Multiple ACS servers

deanyoung · ‎07-16-2006

Hi,

I would like to deploy 2 ACS servers. One would be used to authenticate staff members and the other would authenticate guest users.

I am using Catalyst 2950 switches in the access layer and Catalyst 6500 switches in the distribution layer. I will be deploying 802.1x as part om the solution.

I would like to know how to split the staff and guest authentication to point to different ACS servers?

Regards

Dean

grant.maynard · ‎07-17-2006

I don't think you could do that. I think you'd be best conbfiguring one ACS for all authentication, then configuring the other to be a replica (for resilience).

seagordo · ‎07-18-2006

Can't be done, to my knowledge.

You can only point a Cisco device to one active ACS server.

I'm with Dean, just create two groups withing ACS and use the other ACS server for backups and redundancy.

Sean

koksm · ‎07-18-2006

Maybe you can configure one ACS server as radius server in the switches, and configure the second ACS as an external database to the first ACS? So when the first ACS doesn't know the account, it asks the second ACS.

But i agree, why not use both ACS server in a redundant way? Different network management groups?