[c-nsp] ACS 4.1 migration, anyone ?
Loc Pham
loc.pham at comcast.net
Fri May 18 18:16:13 EDT 2007
Thanks for clarify Kratz.
Now if I can find my bulletproof vest to wear after the upgrade ;-)))
lP
-------------- Original message ----------------------
From: "Daniel Kratz" <dkratz at gmail.com>
> Loc,
>
> No.... It's not in Proxy Distribution.... When you upgrade using a secondary
> server you have duplication of aaa server in Network Configuration. (one for
> the group and another Not Assigned).
>
> I'm not sure, but this behavior may be associated with the hostname. Now I'm
> unable to test this.
>
> []'s
> Kratz
>
> On 5/18/07, Loc Pham <loc.pham at comcast.net> wrote:
> >
> > Kratz,
> > Thanks for the tips. When you say " ... AAA Server config in Network
> > config ... " , it would be under Proxy Distribution Entry ?
> > Loc,
> > -------------- Original message ----------------------
> > From: "Daniel Kratz" <dkratz at gmail.com>
> > > Loc,
> > >
> > > I was experienced some bad problems when migrated to 4.1.1(23) from
> > > 3.3.11in ACS-SE. First, we are unable to upgrade the software. TAC was
> > > recommended
> > > reimage with 4.1 recovery disk. After the upgrade we are not able to
> > make ip
> > > static configuration. To get up the server we are used a external dhcp
> > > server.
> > >
> > > Last night, TAC publish a new one image 4.1.1(23) that fix the static ip
> > > configuration. We proceed upgrade TACACS Administration report don't
> > work
> > > well. We need apply the one fix plus.
> > >
> > > To migrate data from data format 3.3 to 4.1 we was used a windows 2K
> > > server and ACS 3 and a 4.1 trial. All data was migrated. (users, groups,
> > > ndg, shell, administrative configuration, replication, etc.)
> > >
> > > The only caution.... If you use a external server down use the same ip
> > > address of production env. We will experience problems with AAA Server
> > > configuration in Network configuration. (you will need to exclude the
> > temp.
> > > AAA).
> > >
> > > My only issue today is snmp. The snmpwalk broke with error.
> > >
> > > We are planed use migrate the authentication to a NDS solution in 2
> > weeks.
> > > Any one experienced problems in this?
> > >
> > > Att,
> > > Kratz
> > >
> > >
> > >
> > > On 5/17/07, Loc Pham <loc.pham at comcast.net> wrote:
> > > >
> > > > Hello,
> > > > I migrate our test box ACS 3.1 windows platform to 4.1 ( with help
> > from
> > > > TAC ).
> > > > Now, the million dollars question: Have anyone successfully do
> > similar
> > > > thing and any additional test I need to do ? I would imagine spot
> > checks
> > > > here and there ( +5000 users / ~ 500 groups ) but may be a more stuff
> > I can
> > > > verify ? Thing may just work the way it is but who know !
> > > > TIA,
> > > > Loc
> > > > _______________________________________________
> > > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > >
> >
> >
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: "Daniel Kratz" <dkratz at gmail.com>
> > To: "Loc Pham" <loc.pham at comcast.net>
> > Date: Fri, 18 May 2007 02:56:25 +0000
> > Subject: Re: [c-nsp] ACS 4.1 migration, anyone ?
> > Loc,
> >
> > I was experienced some bad problems when migrated to 4.1.1(23) from 3.3.11in
> ACS-SE. First, we are unable to upgrade the software. TAC was recommended
> > reimage with 4.1 recovery disk. After the upgrade we are not able to make
> > ip static configuration. To get up the server we are used a external dhcp
> > server.
> >
> > Last night, TAC publish a new one image 4.1.1(23) that fix the static ip
> > configuration. We proceed upgrade TACACS Administration report don't work
> > well. We need apply the one fix plus.
> >
> > To migrate data from data format 3.3 to 4.1 we was used a windows 2K
> > server and ACS 3 and a 4.1 trial. All data was migrated. (users, groups,
> > ndg, shell, administrative configuration, replication, etc.)
> >
> > The only caution.... If you use a external server down use the same ip
> > address of production env. We will experience problems with AAA Server
> > configuration in Network configuration. (you will need to exclude the temp.
> > AAA).
> >
> > My only issue today is snmp. The snmpwalk broke with error.
> >
> > We are planed use migrate the authentication to a NDS solution in 2 weeks.
> > Any one experienced problems in this?
> >
> > Att,
> > Kratz
> >
> >
> >
> > On 5/17/07, Loc Pham <loc.pham at comcast.net> wrote:
> > >
> > > Hello,
> > > I migrate our test box ACS 3.1 windows platform to 4.1 ( with help
> > > from TAC ).
> > > Now, the million dollars question: Have anyone successfully do
> > > similar thing and any additional test I need to do ? I would imagine spot
> > > checks here and there ( +5000 users / ~ 500 groups ) but may be a more stuff
> > > I can verify ? Thing may just work the way it is but who know !
> > > TIA,
> > > Loc
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> >
> >
More information about the cisco-nsp
mailing list