4-9
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 4 Using RDBMS Synchronization to Create dACLs and Specify Network Configuration
Using RDBMS Synchronization to Configure dACLs
ACS fetches the CSV file from the database, reads the action codes in the file, and performs the RDBMS
Synchronization operations that the file specifies.
ACS SE
On the ACS SE, you can run the csdbsync -syncnow command to invoke RDBMS Synchronization
To run CSDBSync manually on the ACS SE:
Step 1 Check connectivity between the ACS SE and the FTP server, and be certain that you have write
permissions to the FTP server directory.
Step 2 Start a SSH command shell.
Step 3 Enter the following commands:
a. To stop the CSDBSync service, enter net stop csdbsync.
b. Enter net start csdbsync.
c. Enter one of the following commands:
–
csdbsync -run
–
csdbsync -syncnow
ACS SE fetches the CSV file from the database, reads the action codes in the file, and performs the
RDBMS Synchronization operations that file specifies.
Performing RDBM Synchronization Using a Script
On the ACS SE, you can change ACS configuration from a remote system by using a command-line
utility for RDBMS Synchronization that includes SSH support. You can use the mechanism that starts
the SSH server to add Administrator privileges and invoke the csdbsync -syncnow command. The
csdbsync -syncnow and csdbsync -run commands work the same, without stopping or starting the
CSDBSync service.
You can include the commands to perform these actions in a script that you run remotely on a specified
ACS SE.
Step 6: View the dACLs
After you have run RDBMS Synchronization to create the dACLs, view the dACLs to ensure that they
are correct.
To view the dACLs:
Step 1 In the Navigation Bar, click Shared Profile Components.
Step 2 Click Downloadable IP ACLs.
The Downloadable IP ACLs page opens
In the Name column of the Downloadable IP ACLs table, you should see the dACL that was specified in
the text file that you coded in
Step 2: Create a Text File to Define the dACLs, page 4-2.
Step 3 Click the name of the dACL.