When I was setting up two Network Access Servers (NASs) at two locations, I set up partner ACS/NT 2.4 servers. My original idea was to have the NASs "hit" the ACS server sitting right next to it. When we got into looking at how replication works, we realized both NASs need to hit only one of the servers. The reason was that the Failed Attempts counters, password changes, accounting and other information would only reliably be replicated in one direction. Cisco TAC confirmed this.
I originally thought they cross-replicated in a similar manner as Lotus Notes. It turns out that it is more of a copy operation. I was not pleased with the idea that one of my ACS servers sitting right next to one of my NASs would be unused during normal operation, and that AS5300 would have to hike to the other end of the WAN to hit the master. Alas, this is exactly what we had to do.
The bottom line (and I'd LOVE for someone to prove me wrong) is that you have to have a single master ACS server, and point all your NAS devices to it. In addition, you must do *all* your administrations on that server and schedule *all* the replications as a one-way/downstream operation from that master ACS server. The only time the other ACS servers would be used is if the the master ACS is unavailable.
One other nifty anomoly we see is when the master ACS server application stops responding, but the server stays up, the NASs won't fail over to the next ACS server. The reason, TAC says, is that the server is technically up, but not answering the request. I've had several instances when we could not dial in to fix the problem, and had to drive in to restart ACS on the server.
If someone else has experienced either of these problems, and has a resolution, it would be good if you'd share what you know.
Please let me know if this was helpful to you.