08-24-2010 12:37 AM - edited 03-10-2019 05:21 PM
Hi all. in cisco's documentation, I found somthing about split acs deployment where both acs boxes can act as primary in their zones and then secondary for the other zone respectively, but I don't seem to understand how this can be done on the two acs boxes. My concern is this:
Is there a place where you can configure on each machine that machine "A" is the primary for this zone and machine "B" the other zone and vice visa?
I also want to believe that on each aaa client, the first tacacs server configured would be default aaa server less its on available, the client checks the next server just like the behaviour of acl.
Are there any docs that explain the replication of this database, and configurations required?
Regards all.
Thanks.
08-24-2010 11:05 AM
Hi
Split ACS Configuration is the concept of dividing the AAA load.
As per Cisco : In split ACS deployment, you use primary and secondary servers as in a small ACS deployment, but the AAA load is split between the two servers to optimize AAA flow. Each server handles the full workload of both servers in the event of a AAA connectivity problem, but during normal operations neither server carries the full load of authentication requests. This property of the servers allows for less stress on each ACS system, provides better loading, and makes you aware of the functional status of the secondary server through normal operations
If you want to Split the Load then you have to change the way of AAA deployment.
For Example : You have 2000 Decives & 2 ACS Then you can divide the load.
You can configure the 1000 Devices with : ACS 1 - Primary IP address
ACS 2 - Secondary IP address
& Other 1000 Devices with : ACS 2 - Secondary IP address
ACS 1 - Primary IP Address
In this way the Load of 2000 devices will be split between 2 ACS Server.
Regards
Chetan Kumar
12-06-2010 02:32 PM
Hello,
I'm interested in this topic, too.
I was wondering if with this split ACS configuration, replication is possible. And if it is, then how it would be in the ACS configuration, if the system allows to be secondary server and also primary server at the same time. I've taken a look at the user guide and it seemed to me like this wasn't possible, and it doesnt explain how to do a split acs configuration...it is only mentioned in the installation and upgrade guide.
I appreaciate your comments. Regards.
01-15-2016 09:13 PM
Hello ,
Can anyone please tell me if we can implement Split ACS deployment in two different geographical locations?
My requirement is to have one ACS server at one location and other at some other location and the AAA load has to be shared between the two.Kindly suggest , which would be the best deployment plan.
Thanks in advance,
Prabir
01-15-2016 09:53 PM
yes you can as you have only 2 ACS. In split ACS deployment, you use primary and secondary servers as in a small ACS deployment, but the AAA load is split between the two servers to optimize AAA flow. Each server handles the full workload of both servers in the event of a AAA connectivity problem, but during normal operations neither server carries the full load of authentication requests. This property of the servers allows for less stress on each ACS system, provides better loading, and makes you aware of the functional status of the secondary server through normal operations.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-1/installation/guide/acs5_1_install_guide/csacs_deploy.html#wp1104113
- Jatin
01-16-2016 02:01 AM
Hi Jatin ,
Thank You for your update.
But I have not got any document from Cisco site, which confirms about the locations where the primary and secondary are to be placed.As confirmed by you, i take it that, they can be implemented in two different geographical locations.
Kindly share if you have any design & configuration document regarding Cisco Secure ACS 5.8.
Regards,
Prabir
12-07-2010 07:00 AM
You normally just have to have one primary ACS and one secondary ACS both synchronized, and on some devices you will add secondary as first AAA server and primary as second, and on other device you'll make the contrary.
08-11-2011 12:47 AM
Have anyone tried this method.
Regards,
Pandi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide