Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
0
Helpful
4
Replies

AAA question on FWSM

josefribeiro
Level 1
Level 1

‎02-18-2012 11:28 AM - edited ‎03-10-2019 06:50 PM

Hi All,

I've researched this issue and could not find a way to resolve it.

If one of our ACS servers becomes unavailable the FWSM context marks it as Failed, and disables it. Is there an easy way to re-enable the ACS server on the FWSM context?

Thanks.

Jose Ribeiro

Server Group:    ACS-Servers

Server Protocol: tacacs+

Server Address:  xxx.xxx.xxx.xxxh

Server port:     49

Server status:   FAILED, Server disabled at 13:04:36 EST Sat Feb 18 2012

Number of pending requests              0

Average round trip time                 5ms

Number of authentication requests       4

Number of authorization requests        0

Number of accounting requests           0

Number of retransmissions               0

Number of accepts                       1

Number of rejects                       3

Number of challenges                    0

Number of malformed responses           0

Number of bad authenticators            0

Number of timeouts                      0

Number of unrecognized responses        0

Labels:
0 Helpful
4 Replies 4

Dan-Ciprian Cicioiu
Level 7
Level 7

‎02-18-2012 03:15 PM

Hi ,

Have you tried to configure deadtime ?

"Specify the amount of time that will elapse between the disabling of the last server in the group and the

subsequent re-enabling of all servers."

Default 10 minutes.

Dan

0 Helpful

Steve Dussault
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎03-28-2012 10:00 AM

I am seeing the same thing.  How did you resolve this?  Thanks!

0 Helpful

Eduardo Aliaga
Level 4
Level 4
In response to Steve Dussault

‎03-31-2012 08:04 PM

You should try "reactivation mode timed"

aaa-server ACS protocol radius

   reactivation-mode timed

Please rate if it helps.

0 Helpful

josefribeiro
Level 1
Level 1

‎04-02-2012 07:24 AM

Hi All,

Thanks for the replies.

@eduardoaliaga, @Dan-Ciprian Cicioiu - I've configured the firewalls with the 'reactivation-mode timed' but it did not work for aaa-servers already in FAILED status. It worked well if the server failed after the command was issued, but not before.

@STEVE DUSSAULT - Steve, I had to remove the configuration and add it back in. I know it sounds dumb, but it was the only way I could solve it. I has not able to find a document that would give me any other option. The only thing I found was regarding the 'reactivation-mode' command, but as I explained above it only works if the server fails after the command is issued. Servers that were in failed state did not recover after the command was entered.

Cheers,

Jose

0 Helpful
Customers Also Viewed These Support Documents