11-25-2013 07:04 AM - edited 03-10-2019 09:07 PM
Hi All,
I have two ACS4.2(Windows image on Win2k) in my environment. Some regions are configured as a primary for ACS1 and some on ACS2. All devices are configured in both ACS. When ACS1 goes down, it didn't failover to secondary ACS server. All AAA client which are configured ACS1 as a primary are not accessible. Can you please help to configure it properly.
Thanks..
12-07-2013 07:25 PM
Hi Rajeev,
What type of the AAA clients do you have?
How did you deduce that the AAA clients did not failover?
Do you have a sample AAA client config?
Can you elaborate what you meant by ACS 1 went down?
Failover is not configured on the ACS but only on the AAA client side.
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed
12-11-2013 11:15 PM
Hi James,
All AAA clinets are Cisco device. Below is the sample configuration on AAA client.
-------------------------------------
aaa authentication login default local group tacacs+
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
tacacs-server host a.b.c.d
tacacs-server host e.f.g.h
tacacs-server directed-request
tacacs-server key xxxxxxxxxx
---------------------------------
ACS1 is the primary for two region. Recently we had issue with ACS1 and during that time wireless and TACACS authentication was not working. It should fail back to ACS2 which is secondary.
12-12-2013 03:09 AM
Hi Rajeev,
So basically:
"wireless and TACACS authentication was not working"
By any chance did you have a chance to check the secondary ACS logs if attempts ever reached there or any packet trace?
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide