Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
3
Replies

ACS 4.2 Failover is not working

Rajeev Ranjan
Level 1
Level 1

‎11-25-2013 07:04 AM - edited ‎03-10-2019 09:07 PM

Hi All,

I have two ACS4.2(Windows image on Win2k) in my environment. Some regions are configured as a primary for ACS1 and some on ACS2. All devices are configured in both ACS. When ACS1 goes down, it didn't failover to secondary ACS server. All AAA client which are configured ACS1 as a primary are not accessible. Can you please help to configure it properly.

Thanks..

Labels:
0 Helpful
3 Replies 3

edwjames
Level 3
Level 3

‎12-07-2013 07:25 PM

Hi Rajeev,

What type of the AAA clients do you have?

How did you deduce that the AAA clients did not failover?

Do you have a sample AAA client config?

Can you elaborate what you meant by ACS 1 went down?

Failover is not configured on the ACS but only on the AAA client side.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

Rajeev Ranjan
Level 1
Level 1
In response to edwjames

‎12-11-2013 11:15 PM

Hi James,

All AAA clinets are Cisco device. Below is the sample configuration on AAA client.

-------------------------------------

aaa authentication login default local group tacacs+

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

tacacs-server host a.b.c.d

tacacs-server host e.f.g.h

tacacs-server directed-request

tacacs-server key xxxxxxxxxx

---------------------------------

ACS1 is the primary for two region. Recently we had issue with ACS1 and during that time wireless and TACACS authentication was not working. It should  fail back to ACS2 which is secondary.

0 Helpful

edwjames
Level 3
Level 3
In response to Rajeev Ranjan

‎12-12-2013 03:09 AM

Hi Rajeev,

So basically:

"wireless and TACACS authentication was not working"

By any chance did you have a chance to check the secondary ACS logs if attempts ever reached there or any packet trace?

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents