Book excerpt from AAA Identity Management Security

Excerpt from AAA Identity Management Security by Vivek Santuka, Premdeep Banga, and Brandon J. Carroll and published by Cisco Press

1 2 3 4 5 Page 5
Page 5 of 5
  • EXEC: EXEC commands primarily include system-level commands such as show and reload (for example, application installation, application start and stop, copy files and installations, restore backups, and display information). In addition, certain EXEC-mode commands have ACS-specific abilities (for example, start an ACS instance, display and export ACS logs, and reset an ACS configuration to factory default settings).

  • ACS Configuration: Commands in this mode can be used to set the debug log level for the ACS management and runtime components, show system settings, reset server certificates and IP address access lists, and manage import and export processes. To access the ACS configuration mode, run the acs-config command in EXEC mode as demonstrated in Example 4-1.

  • Example 4-1  ACS CLI—Changing to ACS Configuration Mode

    ACS51/admin# acs-config
    Escape character is CNTL/D.
    Username: ACSAdmin
  • Configuration: Commands in this mode can be used to configure various system options such as interface, repository, SNMP server, and NTP, among others. To access the Configuration mode, run the configure command in EXEC mode as demonstrated in Example 4-2.

  • Example 4-2  ACS CLI—Changing to Configuration Mode

    ACS51/admin# configure
    Enter configuration commands, one per line.  End with CNTL/Z.

It is not possible to cover all the commands available in the CLI. The list that follows highlights a few important tasks and their related commands:

  • Starting and Stopping ACS Services: ACS services can be started or stopped from the EXEC mode using the acs {start | stop} command.

  • Reset ACS Configuration: To reset ACS configuration to the factory default, use the acs reset-config command at the EXEC mode.

  • Reset ACSAdmin Password:To reset the password of the default GUI admin, use the acs reset-password command from the EXEC mode.

  • Verify Configuration: To see the current configuration, use the show running-config command from the EXEC mode.

  • Verify Version Information:To see the current version, use the show version command from the EXEC mode.

  • Verify Status of ACS Processes:To verify the status of the ACS processes, use the show application status acs EXEC command.

  • Troubleshoot Connectivity: To troubleshoot network connectivity, use the ping ip address or hostname, traceroute ip address or hostname, and nslookup ip address or hostname commands from the EXEC mode.

  • Change IP Address: To change the IP address of the interface, use the ip address ip address subnet mask command in the Interface mode. To go to the Interface mode, use the interface GigabitEthernet 0 command in the Configuration mode.

  • Add a Route: To add a route to the routing table of ACS, use the ip route network-address netmask gateway gateway-address command in the Configuration mode.

  • Disable ICMP Echo Response: To stop the device from sending ICMP echo responses to echo requests received, use the icmp echo off command. Use icmp echo on command to enable the device to send echo responses.

  • Change Hostname: To change the hostname of the server, use the hostname name command in the Configuration mode.

For more details on ACS CLI commands, see the “CLI Reference Guide for the Cisco Secure Access Control System 5.1.”


At this point, you should be familiar with the interface of ACS 5.1 and the process of adding and creating different elements. Remember the flow of adding network devices and users, creating policy elements and access services. You are now prepared to add external user repositories and create complex access services for different AAA scenarios.

© Copyright Pearson Education. Reprinted by permission. All rights reserved.


Copyright © 2011 IDG Communications, Inc.

1 2 3 4 5 Page 5
Page 5 of 5
The 10 most powerful companies in enterprise networking 2022