Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1794
Views
0
Helpful
4
Replies

Deplyment ACS 5.8 secondary instance

Go to solution
michell_js72
Level 1
Level 1

‎08-29-2017 10:24 AM - edited ‎02-21-2020 06:15 AM

Hi:

I have one simple question, I want to implement a secondary instance to my server ACS. Those servers have to be in the same network?? This is necesarry for replication?.

Because right now each one have its own net.

 

Thanks.

1 person had this problem
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
GRANT3779
Spotlight
Spotlight

‎08-29-2017 11:15 AM

Hi,

I run ACS 5.6 in a distributed deployment, one primary and one secondary instance. These are L3 separated over my wan. I do not think they need to be layer 2 adjacent only for a distributed setup.
https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html#87956

View solution in original post

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to michell_js72

‎08-30-2017 12:58 AM

So as an example here is a snip from my own config for the actual servers, then you would add your aaa commands. I believe the first server in group is tried first and then the second one if the first is down, however both your primary instance and secodary instance will be able to serve TACACs requests on demand (e.g if you only had your secondary listed below, authentication will still work)

 

aaa group server tacacs+ ABZ_ACS
 server name TAC1
 server name TAC2

 

tacacs server TAC1
 address ipv4 x.x.x.x
 key 7 .....
tacacs server TAC2
 address ipv4 y.y.y.y
 key 7 ......

View solution in original post

0 Helpful
4 Replies 4

Go to solution
GRANT3779
Spotlight
Spotlight

‎08-29-2017 11:15 AM

Hi,

I run ACS 5.6 in a distributed deployment, one primary and one secondary instance. These are L3 separated over my wan. I do not think they need to be layer 2 adjacent only for a distributed setup.
https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html#87956
0 Helpful

Go to solution
michell_js72
Level 1
Level 1
In response to GRANT3779

‎08-29-2017 02:10 PM

Thanks a lot! GRANT3779 just one more question. How is the configuration for the devices? I have to configure the tacacs server lines for the primary and secondary instance? 

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to michell_js72

‎08-30-2017 12:58 AM

So as an example here is a snip from my own config for the actual servers, then you would add your aaa commands. I believe the first server in group is tried first and then the second one if the first is down, however both your primary instance and secodary instance will be able to serve TACACs requests on demand (e.g if you only had your secondary listed below, authentication will still work)

 

aaa group server tacacs+ ABZ_ACS
 server name TAC1
 server name TAC2

 

tacacs server TAC1
 address ipv4 x.x.x.x
 key 7 .....
tacacs server TAC2
 address ipv4 y.y.y.y
 key 7 ......

0 Helpful

Go to solution
michell_js72
Level 1
Level 1
In response to GRANT3779

‎08-30-2017 07:03 AM

Thanks so much

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card