11-09-2006 05:32 AM - edited 03-10-2019 02:50 PM
I am integrating ACS with windows ADS for dot1x authentication. I m sucesfully able to get the requirement. But I have only one ACS. If my acs fails all my users will not be able to login into the network. Is there a way I can make the user get only internet access when acs is down? If yes how can i achieve this.
11-09-2006 06:39 AM
This depends entirely on the authenticating devices and what backup facility they offer in case the AAA server goes down.
I suspect the only "catch all" solution would be a failover AAA server. You could perhaps enable IAS on your AD server and configure it for guest access. If ACS ever goes down IAS would take over.
Actually thats kind of neat as it gets around the failover ACS suffering a similar problem to the primary. IAS is essentially free as part of Windows server.
Darran
11-12-2006 12:25 AM
Darran,
When the ACS goes down all the user gets guest vlan which i haveconfigured. But they dont get any ip address as well they limited access. Is it a way where i can make them part of a vlan from where they can only access internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide