cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
444
Views
0
Helpful
1
Replies

Secure ACS 5.5 failover configuration

dalexanj1
Level 1
Level 1

I have 2 ACS 5.5 units (1 primary, 1 secondary) and I am trying to configure the failover capabilities between these devices.  So far, if the primary goes down, the secondary does not pick up the devices and I loose connectivity with those devices.  Everything that I read states that if the primary fails, you have to manually turn on the secondary (making it the primary until the actual primary goes back on and then switch it back manually) and there is no automatic failover.  Is this correct?  If not, please let me know the configurations that I need in order to make this system work in the even of a primary failure.

Thank you,

Jennifer

1 Reply 1

nspasov
Cisco Employee
Cisco Employee

Hi Jennifer, 

The manual failover refers to the management/configuration portion of the ACS deployment. In a deployment, changes and management is done only through the primary node which in return pushes the changes to the rest of the nodes in the deployment. So, if the primary node fails then you have to manually promote a secondary node if you want to perform any changes. 

With regards to AAA functionality (TACACS+ and/or RADIUS), the redundancy is there and each node from the deployment will provide that functionality without the need to manually failover. What you need to make sure though is that your NAD (switch, router, firewall, etc) has each ACS node listed as a RADIUS/TACACS+ server. That way if server #1 becomes unavailable the NAD will move down to the 2nd one configured. 

I hope this helps!

Thank you for rating helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco