Home > Articles > Cisco Network Technology > General Networking > Cisco AAA Identity Management Security: Getting Familiar with ACS 5.1

Cisco AAA Identity Management Security: Getting Familiar with ACS 5.1

Chapter Description

ACS 5.1 has a completely different user interface from ACS 4.2. Throughout the course of this chapter you will become familiar with the GUI and know where different functions are located.

ACS 5.1 Command-Line Interface (CLI)

ACS 5.x, unlike previous versions, provides a CLI for configuration and monitoring along with a GUI. You can access the ACS CLI through a secure shell (SSH) client or the console port.

Two different types of accounts are available for accessing the CLI:

  • Admin: Admin accounts have full configuration and monitoring access.
  • Operator: Operator accounts have monitoring access only.

This section assumes use of an Admin account to access the CLI.

The ACS CLI is similar to IOS CLI in look, feel, modes, and command structure. You can use the question mark (?) to see the help and the Tab key to complete a command. Logging in to the ACS server places you in the Operator (user) mode or the Admin (EXEC) mode. Typically, logging in requires a username and password.

You can always tell when you are in the Operator (user) mode or Admin (EXEC) mode by looking at the prompt. A right angle bracket (>) appears at the end of the Operator (user) mode prompt; a pound sign (#) appears at the end of the Admin mode prompt, regardless of the submode.

Three command modes are available on the CLI:

  • EXEC: EXEC commands primarily include system-level commands such as show and reload (for example, application installation, application start and stop, copy files and installations, restore backups, and display information). In addition, certain EXEC-mode commands have ACS-specific abilities (for example, start an ACS instance, display and export ACS logs, and reset an ACS configuration to factory default settings).
  • ACS Configuration: Commands in this mode can be used to set the debug log level for the ACS management and runtime components, show system settings, reset server certificates and IP address access lists, and manage import and export processes. To access the ACS configuration mode, run the acs-config command in EXEC mode as demonstrated in Example 4-1.

    Example 4-1. ACS CLI—Changing to ACS Configuration Mode

  • Configuration: Commands in this mode can be used to configure various system options such as interface, repository, SNMP server, and NTP, among others. To access the Configuration mode, run the configure command in EXEC mode as demonstrated in Example 4-2.

Example 4-2. ACS CLI—Changing to Configuration Mode

It is not possible to cover all the commands available in the CLI. The list that follows highlights a few important tasks and their related commands:

  • Starting and Stopping ACS Services: ACS services can be started or stopped from the EXEC mode using the acs {start | stop} command.
  • Reset ACS Configuration: To reset ACS configuration to the factory default, use the acs reset-config command at the EXEC mode.
  • Reset ACSAdmin Password: To reset the password of the default GUI admin, use the acs reset-password command from the EXEC mode.
  • Verify Configuration: To see the current configuration, use the show running-config command from the EXEC mode.
  • Verify Version Information: To see the current version, use the show version command from the EXEC mode.
  • Verify Status of ACS Processes: To verify the status of the ACS processes, use the show application status acs EXEC command.
  • Troubleshoot Connectivity: To troubleshoot network connectivity, use the ping ip address or hostname, traceroute ip address or hostname, and nslookup ip address or hostname commands from the EXEC mode.
  • Change IP Address: To change the IP address of the interface, use the ip address ip address subnet mask command in the Interface mode. To go to the Interface mode, use the interface GigabitEthernet 0 command in the Configuration mode.
  • Add a Route: To add a route to the routing table of ACS, use the ip route network-address netmask gateway gateway-address command in the Configuration mode.
  • Disable ICMP Echo Response: To stop the device from sending ICMP echo responses to echo requests received, use the icmp echo off command. Use icmp echo on command to enable the device to send echo responses.
  • Change Hostname: To change the hostname of the server, use the hostname name command in the Configuration mode.

For more details on ACS CLI commands, see the "CLI Reference Guide for the Cisco Secure Access Control System 5.1."