Recommended ACS deployment for redundancy

bvj197222 · ‎04-08-2015

We are a small business of 700 users on 26 locations. We have two 1121 Appliances, and they're installed running ver 5.6. Both are standalone - primary. I am configuring a deployment for redundancy, and I found this article - http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/installation/guide/acs5_1_install_guide/csacs_deploy.html#wp1113965.

However, the 5.6 doc only documents how to setup a secondary server. What is the recommended ACS deployment for redundancy? Should I set up the other ACS as secondary, and that's it? I found this KB, https://supportforums.cisco.com/discussion/11833086/adding-secondary-acs-server-54. Does the switches just talk to both ACS-servers, or just the primary ACS?

If the switches only talk to the primary ACS in this deployment, what's the point of having a log collector? Can't I just keep the logging local? If I define the secondary ACS as a log collector and it goes Down I have no logging? I know about the "log Message recovery configuration", but that doesn't help anything if the log collector goes Down.

How about the switch-config in this deployment, I just add a second radius-server?

radius-server host 1.1.1.1
radius-server host 1.1.1.2

nspasov · ‎04-08-2015

Hi there, have a look at the following doc that talks about ACS Distributed Deployment. Let us know if you still have questions after going through it:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/installation/guide/csacs_book/csacs_deploy.html

Thank you for rating helpful posts!

Thank you for rating helpful posts!