ACS 5.8.0.32 high latency

vlehemonet1 · ‎01-27-2016

Hello,

We have install a new ACS (5.8.0.32) instance.
We experience a high latency problem for TACACS+ services (more than 10 sec) who cause authentication and authorization issues.

We have implement a basic solution with AD, nothing fancy.

Anyone have already experiment that and find a solution ?

Thanks,

Javier Henderson · ‎01-27-2016

On the ACS, enable runtime and AD client debug, then download a support bundle and look at the runtime and AD logs, there should be some hints as to what's causing the latency.

# acs-config

(acs-config)# debug-log runtime level debug

(acs-config)# debug-adclient enable

Jatin Katyal · ‎01-27-2016

I'd first ask if you really facing an issue with authentication/authorization in your network or just worried looking at the alarm. How frequent you are getting this alarm? You're getting this alarm because in the ACS notification the threshold is being set to 3000ms so if it happens once in your network, the alarm will trigger. If you see any issues with authc/authz delay then I'd also suggest you to download the bundle as Javier suggested. You can troubleshoot this case by reviewing the ACS logs and determining the time it takes for the ACS to return an "Access-Accept" after it receives an "Access-Request" for the same session and try to determine if it is the ACS the device causing the latency.

In real latency cases, we've always seen delay in between ACS and AD.

~ Jatin

~Jatin