Backup and restore config is a kind of task that will make our work activity easier. In this moment I want to share some steps on how to do a backup and restore config on Cisco Secure Access Control Server (ACS). Let’s jump in.
Verify FTP Service to the Server
acs-vpn-lab/cisco# telnet 172.16.0.5 port 21 Trying 172.16.0.5... Connected to 172.16.0.5. Escape character is '^]'. 220 Microsoft FTP Service
Create Software Repository
Go to System Administration –> Operation –> Software Repositories. Put the required informations. Mine is below.
Click submit when it’s done. You will see below information
Verify Repository Status
acs-vpn-lab/cisco# show repository BACKUP-FTP bootres.dll acs-vpn-lab/cisco#
I put a file (bootres.dll) on my FTP server previously to make the repository visible.
Create Conditional Backup
Now we set the ACS to backup the config to the FTP server. You may have an option to do a scheduled backup, but in this case I will do a conditional backup. Go to System Administration –> Operation –> Distributed System Management.
Click radio button on your device name and then hit backup. Supply the information needed like below.
Hit submit when it done. It will send the information to the FTP server.
Verify Backup File
acs-vpn-lab/cisco# show repository BACKUP-FTP ACS-VPN-backup-28-03-2016-160328-0006.tar.gpg bootres.dll acs-vpn-lab/cisco#
Restore Config From FTP
For this purpose, you need to execute it from the Cisco ACS command line.
acs-vpn-lab/cisco# acs restore ACS-VPN-backup-28-03-2016-160328-0006.tar.gpg repository BACKUP-FTP Restore requires a restart of ACS services. Continue? (yes/no) yes Initiating restore. Please wait... % restore in progress: Starting Restore...10% completed % restore in progress: Retrieving backup file from Repository...20% completed Please enter backup decryption password [8-32 chars]: % restore in progress: Decrypting backup data...25% completed % restore in progress: Extracting backup data...30% completed Calculating disk size for /opt/backup/restore-ACS-VPN-backup-28-03-2016-160328-0006.tar.gpg-1459123813 Total size of restore files are 12 M. Max Size defined for restore files are 13339 M. Restoring the data base will affect the distributed setup. For example, replication between primary and secondary will be broken. It is recommended to schedule a downtime to carry out the restore operation. After restore, you will have to configure each secondary to local mode and then re-connect with primary. Do you want to continue with restore operation?.<yes/no>: yes Continuing restore.. Leaving currently connected AD domains if any... Please rejoin to AD domains from the administrative GUI Stopping ACS. Stopping Management and View............................................................... Stopping Runtime...... Stopping Database....... Stopping Ntpd... Cleanup.. % Warning: Skipping restore of application 'acs'. Backup bundle does not contain data for this application.% restore in progress: Completing Restore...100% completed Starting ACS .... To verify that ACS processes are running, use the 'show application status acs' command. acs-vpn-lab/cisco#
Verify Applications Status
Config restoration will require application service to be restarted. You may verify the status with below command.
acs-vpn-lab/cisco# show application status acs Application initializing... Status is not yet available. Please check again in a minute. acs-vpn-lab/cisco#
After few second you will see the status of the applications.
acs-vpn-lab/cisco# show application status acs ACS role: PRIMARY Process 'database' running Process 'management' running Process 'runtime' running Process 'adclient' Restarting Process 'ntpd' running Process 'view-database' Restarting Process 'view-jobmanager' Restarting Process 'view-alertmanager' Restarting Process 'view-collector' Restarting Process 'view-logprocessor' Restarting acs-vpn-lab/cisco#
Wait until all applications process are running. When it is done you can access the ACS Web GUI and verify the restored configuration.
acs-vpn-lab/cisco# show application status acs ACS role: PRIMARY Process 'database' running Process 'management' running Process 'runtime' running Process 'adclient' running Process 'ntpd' running Process 'view-database' running Process 'view-jobmanager' running Process 'view-alertmanager' running Process 'view-collector' running Process 'view-logprocessor' running acs-vpn-lab/cisco#
Happy labbing!!!.
Contributor:
Ananto Yudi, CCIE Service Provider #38962, RHCSA, VCP6-DCV
nantoyudi@gmail.com
Hello thanks for the shared knowledge really appreciated and it has been very helpful.
I am upgrading our ACS
From
Cisco ACS VERSION INFORMATION
—————————–
Version : 5.3.0.40.3
Internal Build ID : B.839
Patches :
5-3-0-40-3
TO
Cisco ACS VERSION INFORMATION
—————————–
Version : 5.8
Patches :
5.8.
what are the best steps and recommendation i can apply in this situation i see people online with various issues especially after adding patches at various levels.
Thanks again
Adam Hirschfield
adam.hirschfield@gmail.com
Hi Adam, thanks for viewing my page. Honestly I never do the upgrade on the ACS as an appliance. I do the installation on vmware. Once I need to upgrade the ACS, I do some backup, Install the new ACS version, restore the config and finally, apply the appropriate patch.