12-05-2015 09:48 AM - edited 03-10-2019 11:17 PM
Hello all,
I need to configure new ACS as secondary ACS
1) So that do we need to configure new ACS server ip address on all switches ?
2) If primary acs is disconnected then how secondary will work as primary ?
Thanks & Regards
Solved! Go to Solution.
12-06-2015 01:38 AM
Hi Abdul,
1) Yes, you need to configure the IP's of all tacacs servers on your switches so that they can be authenticated by those tacacs servers in accordance with the network device's aaa groups. The two ACS servers in a cluster do not share a virtual IP address.
2) If the primary ACS is disconnected then it will not work as a primary. As far as it is concerned its still the secondary of the primary acs which went down. You will not be able to make most changes without going to deployment options and changing to either Local Mode or Promote to Primary.
Local Mode means your databases will be removed from an existing cluster. Switch to Primary means that the primary and secondary servers switch roles. What you would generally do during a disconnect is to work in Local Mode and when the primary is restored you could register the secondary back to the primary to get synced with the primary.
If you would like to save changes from the secondary (server B) which were performed while the primary was down (server A), you should turn B to primary with Promote to Primary, add A as secondary, and after sync switch the roles between them by promoting A to primary.
12-07-2015 01:13 AM
The deployment guide for 5.8 is located here:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/installation/guide/csacs_book/csacs_deploy.html
Here is the section of the user guide that deals with deployment:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html
12-06-2015 01:38 AM
Hi Abdul,
1) Yes, you need to configure the IP's of all tacacs servers on your switches so that they can be authenticated by those tacacs servers in accordance with the network device's aaa groups. The two ACS servers in a cluster do not share a virtual IP address.
2) If the primary ACS is disconnected then it will not work as a primary. As far as it is concerned its still the secondary of the primary acs which went down. You will not be able to make most changes without going to deployment options and changing to either Local Mode or Promote to Primary.
Local Mode means your databases will be removed from an existing cluster. Switch to Primary means that the primary and secondary servers switch roles. What you would generally do during a disconnect is to work in Local Mode and when the primary is restored you could register the secondary back to the primary to get synced with the primary.
If you would like to save changes from the secondary (server B) which were performed while the primary was down (server A), you should turn B to primary with Promote to Primary, add A as secondary, and after sync switch the roles between them by promoting A to primary.
12-07-2015 12:22 AM
Thanks nadav...
For point#2, Kindly can you send any reference link so that i can get more knowledge on it
12-07-2015 01:13 AM
The deployment guide for 5.8 is located here:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/installation/guide/csacs_book/csacs_deploy.html
Here is the section of the user guide that deals with deployment:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide