Cisco Cisco Secure Access Control System 5.1
4
Release Notes for the Cisco Secure Access Control System 5.1
OL-18997-01
New and Changed Features
Monitoring and Troubleshooting Enhancements
The Monitoring and Report Viewer enhancements include the following:
•
Dashboard—An enhanced dashboard that you can customize to suit your needs. The dashboard
provides the five most recent alarms, authentication trends, health status of ACS, and your favorite
reports. The dashboard tabs now consist of small windows, called portlets, to which you can add
your favorite and most frequently accessed monitoring and reporting applications.
provides the five most recent alarms, authentication trends, health status of ACS, and your favorite
reports. The dashboard tabs now consist of small windows, called portlets, to which you can add
your favorite and most frequently accessed monitoring and reporting applications.
•
Syslog Event Notification—An option to configure syslog targets for event notification in the form
of syslog messages.
of syslog messages.
•
Expert Troubleshooter—A new, powerful diagnostic engine for advanced troubleshooting.
•
Additional Catalog Reports—Several new reports have been added to the catalog, including:
–
Administrator Entitlement Report—Provides a list of ACS administrators and the access
privileges that each of them is entitled to.
privileges that each of them is entitled to.
–
TrustSec Reports—ACS 5.1 introduces the following new TrustSec Reports: SGACL Drop
Summary, SGT Assignment Summary, Top N SGACL Drops by Destination, Top N SGACL
Drops by User, and Top N SGT Assignments.
Summary, SGT Assignment Summary, Top N SGACL Drops by Destination, Top N SGACL
Drops by User, and Top N SGT Assignments.
–
RADIUS Active Sessions Report—Introduces the Change of Authorization (CoA) feature
through the RADIUS Active Sessions Report, which allows you to dynamically control active
RADIUS sessions.
through the RADIUS Active Sessions Report, which allows you to dynamically control active
RADIUS sessions.
–
Configuration Change Reports—Provides a list of configuration changes done by ACS
administrators, for a specific period.
administrators, for a specific period.
–
User Change Password Audit Report—Provides a list of all changes made to internal user
passwords through any of the interfaces.
passwords through any of the interfaces.
–
ACS Administrator Logins Report—This report is enhanced to include information about
administrators whose accounts are disabled.
administrators whose accounts are disabled.
–
ACS Operations Audit Report—Provides a list of operations performed on ACS, either done by
administrators or done internally by ACS.
administrators or done internally by ACS.
•
Exporting the Monitoring and Report Viewer Data—Provides you an option to export the
monitoring and troubleshooting data to a remote database that can support external custom reporting
applications.
monitoring and troubleshooting data to a remote database that can support external custom reporting
applications.
•
Incremental Backup and Restore—Provides you an option to perform a full database backup the first
time and later, to back up only the updates that are made to the database. However, when you restore
data from an incremental backup, ACS restores data from all the backup files starting from the full
backup and continuing until the latest one.
time and later, to back up only the updates that are made to the database. However, when you restore
data from an incremental backup, ACS restores data from all the backup files starting from the full
backup and continuing until the latest one.
•
Configuring NADs to Send Syslog Messages—You can configure the network access devices
(NADs) in your network to send syslog messages to the Monitoring & Report Viewer. To do this,
you must configure the logging port on the NAD to UDP 20514. For example, to enable a NAD in
your network to send syslog messages to the Monitoring & Report Viewer, you must enter the
following commands in the same sequence on the NAD through the CLI configuration mode:
(NADs) in your network to send syslog messages to the Monitoring & Report Viewer. To do this,
you must configure the logging port on the NAD to UDP 20514. For example, to enable a NAD in
your network to send syslog messages to the Monitoring & Report Viewer, you must enter the
following commands in the same sequence on the NAD through the CLI configuration mode:
–
logging monitor informational
–
logging origin-id ip
–
logging host ip transport udp port 20514—where ip is the IP address of the Log Collector in
your network.
your network.
–
epm logging
The following types of syslog messages are supported by ACS Monitoring and Reports Viewer: