Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
891
Views
0
Helpful
5
Replies

having a backup acs server

edosa
Level 1
Level 1

‎08-15-2005 03:46 AM - edited ‎03-10-2019 02:16 PM

Pls i have been trying to configure a backup acs server to authenticate users when the primary acs fails. The backup server has been installed and the replication process goes on but when the primary server is down, the secondary server doesn't authenticate users.

Labels:
0 Helpful
5 Replies 5

owillins
Level 6
Level 6

‎08-19-2005 06:06 AM

ACS only supports database replication to other ACS servers. All ACS servers that participate in Cisco Secure database replication must run the same version and patch level of ACS.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml#t2

0 Helpful

networking
Level 1
Level 1

‎08-25-2005 02:02 AM

We had a similar problem, we use ACS to control login acess to routers (EXEC) and also for Dial Users using either PSTN or VPN Connectivity.

Basically you need to list the tacacs server twice in the router configuration

tacacs-server host 10.1.1.1 single-connection

tacacs-server host 10.1.1.2 single-connection

You may also need to look at the timeouts on tacacs. We had no problems with it failing over for exec sessions but dial users we had to tweak the timeouts so that it failed over quicker.

Hope this is of help.

Elliott

0 Helpful

isomemberr
Level 1
Level 1
In response to networking

‎09-01-2005 02:31 AM

Hello Elliott, tried out ur configs but it didnt work. do i have to do anything on the acs server menu?

Thanks once again. Expexting ur reply

Iso

0 Helpful

networking
Level 1
Level 1
In response to isomemberr

‎09-07-2005 02:04 AM

Have you checked to ensure that your secondary ACS works OK on its own?

on one of you non-critical devices (Like a lab switch or router) configure it to ONLY have the IP address of your secondary ACS server.

If this doesn't work then there is something wrong with the ACS.

Nick

0 Helpful

andrewclymer
Level 1
Level 1
In response to networking

‎09-16-2005 04:30 AM

A good place to start is take a look at the Failed Attempts log.

Using the GUI, Reports and Activity ---> Failed Attempts

If the fail other took place and there was a problem with the request then you should see something in here.

If nothing appears in here then it looks like a mis configuration on the network device

0 Helpful
Customers Also Viewed These Support Documents