Hello and many thanks for your help.

The second one. When primary fails, all authentications are operated by secondary.

When primary come back all authentications are operated by primary but I do not see the audit logs operated from secondary during the fault, in the log collector (the primary instance).

Regards.

Are you sure the secondary receives and handles auth requests?

I would suggest that you configure the radius server on one device to be the secondary only (remove the primary) and then check if you get the requests logged or not.

Regards,

Amjad

Sent from Cisco Technical Support iPad App

Yes Amjad.

The secondary instance works fine. When primary and secondary are running I can authenticate on both and see all AAA audit logs using the Monitoring & Report.

So, when primary fails, I continue to authenticate successfully on secondary.

When primary come back I do not see audit logs for authentications operated from secondary during the fault.

I believe something is wrong on my configuration (default)!

Regards.

Andrea

Thanks Andrea.

That is a strange issue. I would say if you are sure that all primary/secondary config is fine and the logging collector is fine that needs possibly needs to contact TAC.

But from my understanding to the ACS operation, the issue seems so weird and I think we are missing a point here.

If you search by ACS instance

If you try from the ACS view to query:

Reports -> Catalog -> AAA Protocol. choose "Radius_Authentication" and from the "RUN" button down extend the list by pressing the button and choose "Query and Run".

In the issue that appear choose the field "ACS instance", press "Select" button then from the new window press "Search" button. Choose only one instance (the secondary) and apply.

Then press "Run" button from the previous page.

This way, do you still miss the logs from the secondary?

Rating useful replies is more useful than saying "Thank you"

Yes, it is strange. I'm thinking I'm missing something on my configuration.

This morning, I'm started with a fresh ACS 5.4 installation, install license, create one AAA client and one user. Then add the secondary instance an wait it to be updated.

Log collector runs on primary and logs AAA audit correctly from primary and secondary instances.

Log recovery is enabled: run every 10 minutes.

When the primary instance is down I can auhenticate on secondary one without any problems.

When the primary instance come back I'm able to see only failed AAA log coming from secondary during the primary fault.

Any ideas?

Yes, it is strange. I'm thinking I'm missing something on my configuration.

This morning, I'm started with a fresh ACS 5.4 installation, install license, create one AAA client and one user. Then add the secondary instance an wait it to be updated.

Log collector runs on primary and logs AAA audit correctly from primary and secondary instance.

Log recovery is enabled.

When the primary instance is down I can auhenticate on secondary instance without any problem.

When the primary instance come back I'm able to see only failed AAA log coming from secondary during the primary fault.

Any ideas?

Hi

  Did you run debugs on teh device and checked whetehr the request is even reaching to primary ACS?

- Which device are you using for authentication like switch/ASA/Router.

- Also when you get the login failures, can you check on the failed attempts of the ACS, which ACS instance is being used?

Regards

Minakshi (do Rate the helpful posts)

Andrea,

+5 for resolving your own issue.

Thank you for your explanation.

I just now read above that you can see only failed attempts but not passed auth attempts.

I think I need to read more carefully in the future.

Thank you again and let's see you around.

Amjad

Rating useful replies is more useful than saying "Thank you"