisco recommends that you use underscores (_) or hyphens (-) between the terms within the word string. If you use spaces between terms within the word string, you must enclose the string in quotation marks (“).
  • Page 179 Description password-policy Enables and configures the password policy. show users Displays a list of users and their privilege level. It also displays a list of logged-in users. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-141 OL-18996-01...
  • Page 180 Appendix A ACS Command Reference Configuration Commands CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-142 OL-18996-01...

  • Page 181: G L O S S A R Y

    G L O S S A R Y Access Control System. Application Deployment Engine. Cisco Discovery Protocol. A proprietary tool that network administrators use to access a summary of protocol and address information about other devices that are directly connected to the device initiating the command.
  • Page 182 A subnet mask extracts network and subnetwork information from the IP address. CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-2 OL-18996-01...
  • Page 183 Examples of servers include web servers, e-mail servers, and file servers. See also client. See SNMP. Simple Network Management Protocol CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-3 OL-18996-01...
  • Page 184 Telnet client to connect from your computer to one of your servers. Once the connection is established, you would then log in with your account information and execute the operating system commands remotely on that computer, such as ls or cd. CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-4 OL-18996-01...
  • Page 185 (RFC 2737) and its supporting documents. Some entities, such as a chassis, will have subentities like slots. An Ethernet switch might be a member of a super entity like a stack. Most Cisco entities that are orderable products will leave the factory with an assigned UDI. The UDI information is printed on a label that is affixed to the physical hardware device, and it is also stored electronically on the device in order to facilitate remote retrieval.
  • Page 186 Glossary CLI Reference Guide for the Cisco Secure Access Control System 5.1 GL-6 OL-18996-01...

  • Page 187: I N D E X

    A-125 ip domain-name command-line A-126 editing, key ip name-server A-126 2-11 More prompt ip route 2-13 A-127 commands kron occurrence A-129 kron policy-list A-130 CLI Reference Guide for the Cisco Secure Access Control System 5.1 IN-1 OL-18996-01...
  • Page 188 A-71 backup-logs show icmp-status A-30 A-72 clock show interface A-31 A-74 configure A-32 show inventory A-75 copy show logging A-32 A-76 copy acs-logs show logins A-32 A-78 CLI Reference Guide for the Cisco Secure Access Control System 5.1 IN-2 OL-18996-01...
  • Page 189 2-11 organization, document iii-x disk space, managing document audience iii-ix conventions iii-x related documentation iii-xi related iii-xi using iii-ix setup utility 1-2, 2-2 CLI Reference Guide for the Cisco Secure Access Control System 5.1 IN-3 OL-18996-01...
  • Page 190 1-1, 2-5 starting the CSACS appliance server submodes, configuration supported platforms hardware software types of commands user accounts command privileges (table) modes using PC locally utility, setup CLI Reference Guide for the Cisco Secure Access Control System 5.1 IN-4 OL-18996-01...

Table of Contents