cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1007
Views
5
Helpful
7
Replies

HA ACS in two different subnets.

fabioragazzo
Level 1
Level 1

Hello,

I have to configure two ACS 1113 ver 4.1 (4) high reliability, in two different places and two different subnets.

An apparatus will have to manage an office, the second the other office, but if one goes down the other takes responsibility for the entire network.

The two subnets are accessible from all devices.

Will be configured both the Tacacs Server on all systems.

The ACS are connected to Active Directory to authenticate users.

My question is, do I create a profile ACS are replicated on the other even though they are on two different subnets? Can I make a HA on two different subnets?

Thank you.

2 Accepted Solutions

Accepted Solutions

Sorry for my bad reply above. I corrected it to provide you the info you need

Yes. Replication should work if two ACS server's on different subnets.

Check the config example also, it will help you: http://tiny.cc/g04rkw

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

nkarthikeyan
Level 7
Level 7

Hi Fabio,

Yes. This can be possible when it is on different subnets when it is reachable over the network. After the basic configuration & replica configured on the You can start adding entries in the Master ACS and it can get replicated using auto/timely/manual replication.

In our set up we have globally 8 ACS servers in our network which is in HA & replication works just fine without any issues.

Please let us know if you need any more clarifications.

Please do rate if the given information helps.

By

Karthik

View solution in original post

7 Replies 7

Amjad Abdullah
VIP Alumni
VIP Alumni

Yes. You can replicate two ACS servers in different subnet if connectivity between them is OK.

You should also make sure that both ACS servers (Primary and secondary) are on same version (same patch level as well).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Thank you for answer,

but  the  ACS servers are located in two different subnets.

example:

ACS primary 172.16.100.10 / 28

ACS secondary 172.20.110.11 / 28

My question is, with this configuration is it possible a synchronization of the profiles?

Thanks.

Sorry for my bad reply above. I corrected it to provide you the info you need

Yes. Replication should work if two ACS server's on different subnets.

Check the config example also, it will help you: http://tiny.cc/g04rkw

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

nkarthikeyan
Level 7
Level 7

Hi Fabio,

Yes. This can be possible when it is on different subnets when it is reachable over the network. After the basic configuration & replica configured on the You can start adding entries in the Master ACS and it can get replicated using auto/timely/manual replication.

In our set up we have globally 8 ACS servers in our network which is in HA & replication works just fine without any issues.

Please let us know if you need any more clarifications.

Please do rate if the given information helps.

By

Karthik

Thanks for your answer,

I want to ask you two last questions: my two ACS servers are connected to two different Active Directory (synchronized between themselves) and in the ACS are defined only the account profiles.

1. Is it a problem that the ACS are connected to two different Active Directory that belongs to the same Domain?

2. Is there a particoular configuration to replicate just the profiles that i'm going to create on the Master ACS?

Thanks you so much !!

Fabio.

Hi Fabio,

1. Is it a problem that the ACS are connected to two different Active Directory that belongs to the same Domain?

Ans: I do not think so there should be any pbm when they have in the single domain.

2. Is there a particoular configuration to replicate just the profiles that i'm going to create on the Master ACS?

Yes. But its up to you how you want it and what and all you want to send for replication. You have an check box option to select the wanted configurations to be pointed for replication.

Please do rate if the given information helps.

By

Karthik

Thank you for your help.

Bye.

Fabio.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: