Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
684
Views
5
Helpful
1
Replies

ACS 4.2 replication help

sansarav720e
Level 1
Level 1

‎02-03-2011 09:50 AM - edited ‎03-10-2019 05:47 PM

Hi All ,

               I am new to wireless LAN authencation , I have about 1000 Wireless access point & 15,000 users in my enterprise network , we have 3 acs server version 3.3 ( primary ,secondary , incountry ) , Now we are upgrading this acs server 3.3 to acs 4.2 version . Primary server 4.2 is ready with all aaa clients defined ,

                    I need to replicate all database from primary server to secondary server and to incountry server . wht all things to be predefined before performing replication .

                similarly my end user accounts NAS  has been defined separately to an windows database , whether i need to defined this windows database to my both primary & secondary sever separatley else my replication will replicate all the things from primary server .

           I have some help documents for enterprise wireless lan authencations , Thank you

HTH Regards Santhosh Saravanan
Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-03-2011 05:10 PM

Well, To start off, I would say that the secondary and incountry server should be on same version that is 4.2 and same patch.


The following items cannot be replicated:


•IP pool definitions
•ACS certificate and private key files.
•Dynamically-mapped users.
•Settings on the ACS Service Management page in the System Configuration section.
•RDBMS Synchronization settings.


Also make sure that we don't have any firewall in between two acs servers.


Also, NAS device can never be configured for windows database it will always send the request to tacacs/radius and authentication server will decide wehther it should be authenticated through the internal user database or AD depending upon the user location.


However, if you didn't mean that and you wanted to say that half of the devices are configured to ACS for their internal username/password and other half devices confgured for secondary ACS pointed towards AD then in this case replication will always override the known groups.


Configurating replication

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml


Rgds, Jatin

Do rate helpful posts~

~Jatin
Customers Also Viewed These Support Documents