Blog |Follow Nick on Mastodon| About
 

After much swearing and hackerizing I'm happy to post a screenshot of Cisco's ACS running in VirtualBox :)

Before I explain what I've done, a quick message for "the stupids"

No I won't post a virtual machine for you to download
Buy a license or an appliance

The rest of this post is a run though of what I did, if you get bored easily skip to the summary.

The story is I've got a customer who wants dot1x with ACS5 and I need a box to play with before breaking their network; having read through the docs on cisco.com I noticed that vmware was a supported platform for evaluation, as awesome as that is, carrying around an ESXi server isn't as convenient as you'd think so I boldly dropped the CD into my VirtualBox and booted to see what happened.... if only it was that simple!!!!!

As expected the installer crapped out early on complaining that VirtualBox is not a valid hardware configuration, so I decided to have a poke around the ISO image and had a moment of realisation.. THANK YOU CISCO FOR CHOOSING CENTOS!

Cisco choosing an open-source installation mechanism means that with a bit of googling I could customise the install process to work in VirtualBox.... sweeet!

To get started I followed the install guide to build a VirtualBox appliance that resembled the supported vmware machine, some things to note:

  • The disk is on a SCSI controller
  • The processor is PAE
  • You need a serial port enabled

This is a summary of my VirtualBox configuration...

  • General
    • Name: Cisco ACS 5
    • OS Type: Red Hat
  • System
    • Base Memory: 1024 MB
    • Processor(s):1
    • Boot Order:Floppy, CD/DVD-ROM, Hard Disk
    • VT-x/AMD-V:Enabled
    • Nested Paging:Enabled
  • Display
    • Video Memory:12 MB
    • 3D Acceleration:Disabled
    • 2D Video Acceleration:Disabled
    • Remote Display Server:Disabled
  • Storage
    • IDE Controller
      IDE Primary Master (CD/DVD):Empty
    • Floppy Controller
      Floppy Device 0:Empty
    • SCSI Controller
      SCSI Port 0:CiscoACS.vdi (Normal, 65.00 GB)
  • Misc
    • Audio
      Disabled
    • Network
      Adapter 1:PCnet-FAST III (Host-only adapter, 'vboxnet0')
    • Serial Ports
      Port 1:COM1, Disconnected
    • USB
      Disabled
    • Shared Folders
      None

If you're hoping to follow my process, I assume you've already downloaded from cisco a copy of the ACS_v5.1.0.44.iso and sorted an eval license.

Looking at the contents of the CD I could see that the KickStart file was rejecting my hardware configuration. In my early attempts I edited ks.cfg removing everything between %pre and %post removed the line that said %include and rebuilt the ISO; this had limited success, I could boot further on my new ISO but found that anaconda crapped out as it was unable to find the CD from which it booted ... Very Odd!

Messing with the kickstart file and having to rebuild the ISO each time got boring very quickly, especially since it wouldn't boot into anaconda stage two. I decided to move to a network based installed, I setup a web server on my laptop, downloaded CentOS-4.7-i386-bin1of4.iso and booted my guest from that using linux askmethod at the loader. On my web server I copied the contents of the ACS CD into a directory (including . hidden files), during the centos boot I was able to install "everything" from the ACS directory on web server giving me yet more limited success (Everything was installed - including the Cisco packages - but unusable).

The next step was to get my web installation to read my kickstart file, the ks.cfg has a load of finalization which looked like it created files that the cisco packages would need. I had to change the permissions of the directory to give me write access (CD files copied as RO since the CD was RO). So my edited ks.cfg has nothing between %pre & %post plus the %include line deleted, the result had massive drawback, I'd inadvertently removed the disk layout; I have since concluded that my earlier attempt with everything installed but broke also had issues due to incorrect filesystem partitions.

To put the filesystem layout back into the kickstart file I inserted the following:

part / --fstype ext3 --size=100 --grow
part /localdisk --fstype ext3 --size=5120
part /recovery --fstype ext3 --size=1008
part /storedconfig --fstype ext3 --size=981
part /storeddata --fstype ext3 --size=2048
part swap --size=2048

To get the Centos Server to now boot from both the kickstart file and install from my webserver I now have to boot with linux ks=http://192.168.56.1/~nick/ACS/ks.cfg (this is instead of linux askmethod) and replace the line that says cdrom with url --url http://192.168.56.1/~nick/ACS.

After all that trial & error I was finally there! I have attached my ks.cfg for your reference and here is a summary of the steps to reproduce.

Install Summary:

  1. Download ACS
  2. Download Centos
  3. Install a web server
  4. Copy the contents of the ACS CD to your web server (look out for .discinfo)
  5. Replace ks.cfg with your edited version (or mine)
  6. Create a virtualbox machine
  7. Boot the VirtualBox machine from the CentOS CD with linux ks=http://URL
  8. As soon as you see a blue "installer" screen eject the CentOS CD
  9. Wait
  10. Done

Note: During my playing the anaconda installer crapped out a couple of times, just starting the process again seemed to fix the issue, some bottleneck on virtualbox disk accesses could be the problem.

Hope that all makes sense, happy hacking!

 

 
Nick Bettison ©