Product Number DOC-CSASC2.2.2UXIG=
Use this guide to install CiscoSecure Access Control Server (ACS) 2.2.2 for UNIX. This guide contains the following sections:
- Start with this section. It describes the basic CiscoSecure ACS installation.
- Read this section if you are installing on top of Solaris 2.5.1. It describes Solaris 2.5.1 patches necessary to run the CiscoSecure ACS.
- Read this section if you are upgrading from a previous version of the CiscoSecure ACS.
- Read this section if you intend to use an Oracle database engine to support the CiscoSecure ACS. It describes the pre-installation Oracle configuration requirements.
- Read this section if you intend to use a Sybase database engine to support the CiscoSecure ACS. It describes the pre-installation Sybase configuration requirements.
- This section lists the online and printed sources of CiscoSecure documentation.
- Read this section if you intend to install the CiscoSecure ACS on a workstation with no CD-ROM.
- Read this section if you intend to run third-party programs that directly edit the CiscoSecure profile database.
- Read this section for information on Cisco's on-line software support connection.
- Read this section for information on Cisco's updated documentation DC-ROM.
This section describes the basic procedures for first-time installation of CiscoSecure ACS 2.2.2 for UNIX at most sites.
Note If you are upgrading from a previous version of CiscoSecure ACS 2.x, see
"Upgrading from CiscoSecure ACS 2.x to 2.2.2," page 9 for additional instructions.
The CiscoSecure ACS package includes the following items:
- CD-ROM labeled "CiscoSecure ACS 2.2.2 for UNIX"
- Release notes (read before starting installation)
- "Requires Immediate Attention" form for software key
- Cisco Information Packet
The network components for CiscoSecure ACS for UNIX consist of the CiscoSecure ACS itself, one or more network access servers (NASes), a web-based console from which to manage CiscoSecure (this can be a separate workstation or on the same SPARCstation where the CiscoSecure ACS is installed), optional database servers, and optional token servers.
The Cisco Secure ACS requires the following hardware and software:
- Sun SPARCstation or compatible workstation (SPARC 20--167 Mhz or faster)
- Minimum 256 MB of swap space
- 128 MB of RAM
- Minimum 250 MB of free disk space for 5000 users (if you are using the supplied SQLAnywhere database)
- CD-ROM drive
Note If you need to install CiscoSecure on a SPARCstation with no CD-ROM drive, you can download the CiscoSecure installion package from the Cisco Systems web page. (See "Installing without a CD-ROM," page 14.)
- Solaris 2.6, or Solaris 2.5.1 with patches (see "Solaris 2.5.1 Patches," page 9 for special instructions concerning Solaris 2.5.1)
Note To check your version of Solaris, enter the Solaris command uname -a. If the system returns 5.5.1, Solaris 2.5.1 is installed. If the system returns 5.6, Solaris 2.6 is installed.
- Cisco IOS software (Release 11.2 or later)
The web-browser-based CiscoSecure ACS workstation console requires the following hardware and software:
- Pentium 90 or faster PC, or a SPARCstation
Note The SPARCstation can either be a separate workstation or the same SPARCstation on which the CiscoSecure ACS will be installed.
- 32 MB of RAM
- SVGA display with resolution of 1024 x 768 or higher
- Minimum 1 MB of video RAM (2 MB recommended)
- 17-inch or larger monitor recommended
- One of the following web browsers:
- Netscape Navigator (3.01 through 4.03 on Windows 95 or NT, 4.04 on Solaris 2.5.1 or 2.6)
- Netscape Communicator (4.x or later on Windows 95 or NT)
- Internet Explorer (3.01, 3.02, or 4.01 on Windows 95 or NT)
Note The browser must be enabled for Java and Java Script.
To support CiscoSecure database requirements, you have your choice of using the supplied SQLAnywhere database engine, or using supported versions of your own pre-installed Oracle Enterprise or Sybase Enterprise software running on your network.
Supported database engines include:
- The supplied SQLAnywhere database--this option does not require preinstallation on the network.
Note The SQLAnywhere database engine does not support networks of more than 5,000 users and does not support database replication. If your network requires these user database capabilities, Cisco recommends preinstalling the Oracle Enterprise or Sybase Enterprise database engine.
- Oracle Enterprise version 7.3.2, 7.3.3, 7.3.4 or 8.0.x--Requires pre-installation and configuration. It must be running during the CiscoSecure ACS installation. See "Setting Up an Oracle Database for CiscoSecure," page 11 for instructions of configuring this software to support the CiscoSecure ACS.
- Sybase Enterprise version 11.0.2 or higher--Requires pre-installation and configuration. It must be running during the CiscoSecure installation. See "Setting Up a Sybase Enterprise SQL Server for CiscoSecure," page 12 for instructions on configuring this software to support the CiscoSecure ACS.
If you are supporting Token servers, they must be installed on the network before you install CiscoSecure ACS. Supported Token servers include:
- CRYPTOCARD
- Secure Computing
- Security Dynamics, Inc.
Note If you are upgrading from a previous version of CiscoSecure, see
"Upgrading from CiscoSecure ACS 2.x to 2.2.2," page 9 for instructions on using your old software license key.
If you are installing the CiscoSecure ACS for the first time on this SPARCstation, do the following:
Step 1 At the SPARCstation where you want to install CiscoSecure ACS, enter the hostid command to obtain the host ID of the system host. For example,
# /usr/ucb/hostid
55412315
Step 2 Note the host ID for the primary and backup CiscoSecure ACS systems.
Step 3 Note the token code on the label attached to the case of the CiscoSecure ACS 2.2.2 for UNIX CD-ROM.
Step 4 To receive your software license key immediately, access and supply the above information to the CiscoSecure licensing web site at:
Alternatively, you can fill out the CiscoSecure Software Key Fax-Back form in the document labeled "Requires Immediate Attention" and fax it to the number provided.
You can also e-mail this information to: licensing@cisco.com.
You'll receive your license key within three business days.
Step 5 When you get the license key, transcribe it into the blank for Enter the AAA Server License Key, in step D. Pre-Answer Your Install Questions.
Note The CiscoSecure ACS software is licensed per server. Each CiscoSecure ACS requires its own license. You can also use a backup server license to allow sites to run redundant systems to back up system security and accounting information.
The questions you will be asked during the CiscoSecure ACS installation are similar to those below.
Note Save these answers for both
installation and
post-installation configuration.
- Is this a completely new install (Y/N)? __________________
- The answer is Yes unless you have installed a previous version of CiscoSecure ACS (2.x) and want to use the same database information.
- Enter the directory name to install CiscoSecure into. ______________________________________________
- The disk space requirement for this directory is 120 MB.
- IP Address to use for CiscoSecure. ______________________
- The default is the primary IP address of the server on which you are installing the CiscoSecure ACS. For single server installation, use the default; otherwise, specify the address of the first ACS.
- Enter the AAA Server License Key. ______________________
- Specify the software license key code that you received after you accessed the CiscoSecure licensing web site or filled out the "CiscoSecure Software Key Fax Back Form."
- If the hostname of this server is not the same as its fully qualified domain name (FQDN), enter the FQDN. ____________________________________
- Specify the FQDN of the SPARCstation where you are installing the ACS only if the FQDN is different from the host name; otherwise, accept the default (host name) value for this prompt.
- Enter the TACACS+ NAS name you will be using. ___________________________
- To support TACACS+ enabled NAS(es), either specify the host name of one such NAS, or indicate that any NAS with a specified TACACS+ secret key will be using the CiscoSecure ACS.
- Enter the TACACS+ NAS secret key. ____________________
- If you intend to support TACACS+ enabled NAS(es), specify a secret TACACS+ key string.
- Select token card(s) or none: (1. CRYPTOCARD, 2. Secure Computing, 3. Security Dynamics, Inc.) __________________
- If you want to support one of the listed Token Cards, specify the card you want to support.
Note Selecting Security Dynamics Incorporated requires that the SDI client software be properly installed before the ACS is started.
- [If Secure Computing] Do you want to use CiscoSecure's SafeWord GUI Software (Y/N)? ____________________________
- This feature requires local root read/write file access to the SafeWord directory.
- [If Secure Computing] Enter the directory path for the SafeWord Software. _____________________________
- Enable SafeWord's IMPORT/EXPORT option in the Secure Computing SafeWord application program.
- [If Secure Computing] Enter the IP Address of the Secure Computing Server. ______________________________
- Choose a Database: (1. SQLAnywhere, 2. Oracle Enterprise, 3. Sybase Enterprise) _______________________
- Specify the database for the AAA data. SQLAnywhere is the default choice and is supplied with the CiscoSecure ACS. Oracle Enterprise or Sybase Enterprise support require that those products already be installed and accessible on your network.
Note The SQLAnywhere database engine does not support networks of more than 5,000 users and does not support database replication. If your network requires these database capabilities, Cisco recommends preinstalling the Oracle Enterprise or Sybase Enterprise database engine.
- If SQLAnywhere, the directory where you want the database files to be created. ________________________________
- This directory requires disk space of 256 KB per 1000 users.
- If Sybase or Oracle, the username and password to the DB account that has been assigned database space for the CiscoSecure ACS data. ___________________________________
- If Oracle, the path to the $ORACLE_HOME directory, where Oracle is installed. _________________________________
- If Oracle, the TNS Service name of the Oracle Server. __________________________________
- If Sybase [Enterprise], the name of the Sybase SQL Server. __________________________________
- If Sybase [Enterprise], the name of the database to use for CiscoSecure. ________________________________
- If Sybase [Enterprise], the path to the $SYBASE directory where Sybase is installed. ________________________________
- If not a New Install, do you want to drop and re-init existing Database Tables (Y/N)? ____________________________
- If this is not a new installation, specify whether you want to remove the existing tables in the database and create new ones.
Note Dropping existing tables will delete all existing CiscoSecure ACS data. Existing ACS data will not be carried over to new tables.
- Enter an available TCP/IP port to be reserved for the CiscoSecure database server process. ____________________________
- The default port is 9900. Unless you know that port 9900 is used by another process, specify the default.
- Enter a unique name for the CiscoSecure DB server process. ____________________________
- Specify any unique string. The default value is CSdbServer.
- Enter the directory path to use for the AAA server profile caching. ______________________________
- Specify the path and directory that you want the CiscoSecure ACS to use for profile caching. A file will be created there that will be used for local caching of CiscoSecure user profiles to accelerate system performance.
- If no directory is specified, the root directory of the system will be used for profile caching.
Step 1 Log in as root at the SPARCstation where you want to install the CiscoSecure ACS.
Step 2 Insert the CD-ROM labeled "CiscoSecure ACS 2.2.2 for UNIX" and enter:
pkgadd -d /cdrom/csus_22 CSCEacs
The installer displays the first of a series of installation prompts:
Is this a completely new install Y/N (Default yes, q to quit)?
Step 3 Complete the installation using the pre-installation information that you recorded in step D. Pre-Answer Your Install Questions. After installation is complete, the system displays:
Installation of CSEacs was successful.
Step 4 Start the CiscoSecure ACS. Enter:
# /etc/rc2.d/S80CiscoSecure
To see the HTML-based CiscoSecure ACS 2.2.2 for UNIX User Guide from any workstation with a web connection to the ACS, open your web browser and enter:
http://acs_server:9090/docs/csunx222.htm
where acs_server is the host name (or the FQDN, if it is different from the host name) of the server where you installed the CiscoSecure ACS. You can also substitute the server's IP address.
- If you are installing CiscoSecure ACS for the first time, go to the chapter titled, "Configuring Initial Test Group and User Profiles," for instructions on setting up an initial test user profile.
- If you are upgrading from CiscoSecure Version 1.2 or higher and already have user and group profiles set up, go to the chapter "Introduction to the CiscoSecure Software," for a listing of new CiscoSecure ACS features.
- If you are upgrading from CiscoSecure Version 1.0x, go to the appendix "Converting an Existing AA Database to a CiscoSecure ACS 2.2.2 Database."
For a detailed list of the online documentation available, see "Accessing CiscoSecure ACS 2.2.2 for UNIX Documentation," page 13.
CiscoSecure ACS 2.2.2 for UNIX makes use of the native threads feature of the Java Developers Kit (JDK) 1.1.4. SPARCstations running Solaris 2.5.1 require the following three Solaris patches to support CiscoSecure ACS 2.2.2:
- 103566-08 (or a later version of this patch)
- 103600-03 (or a later version of this patch)
- 103640-08 (or a later version of this patch)
These patches or their latest versions can be downloaded from:
ftp://sunsolve.sun.com/pub/patches
README files for each patch are also available at this site.
You can use the Solaris showrev -p command to determine what Solaris patches are already installed on the system.
If you are upgrading from CiscoSecure ACS 2.0, 2.1, or 2.1.2, complete the following steps:
Step 1 Before you start the upgrade installation, read the file $BASEDIR/config/CSU.cfg and write down the software key value for use during installation.
$BASEDIR is the install directory for CiscoSecure that you specified at the time of installation. For example, if you specified "ciscosecure" as the install location, the file is located at /ciscosecure/config/CSU.cfg. Below is an example of the line in the CSU.cfg file that contains the software key value:
LIST config_license_key = {"a9505ad08a77f927afa4"};
Step 2 Prepare your CiscoSecure ACS 2.x database for upgrade to ACS 2.2.2 format.
- Back up your CiscoSecure ACS 2.x database.
- Export all the accounting records to an external file by running the AcctExport utility.
During the CiscoSecure ACS installation an automated database upgrading process will implement database schema changes. These schema changes include recreating a profile data table (cs_profile) as well as accounting data table (cs_accounting_log).
Step 3 (Optional) If you want to preserve your old debug level, local time zone, TACACS+ NAS configurations, and supported authentication methods settings for the ACS, save the current $BASEDIR/config/CSU.cfg file to a holding directory.
Step 4 (Optional) If you want to preserve your old unknown_user default profile settings, save the current $BASEDIR/config/DefaultProfile file to a holding directory.
Step 5 Remove the current version of the CiscoSecure ACS from the SPARCstation. Log in as root and enter:
Step 6 Install CiscoSecure ACS 2.2.2 for UNIX following the procedures described in the "Basic Installation Procedures," page 2; however, do not access the CiscoSecure license web site or submit the faxback form. You do not need a new software license.
Step 7 During installation, enter the appropriate key (either primary or backup) when prompted by the installer and complete the installation.
Note If you did not enter the software key value at the time of installation, you can specify it after installation in the CiscoSecure License Key field in the CiscoSecure ACS AAA General web page.
Note Depending on the number of user profiles existing in the CiscoSecure ACS database, the database upgrade phase of CiscoSecure installataion could take some time. Approximately 5 minutes of conversion time is required for every 10000 user profiles.
Step 8 If the CiscoSecure installation procedure fails during the the database upgrade phase due to a fixable condition (such as database resources errors), do the following:
(a) Fix the condition that caused the failure.
(b) Manually complete the database upgrade procedure by changing to the CiscoSecure $BASEDIR/utils/bin directory and running the CSdbTool utility. Enter: ./CSdbTool upgrade
(c) Remove the CiscoSecure binary files again. Enter: pkgrm CSCEacs
(d) Restart the CiscoSecure installation. Enter: pkgadd -d /cdrom/csus_22 CSCEacs
Even though the database upgrade is now complete, running the installation procedure again ensures that all other necessary installation tasks will be carried out. Because the CiscoSecure ACS database upgrade is already complete, this portion of the installation will now be skipped.
Step 9 (Optional) After installation, if you saved your old CSU.cfg file as described in Step 3, you can cut and paste your old settings from your old CSU.cfg file to the new CSU.cfg file to restore your original ACS debug level, local time zone, TACACS+ NAS configurations, and supported authentication methods settings. See the section "Server Control File" in the appendix "CiscoSecure ACS File Formats and Syntax" in the CiscoSecure ACS 2.2.2 for UNIX User Guide for a listing of CSU.cfg settings.
Alternatively, you can simply re-enter these settings through the new CiscoSecure ACS AAA General and AAA NAS web pages.
 Caution
| Do not copy the old CSU.cfg file over the new CSU.cfg file. The new CSU.cfg file contains important new settings specific to CiscoSecure ACS 2.2.2 for UNIX.
|
Step 10 (Optional) After installation, if you saved your old DefaultProfile file as described in Step 4, you can use the CiscoSecure ACS 2.2.2 CSImport utility to import your old unknown_user default profile settings into your new ACS installation. Enter:
CSimport -c -p /hold_dir -s DefaultProfile
where hold_dir is the holding directory where you stored the old DefaultProfile file.
Oracle software is not bundled with the CiscoSecure ACS. Therefore the CiscoSecure installation does not install or configure the Oracle product, create an Oracle database, or create a database user.
If you intend to use an Oracle database with the CiscoSecure ACS, make sure the Oracle database meets the following requirements:
- Oracle version should be 7.3.2, 7.3.3, 7.3.4 or 8.0.x.
Note If you intend to support Oracle database replication, you require Oracle version 7.3.3, 7.3.4, or 8.0x installed. In addition, Oracle 7.3.3 and 7.3.4 require the Symmetric Replication Option and Distributed Database Option packages installed to support database replication. Oracle 8 does not require these packages.
- The following Oracle products should be installed with the Oracle server (minimum):
- Oracle 7 or Oracle 8 Server
- SQL*Net Version 2 and up
- Oracle TCP/IP protocol adapter
- The following Oracle products should be installed where the CiscoSecure ACS will be installed (minimum):
- SQL*Net Version 2 and up--module on the CiscoSecure server must be from Oracle 7.3.4 or higher
- Oracle TCP/IP protocol adapter--module on the CiscoSecure server must be from Oracle 7.3.4 or higher
Note To upgrade to the above modules from a lower version, run the Oracle installation program, select the upgrade option, and select to upgrade the client versions of these modules.
- Make sure the Oracle server and tnslsnr processes are loaded and running before installing the CiscoSecure ACS.
- CiscoSecure ACS requires an Oracle user database account set up prior to the CiscoSecure installation.
- This user account must have a privilege to create/drop tables. (Connect and Resource privilege).
- This user account should also have Select privilege on two of Oracle's system views: sys.dba_free_space and sys.dba_users.
- The Oracle tablespace where the account belongs should have at least 200 MB of data space, 100 MB of rollback tablespace, and 50 MB of temporary tablespace available.
- CiscoSecure ACS installation prompts require the following information concerning your Oracle installation:
- TNS name--Name for the Oracle server. It should be defined in Oracle's tnsnames.ora file.
- Oracle user--Database account (not Solaris account) which has resource privilege.
- Oracle user's password.
- Oracle home--Absolute pathname of the directory where the Oracle product is installed. This should be same as the ORACLE_HOME environment variable that is defined when Oracle is installed. Do not confuse this directory with the home directory of the Solaris user account for Oracle, such as /home/oracle.
- Connections--Specifies how many connections that the CiscoSecure ACS can make to the Oracle Server. The CiscoSecure ACS will make that number of connections when it starts up.
Check the following items on the Oracle database.
- Check if SQL*Net and TCP/IP protocol adapter are installed on the system where the CiscoSecure ACS is being installed.
- Using Oracle's tools such as SQL*Plus or tnsping, check if you can connect to the Oracle Server using the TNS name, the database user name, and the password.
Note See Oracle's Network Products Troubleshooting Guide for help in determining the SQL*Net configuration problems.
- Check if Oracle's shared library exists.
- $ORACLE_HOME/lib/libclntsh.so.1.0
- If the shared library does not exist, then this points to an Oracle installation problem. The library is installed as part of SQL*Net.
If you intend to use a Sybase Enterprise database with the CiscoSecure ACS, make sure the Sybase Enterprise SQL server meets the following requirements:
- SQL Server should be version 11.0.2 or higher. The SQL Server could be on a local or a remote system. At the time of the CiscoSecure ACS installation, the SQL Server should be running.
- Sybase Open Client/C of version 11.1 or higher should be installed and configured on the system where the CiscoSecure ACS is installed. This includes proper configuration of the $SYBASE/interfaces file.
- Prior to the CiscoSecure installation, set up an SQL server login account that CiscoSecure can use to connect to the SQL server.
- In addition, it is recommended that customer create a separate database for the CiscoSecure ACS and create a database login account as the owner of the database. The size of database depends on the user/group profiles and accounting data expected.
CiscoSecure installation will prompt for the following information related to Sybase
- Sybase install directory
- SQL Server name--Name of SQL Server defined in the $SYBASE/interfaces file
- Database user account and password
- Database to use with the CiscoSecure ACS
- Number of database connections that the CiscoSecure ACS can use
After you install the CiscoSecure ACS 2.2.2 for UNIX software, four sources of online documentation are available to you:
- CiscoSecure ACS 2.2.2 for UNIX User Guide (bound, printed version)
- Available with the CiscoSecure ACS 2.2.2 for UNIX product package.
- HTML-based help for descriptions of individual fields in the CiscoSecure ACS Administrator web-based interface.
- To access--While running the CiscoSecure ACS Administrator web pages, you can access an HTML help for individual fields by clicking on the field name. You can also click Help on the menu bar.
- CiscoSecure ACS 2.2.2 for UNIX User Guide (HTML version)
- Available on your installed CiscoSecure ACS or at the Cisco Documentation website.
- To access--While running the CiscoSecure ACS Administrator web pages, click Help, then click User Guide.
- If you are not running the CiscoSecure ACS Administrator web pages, you can access the guide directly at:
http://acs_srvr:9090/docs/csunx222.htm
- where acs_srvr is the host name (or the FQDN, if it is different from the host name) of the server where you installed the CiscoSecure ACS. You can also substitute the server's IP address.
