Published On: August 6ᵗʰ, 2019 02:08

Installation and Upgrade Guide for Cisco Secure Access Control System 5.4

This chapter describes the tasks that you must perform after completing the ACS installation successfully.

This chapter contains:


To operate ACS, you must install a valid license. ACS prompts you to install a valid base license when you first access the web interface.

Note Each server requires a unique base license in a distributed deployment.

This section contains:

Types of Licenses

Table 12-1 shows ACS 5.4 license support:


Table 12-1 ACS License Support


Base License

The base license is required for all software instances deployed, as well as for all appliances. The base license enables you to use all the ACS functionality except license controlled features, and it enables standard centralized reporting features.

  • Required for each ACS instance, primary and secondary.
  • Required for all appliances.
  • Supports deployments with up to 500 network devices (AAA Clients).

The following are the types of base license:

  • Permanent—This license does not have an expiration date. Supports deployments with up to 500 network devices (AAA Clients).
  • Evaluation—Expires 90 days from the time the license is issued. Supports deployments with up to 50 managed devices.

The number of devices is determined by the number of unique IP addresses that you configure. This includes the subnet masks that you configure. For example, a subnet mask of implies 256 unique IP addresses and hence the number of devices is 256.

Add-On Licenses

Add-on licenses can only be installed on an ACS server with permanent base license. A large deployment needs permanent base license to be installed.

Accessing the Web Interface

The ACS web interface is supported on HTTPS-enabled Microsoft Internet Explorer versions 7.x, 8.x, and 9.x and Firefox version 3. x, 8.x, 9.x, and 10. x.

This section contains:

Logging In

When you log into the ACS web interface for the first time, you are prompted to install the license file.

To log into the ACS web interface:

Step 1 Enter the ACS URL in your browser.

For example, https://acs_host/acsadmin, https://[IPv6 address]/acsadmin, or https://ipv4 address/acsadmin, where /acs_host is the IP address or Domain Name System (DNS) hostname. The DNS hostname works for IPv6 when the given IP address is resolvable to both IPv4 and IPv6 formats.

The login page appears.

Note Launching the ACS web interface using IPv6 addresses is not supported in Mozilla Firefox version 4.x or later.

Step 2 In the Username field, enter ACSAdmin, which is the default username. The value is not case-sensitive.

Step 3 In the Password field, enter default, which is the default password. The value is case-sensitive.

Note Click Reset to clear the Username and Password fields and start over, if needed.

Step 4 Click Login or press Enter.

The login page reappears, prompting you to change your password.

Step 5 Enter default in the Old Password field, then enter a new password in the New Password and Confirm Password fields.

If you forget your username or password, use the acs reset-password command to reset your username to ACSAdmin and your password to default. You are prompted to change your password after a reset. See CLI Reference Guide for Cisco Secure Access Control System 5.4 for more information.

Step 6 Click Login or press Enter.

You are prompted to install a valid license, as shown in Figure 12-1.

Figure 12-1 ACS 5.4 License Screen

The license page appears only the first time that you log into ACS.

Step 7 Click Browse and choose a valid, unique base license for the ACS server.

For more information on installing a valid license, see the User Guide for Cisco Secure Access Control System 5.4.

  • If your login is successful, the main page of the ACS web interface appears.
  • If your login is unsuccessful, the following error message appears:

Invalid username or password specified.

The Username and Password fields are cleared.

Step 8 Re-enter the valid username and password, and click Login.


Logging Out

To log out of the ACS web interface:

Step 1 Click Logout in the ACS web interface header to end your administrative session.

A dialog box appears, prompting you to confirm whether you want to log out of ACS.

Step 2 Click OK.

You are logged out.

Caution For security reasons, Cisco recommends that you log out of the ACS when you complete your administrative session. If you do not log out, the ACS web interface logs you out after 30 minutes of inactivity, and does not save any unsubmitted configuration data.

For more information on using the Web Interface, see the User Guide for Cisco Secure Access Control System 5.4.


Configuring ACS

Use the ACS web interface for initial configuration setup. The ACS web interface allows you to access pages, perform configuration tasks, and view interface configuration errors.

When you finish installing the license file, perform the following ACS configuration setup:

  • Configuring system administrators and accounts
  • Configuring ACS in a distributed deployment
  • Managing system administration configurations:

Configuring global system options

Configuring dictionaries

Configuring local server certificates

Configuring logs

  • Configuring data backup
  • Configuring collection filters
  • Managing ACS logging
  • Specifying e-mail settings
  • Specifying session settings
  • Specifying system alarm settings
  • Configuring data purging
  • Configuring password policies

For details on each operation and other administrative functions, such as ACS Monitoring and Reports, see the User Guide for Cisco Secure Access Control System 5.4 .

For details on migration and problems with migration, see the Migration Guide for Cisco Secure Access Control System 5.4.

For up-to-date information on, see the Release Notes for Cisco Secure Access Control System 5.4.