topic ACS 5.3 unreachable if network activity decrease in Network Access Control

ACS 5.3 unreachable if network activity decrease

gilles.donze — Mon, 11 Mar 2019 02:08:38 GMT

Hi,

I am triing to migrate my old ACS to the new one. I am using ACS 5.3 on appliance CSACS-1121. Sometime, i loose the connection to the appliance and i could not connect to the appliance with SSH, i could not start the GUI and the authentication is switched to the secondary instance. As soon as I have traffic, the connection is restored.

How can fix this problem. Could you tell me what kind of config, on the switch and on the appliance, i have to do.

Many thanks in advance for your answer.

Kind Gilles

ACS 5.3 unreachable if network activity decrease

Eduardo Aliaga — Wed, 30 May 2012 22:05:15 GMT

Hello Gilles

What you say is expected behavior. If you have several ACS appliances only one of them is primary and all the other ones are secondary.

"Primary" and "secondary" concepts are different from "active" and "standby" concepts. All ACS are "active".

The switch configuration tells the switch which ACS to talk to. It can be one, two, three, any number of ACS. Also if there are more than one ACS, the switch configuration gives the preference to the first ACS declared in the configuration. Only if the first ACS doesn't respond at all , the switch will try to talk to the second ACS declared. Only if the second ACS doesn't respond at all then the switch will try to talk to the third ACS and so on.

here's an example of switch configuration with three ACS

radius-server host 192.168.1.10 key MYPASSWORD

radius-server host 192.168.1.11 key MYPASSWORD

radius-server host 192.168.1.12 key MYPASSWORD

radius-server vsa send authentication

aaa new-model

aaa group server radius ACS

server 192.168.1.10

server 192.168.1.11

server 192.168.1.12

aaa authentication dot1x default group ACS

aaa authorization network default group ACS

aaa accounting dot1x default start-stop group ACS

ACS 5.3 unreachable if network activity decrease

gilles.donze — Thu, 31 May 2012 08:33:44 GMT

Hello,

It's a miss understanding.

I dont have any problem with the ACS application. But I think it's a problem with the IP Stack of the appliance and the switch cisco catalyst 3560. I lost the connexion with some host from and to the ACS appliance !

For example, we have a management application. This is polling the appliance each 5 minutes (ping and SNMP) after a while, the application could not reach the appliance ! this begin especcially when the request to the appliance is going down.

If i try to ping from the appliance the managment application. I have no answer and both are reachable from my workstation. Network is up and running well and ACS instance working fine !

Do you have an idea how to fix this problem. It a special network config to do on the switch 3560 or on the aplliance. Is it a hardware problem from the appliance ?

Many thanks for your help

ACS 5.3 unreachable if network activity decrease

gilles.donze — Tue, 26 Jun 2012 13:01:05 GMT

Hello,

I found the solution : I reconfig the poret of the switch by using standard Cisco macro and it's working fine.

Kind Gilles