- This document is also available at the Cisco Documentation web site:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft
- CiscoSecure ACS 2.2.2 for UNIX User Guide (PDF version)
- Readable with the Adobe Acrobat Reader, with full search capabilities and hypertexted table of contents and index. Printable with full hard copy formatting. Available on your installed CiscoSecure ACS.
- To access--While running the CiscoSecure ACS Administrator web pages, click Help, click User Guide, and then click the PDF icon on the Contents page of the user guide. You need Adobe Acrobat Reader installed on your system. Free copies of the Acrobat Reader can be downloaded from the Adobe website:
http://www.adobe.com
- Frequently Asked Questions
- A compilation of answers to frequently asked questions about CiscoSecure ACS features. Available on your installed CiscoSecure ACS.
- To access--While running the CiscoSecure ACS Administrator web pages, click Help, then click Frequently Asked Questions.
If you do not have a CD-ROM drive attached to the SPARCstation where you want to install the CiscoSecure ACS, download the installation software from the Cisco web site and run the installation program as follows:
Note To take the steps described in this section, you must have a valid SmartNet account. If you do not have a SmartNet account, contact your authorized Cisco Systems support representative for instructions.
Step 1 Make sure the SPARCstation where you want to install the CiscoSecure ACS has at least 150 MB of available disk space to accommodate the CiscoSecure installation download package.
Step 2 Go to the CiscoSecure Software Planner URL:
You are prompted for a username and password in order to access Cisco Connection Online (CCO).
Step 3 Using your SmartNet account, log in to CCO, specifying your username and password as prompted.
Step 4 Click Download CiscoSecure Software. The CiscoSecure Server Software Images page appears.
Step 5 Click the button beside the applicable version of CiscoSecure Solaris. If you agree to the terms of the software agreement, click Execute. You are prompted to specify the location from which to transfer the software image.
Step 6 Click the location of the CCO server that is closest to your target CiscoSecure server. You are prompted again for your CCO password.
Step 7 Enter your CCO password. A file is copied to your home directory.
Step 8 Uncompress the CiscoSecure ACS software package by entering the following command at the UNIX prompt:
uncompress CiscoSecure-2.2.x.x.solaris.PKG.Z
Step 9 Translate the package file by entering the following command at the UNIX prompt:
pkgtrans CiscoSecure-2.2.x.x.solaris.PKG /tmp
The following output displays:
The following packages are available:
1 CiscoSecure-2.2.x.x CiscoSecure Access Control Software
(sun4) x.x
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Step 10 Enter 1.
The download operation is now complete.
Step 11 Obtain your server license key and answer the preinstallation questions according the instructions in the section, "Basic Installation Procedures," page 2.
Note Do not enter the "pkgadd -d/cdrom/csus_22 CSCEacs" string to start the installation program.
Step 12 To start the installation program enter:
Profile cache updating must be enabled for ACS servers whose CiscoSecure profile databases are modified directly by Oracle or Sybase database replication implementations or by third-party applications.
In the case of Oracle or Sybase database replication, you enable profile cache updating in the process of implementing the replication.
If you are using third-party applications that directly modify the CiscoSecure ACS profile data, use the following procedure to enable profile cache updating following the normal CiscoSecure installation.
Note For profile cache updating to work, the database user account used by the third-party application must be
different from the user account that you specified when you originally installed and configured the Oracle or Sybase engines for the CiscoSecure ACS.
Step 1 After completing the CiscoSecure ACS installation on your UNIX host, change to the CiscoSecure $BASEDIR/utils/bin directory and run the CSdbTool utility. Enter:
This installs triggers in the CiscoSecure ACS database tables that insert the changes in a special log table, cs_trans_log, whenever a third-party program alters any profile data. These changes are periodically incorporated into the profile cache.
Step 2 In the CSConfig.ini file, make sure the following parameters are set:
[ProfileCaching]
EnableProfileCaching = ON
;polling period in minutes for cs_trans_log table
DBPollinterval = number_of_minutes
where number_of_minutes is the time in minutes that the customer wants between profile cache updates. This interval should match the intervals at which database replication or third-party applications directly modify the ACS profile data. For example, if database replication is configured to take place every 15 minutes, then the number_of_minutes for DBPollinterval should also be set to 15.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar, select Documentation, and click Enter the feedback form. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
