Cisco Community
English
Register
Change to content subject titles: starting July 28 there is a limit on the number of characters to use - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

688
Views
0
Helpful
2
Replies
sam.braughton
Beginner
Beginner
‎01-21-2011 01:37 PM
‎01-21-2011 01:37 PM

ACS4.2 Internal DB Replication - not replicating AAA clients

I'm attempting to set up a new ACS4.2 server. ACS is installed, replication partner configured, etc. Master and new slave server are both running ACS4.2(0) Build 124. (Master shows "Patch 12", slave shows no patch info)

Replication settings on the new ACS server are identical to those on my current secondary ACS server that receives replicated data correctly.

Problem: I manually replicate from master ACS server to the new ACS server. Logs on both servers indicate a successful replication. Users, User Groups, Network Device Groups (NDG) all replicate correctly. However, there are zero devices in each of the NDG's.

Master is configured to send, new slave configured to receive:

  User and Group Database

  Network Configuration Device tables

  Distribution Table

  Interface Configuration

  Interface Security Settings

  Password validation settings

I've also tried replicating Network Access Profiles instead of Network Configuration Device tables. Still no AAA clients in the NDGs.

I need my AAA clients replicated.  Should I be replicating different/additional components? Am I missing some setting elsewhere in ACS?

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
andamani
Cisco Employee
Cisco Employee
‎01-21-2011 07:35 PM
‎01-21-2011 07:35 PM

hi,

Please apply patch 12 on ACS slave as well.

Try replication and let me know the results.

Also on the Network Configuration do you see the NDG name? or just no AAA clients under each NDG.

Regards,

Anisha

View solution in original post

0 Helpful
2 REPLIES 2
andamani
Cisco Employee
Cisco Employee
‎01-21-2011 07:35 PM
‎01-21-2011 07:35 PM

hi,

Please apply patch 12 on ACS slave as well.

Try replication and let me know the results.

Also on the Network Configuration do you see the NDG name? or just no AAA clients under each NDG.

Regards,

Anisha

View solution in original post

0 Helpful
sam.braughton
Beginner
Beginner
In response to andamani
‎01-24-2011 05:56 AM
‎01-24-2011 05:56 AM

Thank you Anisha. Your solution worked.

The patch level was the problem. After applying patch 12 to my new ACS server, the replication worked as it should. All my AAA clients replicated into the already-existing NDGs.

Yes, the NDGs had been named correctly prior to the patch. The only thing that did not replicate before the patch were the actual AAA clients inside those NDGs.

Thanks again for the help.

-Sam

0 Helpful
Latest Contents
802.1X Switch Configuration Summarized
Created by meddane on 07-30-2021 11:03 AM
2
5
2
5
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut... view more
GRE Over IPSEC vs IPSEC VTI and Tunnel VS Transport Modes De...
Created by meddane on 07-30-2021 10:55 AM
4
5
4
5
 GRE Over IPSecIPSec VTI 
Demystifying NAT Traversal In IPSEC VPN With Wireshark
Created by meddane on 07-30-2021 10:35 AM
0
5
0
5
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot... view more
Orbital Query Corner - Update
Created by brmcmaho on 07-28-2021 09:43 AM
1
5
1
5
"What is this 'Orbital Query Corner' thing", you ask?  It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ... view more
Orbital Query Corner - Checking Windows ACLs for CVE-2021-36...
Created by brmcmaho on 07-27-2021 08:38 AM
0
5
0
5
0. The Issue On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability". [1]  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se... view more
Content for Community-Ad