Solved

Cisco ACS mixed versions

Posted on 2016-10-10
8
78 Views
Last Modified: 2016-10-12
Is there any problem having a Cisco ACS cluster where the primary is at version 5.4 and the new secondaries are at software version 5.8? Thank you.
0
Comment
Question by:amigan_99
  • 3
  • 3
  • 2
8 Comments
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 41838304
Don't do it!  Databases are slightly different and there's functionality in 5.8 that's not in 5.4.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 41838582
To add it is also evident that such mixed of 5.4 and 5.8 may have issues as ACS 5.8 does support upgrade from three releases back; At best 5.5 and above and even then in 5.5 it need to go through an upgrade preferably to 5.6 or 5.7 before into 5.8. But even than for older version to work as primary and secondary having newer version it needs the primary to be able to hold info from the new version which in this case can be incompatible and upgrading may even be an issue and not to talk about working in mixed environment. Just some thoughts on this, if it helps.

Also note
Usually, in a deployment scenario where multiple ACS instances are involved, the primary ACS instance functions as a master database for the configuration data, and one of the secondary ACS instances stores the Monitoring and Report data. You can also use the primary instance to store the Monitoring and Report data.

Initially, you need to upgrade the log collector server to ACS 5.8 and use this server as a common log collector between the ACS 5.7 and 5.8 deployments, until the 5.8 upgrade for all servers is complete.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 41838629
Thank you. Sounds like a downgrade for the new gear is in order as a change window to get to 5.8 corporate-wide would not happen any time soon. Should the procedure here for 5.4 installation be sufficient to get the newer 3415s to 5.4? http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/installation/guide/csacs_book/csacs_ins_acs_in_ucs.html
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 62

Expert Comment

by:btan
ID: 41839312
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 41839342
Do a fresh install of 5.4 on the secondary then upgrade ALL boxes to 5.8 later. Be careful though, 5.8 uses certificates to authenticate each node so you need to turn that off first, after each box is upgraded, on each node if you haven't deployed certs to each ACS.

You can upgrade straight to 5.8.
1
 
LVL 1

Author Comment

by:amigan_99
ID: 41839474
Each node in the cluster has a *.acme.com cert for management. Should that do the trick?
0
 
LVL 62

Expert Comment

by:btan
ID: 41839481
It should represent your FQDN name and not using wildcard. Unfortunately Wildcard certificates are not supported with ACS. You need the certificate to be specific on the dedicated host name or use of single UCC cert (with a list of SAN).

https://supportforums.cisco.com/discussion/10955841/acs-wildcard-certificate-install-peap
1
 
LVL 1

Author Comment

by:amigan_99
ID: 41840696
Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ensuring effective and secure communication in the age of healthcare BYOD.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question