05-30-2012 01:39 AM - edited 03-10-2019 07:08 PM
Hi,
I am triing to migrate my old ACS to the new one. I am using ACS 5.3 on appliance CSACS-1121. Sometime, i loose the connection to the appliance and i could not connect to the appliance with SSH, i could not start the GUI and the authentication is switched to the secondary instance. As soon as I have traffic, the connection is restored.
How can fix this problem. Could you tell me what kind of config, on the switch and on the appliance, i have to do.
Many thanks in advance for your answer.
Kind Gilles
05-30-2012 03:05 PM
Hello Gilles
What you say is expected behavior. If you have several ACS appliances only one of them is primary and all the other ones are secondary.
"Primary" and "secondary" concepts are different from "active" and "standby" concepts. All ACS are "active".
The switch configuration tells the switch which ACS to talk to. It can be one, two, three, any number of ACS. Also if there are more than one ACS, the switch configuration gives the preference to the first ACS declared in the configuration. Only if the first ACS doesn't respond at all , the switch will try to talk to the second ACS declared. Only if the second ACS doesn't respond at all then the switch will try to talk to the third ACS and so on.
here's an example of switch configuration with three ACS
radius-server host 192.168.1.10 key MYPASSWORD
radius-server host 192.168.1.11 key MYPASSWORD
radius-server host 192.168.1.12 key MYPASSWORD
radius-server vsa send authentication
aaa new-model
!
aaa group server radius ACS
server 192.168.1.10
server 192.168.1.11
server 192.168.1.12
!
aaa authentication dot1x default group ACS
aaa authorization network default group ACS
aaa accounting dot1x default start-stop group ACS
05-31-2012 01:33 AM
Hello,
It's a miss understanding.
I dont have any problem with the ACS application. But I think it's a problem with the IP Stack of the appliance and the switch cisco catalyst 3560. I lost the connexion with some host from and to the ACS appliance !
For example, we have a management application. This is polling the appliance each 5 minutes (ping and SNMP) after a while, the application could not reach the appliance ! this begin especcially when the request to the appliance is going down.
If i try to ping from the appliance the managment application. I have no answer and both are reachable from my workstation. Network is up and running well and ACS instance working fine !
Do you have an idea how to fix this problem. It a special network config to do on the switch 3560 or on the aplliance. Is it a hardware problem from the appliance ?
Many thanks for your help
06-26-2012 06:01 AM
Hello,
I found the solution : I reconfig the poret of the switch by using standard Cisco macro and it's working fine.
Kind Gilles
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide