Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
2
Replies

ACS v2.6 with Distribution Table

matt.austin
Level 1
Level 1

‎04-15-2005 07:36 AM - edited ‎03-10-2019 02:06 PM

All,

I recently inherited the duties of an ACS 2.6 Server. I have built 2 other ACS boxes in the past (more recent versions), but I am perplexed by the configuration and the way ACS was configured. I looked at some logs, and realized that none of the information was being replicated to the secondary ACS machine for the past few years. I found this out when I tried to log into a router that had specified the secondary ACS first in the config, and I wasn't allowed to login, since my account ID was not on the secondary box. For the most part, all information in the 2 machines are the same, with the exception of my newly created user account. I figured I would set the replication up properly, and force replication, but nothign happened. The logs state that replication was completed successfully, but the 2 Cisco Databases are not the same. I then went into "Network Configuration", and there was a Distribution Table Entry, with only the primary ACS name present. Anyhow, I changed that to include both the primary and secondary ACS names, and upon doing this, I was able to get authenticated to the router, but this is because the secondary server is proxying my request to the primary box, at which point I can be verified in the database. Now, my main questions are, how can I replicate my information over to the secondary box (does this mean altering the Distribution Table entries again)? My network doesn't have 10 ACS servers where I would need to proxy user information, like it is now, but I have always set it up as a primary and a secondary, and am a little confused on how to handle this. Any help wuold be appreciated!

Thanks,

Matt

Labels:
0 Helpful
2 Replies 2

robert.hyde
Level 1
Level 1

‎04-15-2005 12:01 PM

Hello,

Replication can be tricky, especially on the older versions of ACS. I just now verified that on all verions of ACS through 3.1 (including 2.6 and starting even before 2.4), replication can only take place between two ACS servers of the EXACT same rev, patches and all. I hope that is not your problem; for example per Cisco TAC to replicate between 2.4 and 2.6, you have to start out by replicating between two boxes at 2.4 and then upgrade one to 2.6. And as I recall, even when you try to replicate between two different versions, the logs can state that it was successful when it really wasn't. Believe me, replicating between two revs will not work, no matter how creative you get.

If both servers are the same rev of ACS, then verify the settings on both boxes at the System Configuration --> CiscoSecure Database Replication page. You may have already done this, and if so let me know...

Primary server:

Replication Components - the appropriate items should be checked for "send"

Partners - the secondary server should be listed under "Replication"

Secondary server:

Replication Components - the appropriate items should be checked for "receive"

Note: be careful if you plan to receive the Distribution Table, can result in circular proxying

Partners - the primary server should be listed under "Replication"

Inbound Replication - primary server or "any known" should be selected.

Let me know how that works out. Good luck!

0 Helpful

matt.austin
Level 1
Level 1
In response to robert.hyde

‎04-15-2005 03:42 PM

Well, were talking about NAC, so when I upgrade to a supported version, I'll keep some of the replication information in mind...thanks...actually, I saw a bug that stated when it states successful, but the success is an error, your supposed to just ignore the message!!! According to Cisco!

Onto the matter at hand...the replication is set up properly, send on one side and receive on the other, and the replication partners are correct, as far to send and receive.

As far as the Distribution Table, I have the primary set as send and receive to the partner (in my thinking so as to proxy) and the secondary set as send. My whole idea is to get away from the proxying all together. I don't want a distribution table, but would rather just have a primary and secondary server, with one replicating all changes to the second. My question is, can I delete the Distribution table, and have everything be fine? I think as long as the primary and secondary are available to answer requests, then it should be fine.

Any Thoughts?

Matt

0 Helpful
Customers Also Viewed These Support Documents