cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

551
Views
5
Helpful
7
Replies
Highlighted
Beginner

HA ACS in two different subnets.

Hello,

I have to configure two ACS 1113 ver 4.1 (4) high reliability, in two different places and two different subnets.

An apparatus will have to manage an office, the second the other office, but if one goes down the other takes responsibility for the entire network.

The two subnets are accessible from all devices.

Will be configured both the Tacacs Server on all systems.

The ACS are connected to Active Directory to authenticate users.

My question is, do I create a profile ACS are replicated on the other even though they are on two different subnets? Can I make a HA on two different subnets?

Thank you.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Re: HA ACS in two different subnets.

Sorry for my bad reply above. I corrected it to provide you the info you need

Yes. Replication should work if two ACS server's on different subnets.

Check the config example also, it will help you: http://tiny.cc/g04rkw

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Highlighted
Rising star

Re: HA ACS in two different subnets.

Hi Fabio,

Yes. This can be possible when it is on different subnets when it is reachable over the network. After the basic configuration & replica configured on the You can start adding entries in the Master ACS and it can get replicated using auto/timely/manual replication.

In our set up we have globally 8 ACS servers in our network which is in HA & replication works just fine without any issues.

Please let us know if you need any more clarifications.

Please do rate if the given information helps.

By

Karthik

View solution in original post

7 REPLIES 7
Highlighted

Re: HA ACS in two different subnets.

Yes. You can replicate two ACS servers in different subnet if connectivity between them is OK.

You should also make sure that both ACS servers (Primary and secondary) are on same version (same patch level as well).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Highlighted
Beginner

Re: HA ACS in two different subnets.

Thank you for answer,

but  the  ACS servers are located in two different subnets.

example:

ACS primary 172.16.100.10 / 28

ACS secondary 172.20.110.11 / 28

My question is, with this configuration is it possible a synchronization of the profiles?

Thanks.

Highlighted

Re: HA ACS in two different subnets.

Sorry for my bad reply above. I corrected it to provide you the info you need

Yes. Replication should work if two ACS server's on different subnets.

Check the config example also, it will help you: http://tiny.cc/g04rkw

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Highlighted
Rising star

Re: HA ACS in two different subnets.

Hi Fabio,

Yes. This can be possible when it is on different subnets when it is reachable over the network. After the basic configuration & replica configured on the You can start adding entries in the Master ACS and it can get replicated using auto/timely/manual replication.

In our set up we have globally 8 ACS servers in our network which is in HA & replication works just fine without any issues.

Please let us know if you need any more clarifications.

Please do rate if the given information helps.

By

Karthik

View solution in original post

Highlighted
Beginner

Re: HA ACS in two different subnets.

Thanks for your answer,

I want to ask you two last questions: my two ACS servers are connected to two different Active Directory (synchronized between themselves) and in the ACS are defined only the account profiles.

1. Is it a problem that the ACS are connected to two different Active Directory that belongs to the same Domain?

2. Is there a particoular configuration to replicate just the profiles that i'm going to create on the Master ACS?

Thanks you so much !!

Fabio.

Highlighted
Rising star

Re: HA ACS in two different subnets.

Hi Fabio,

1. Is it a problem that the ACS are connected to two different Active Directory that belongs to the same Domain?

Ans: I do not think so there should be any pbm when they have in the single domain.

2. Is there a particoular configuration to replicate just the profiles that i'm going to create on the Master ACS?

Yes. But its up to you how you want it and what and all you want to send for replication. You have an check box option to select the wanted configurations to be pointed for replication.

Please do rate if the given information helps.

By

Karthik

Highlighted
Beginner

HA ACS in two different subnets.

Thank you for your help.

Bye.

Fabio.