Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1005
Views
0
Helpful
2
Replies

ACS 5.8.0.32 high latency

vlehemonet1
Level 1
Level 1

‎01-27-2016 08:06 AM - last edited on ‎03-25-2019 05:34 PM by Community Manager

Hello,


We have install a new ACS (5.8.0.32) instance.
We experience a high latency problem for TACACS+ services (more than 10 sec) who cause authentication and authorization issues.

We have implement a basic solution with AD, nothing fancy.

Anyone have already experiment that and find a solution ?

Thanks,

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Javier Henderson
Level 4
Level 4

‎01-27-2016 08:30 AM

On the ACS, enable runtime and AD client debug, then download a support bundle and look at the runtime and AD logs, there should be some hints as to what's causing the latency.

# acs-config

(acs-config)# debug-log runtime level debug

(acs-config)# debug-adclient enable

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee

‎01-27-2016 09:13 AM

I'd first ask if you really facing an issue with authentication/authorization in your network or just worried looking at the alarm. How frequent you are getting this alarm? You're getting this alarm because in the ACS notification the threshold is being set to 3000ms so if it happens once in your network, the alarm will trigger. If you see any issues with authc/authz delay then I'd also suggest you to download the bundle as Javier suggested. You can troubleshoot this case by reviewing the ACS logs and determining the time it takes for the ACS to return an "Access-Accept" after it receives an "Access-Request" for the same session and try to determine if it is the ACS the device causing the latency.

In real latency cases, we've always seen delay in between ACS and AD.

~ Jatin

~Jatin
0 Helpful
Customers Also Viewed These Support Documents