06-29-2011 12:40 AM - edited 03-10-2019 06:11 PM
Hi,
I'm in the process of testing ACS 5.2 in our lab. We have a redundant pair of ACS's proxying radius dot1x requests to a second pair of ACS's.
We've noticed that ACS is able to proxy radius requests on even though the services are stopped (acs stop).
Does anyone know if this is expected behavior and if so, how can we view what application services are actually running (besides 'show app status acs')?
Thanks
Stuart
06-29-2011 01:52 AM
This is not the expected behavior and I find it hard to believe that this is actually happened. It is worth checking that the request is in fact being routed the way you think it and in fact being processed by the ACS that has its servcies stopped
When acs application is stopped then all related application services should no longer be running
I checked this on my box by using netstat. When acs is running the output includes the following:
udp 0 0 *:radius *:*
udp 0 0 *:radius-acct *:*
When I stop the application services I no longer see services listening on these ports so I do not think RADIUS requests can be processed
06-29-2011 03:40 PM
Hi,
I've check again today & confirmed ACS is still able to proxy even though the services are stopped.
ACS2 is logging the packets as source of ACS1. If I stop ACS2, authentication then fails.
I'm doing this using 5.2 in VMWare. How can I do a netstat as this does not seem ti be an option at the cli?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide