ACS 5.2 proxy service

stuartbr · ‎06-29-2011

Hi,

I'm in the process of testing ACS 5.2 in our lab. We have a redundant pair of ACS's proxying radius dot1x requests to a second pair of ACS's.

We've noticed that ACS is able to proxy radius requests on even though the services are stopped (acs stop).

Does anyone know if this is expected behavior and if so, how can we view what application services are actually running (besides 'show app status acs')?

Thanks

Stuart

jrabinow · ‎06-29-2011

This is not the expected behavior and I find it hard to believe that this is actually happened. It is worth checking that the request is in fact being routed the way you think it and in fact being processed by the ACS that has its servcies stopped

When acs application is stopped then all related application services should no longer be running

I checked this on my box by using netstat. When acs is running the output includes the following:

udp 0 0 *:radius *:*

udp 0 0 *:radius-acct *:*

When I stop the application services I no longer see services listening on these ports so I do not think RADIUS requests can be processed

stuartbr · ‎06-29-2011

Hi,

I've check again today & confirmed ACS is still able to proxy even though the services are stopped.

ACS2 is logging the packets as source of ACS1. If I stop ACS2, authentication then fails.

I'm doing this using 5.2 in VMWare. How can I do a netstat as this does not seem ti be an option at the cli?