[c-nsp] ACS 4.1 migration, anyone ?

Daniel Kratz dkratz at gmail.com
Fri May 18 18:00:08 EDT 2007 

Loc,

No.... It's not in Proxy Distribution.... When you upgrade using a secondary
server you have duplication of aaa server in Network Configuration. (one for
the group and another Not Assigned).

I'm not sure, but this behavior may be associated with the hostname. Now I'm
unable to test this.

[]'s
Kratz

On 5/18/07, Loc Pham <loc.pham at comcast.net> wrote:
>
>   Kratz,
>   Thanks for the tips. When you say " ... AAA Server config in Network
> config ... " , it would be under Proxy Distribution Entry  ?
>    Loc,
>  -------------- Original message ----------------------
> From: "Daniel Kratz" <dkratz at gmail.com>
> > Loc,
> >
> > I was experienced some bad problems when migrated to 4.1.1(23) from
> > 3.3.11in ACS-SE. First, we are unable to upgrade the software. TAC was
> > recommended
> > reimage with 4.1 recovery disk. After the upgrade we are not able to
> make ip
> > static configuration. To get up the server we are used a external dhcp
> > server.
> >
> > Last night, TAC publish a new one image 4.1.1(23) that fix the static ip
> > configuration. We proceed upgrade TACACS Administration report don't
> work
> > well. We need apply the one fix plus.
> >
> > To migrate data from data format 3.3 to 4.1 we was used a windows 2K
> > server and ACS 3 and a 4.1 trial. All data was migrated. (users, groups,
> > ndg, shell, administrative configuration, replication, etc.)
> >
> > The only caution.... If you use a external server down use the same ip
> > address of production env. We will experience problems with AAA Server
> > configuration in Network configuration. (you will need to exclude the
> temp.
> > AAA).
> >
> > My only issue today is snmp. The snmpwalk broke with error.
> >
> > We are planed use migrate the authentication to a NDS solution in 2
> weeks.
> > Any one experienced problems in this?
> >
> > Att,
> > Kratz
> >
> >
> >
> > On 5/17/07, Loc Pham <loc.pham at comcast.net> wrote:
> > >
> > >    Hello,
> > >   I migrate our test box  ACS 3.1 windows platform to 4.1 ( with help
> from
> > > TAC ).
> > >   Now, the million dollars question: Have anyone  successfully do
> similar
> > > thing and any additional test I need to do ? I would imagine spot
> checks
> > > here and there ( +5000 users / ~ 500 groups ) but may be a more stuff
> I can
> > > verify ?  Thing may just work the way it is but who know !
> > >   TIA,
> > >    Loc
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
>
>
>
>
>
> ---------- Forwarded message ----------
> From: "Daniel Kratz" <dkratz at gmail.com>
> To: "Loc Pham" <loc.pham at comcast.net>
> Date: Fri, 18 May 2007 02:56:25 +0000
> Subject: Re: [c-nsp] ACS 4.1 migration, anyone ?
> Loc,
>
> I was experienced some bad problems when migrated to 4.1.1(23) from 3.3.11in ACS-SE. First, we are unable to upgrade the software. TAC was recommended
> reimage with 4.1 recovery disk. After the upgrade we are not able to make
> ip static configuration. To get up the server we are used a external dhcp
> server.
>
> Last night, TAC publish a new one image 4.1.1(23) that fix the static ip
> configuration. We proceed upgrade TACACS Administration report don't work
> well. We need apply the one fix plus.
>
> To migrate data from data format 3.3 to 4.1 we was used a windows 2K
> server and ACS 3 and a 4.1 trial. All data was migrated. (users, groups,
> ndg, shell, administrative configuration, replication, etc.)
>
> The only caution.... If you use a external server down use the same ip
> address of production env. We will experience problems with AAA Server
> configuration in Network configuration. (you will need to exclude the temp.
> AAA).
>
> My only issue today is snmp. The snmpwalk broke with error.
>
> We are planed use migrate the authentication to a NDS solution in 2 weeks.
> Any one experienced problems in this?
>
> Att,
> Kratz
>
>
>
> On 5/17/07, Loc Pham <loc.pham at comcast.net> wrote:
> >
> >    Hello,
> >   I migrate our test box  ACS 3.1 windows platform to 4.1 ( with help
> > from TAC ).
> >   Now, the million dollars question: Have anyone  successfully do
> > similar thing and any additional test I need to do ? I would imagine spot
> > checks here and there ( +5000 users / ~ 500 groups ) but may be a more stuff
> > I can verify ?  Thing may just work the way it is but who know !
> >   TIA,
> >    Loc
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
>

More information about the cisco-nsp mailing list