Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1556
Views
5
Helpful
3
Replies

ACS Redundancy Configuration

Go to solution
Abdul moheed
Level 1
Level 1

‎12-05-2015 09:48 AM - edited ‎03-10-2019 11:17 PM

Hello all,

I need to configure new ACS  as secondary ACS

1) So that do we need to configure new ACS server ip address on all switches ?

2) If primary acs is disconnected then how secondary will work as primary ?

Thanks & Regards 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nadav
Level 7
Level 7

‎12-06-2015 01:38 AM

Hi Abdul,

1) Yes, you need to configure the IP's of all tacacs servers on your switches so that they can be authenticated by those tacacs servers in accordance with the network device's aaa groups. The two ACS servers in a cluster do not share a virtual IP address.

2) If the primary ACS is disconnected then it will not work as a primary. As far as it is concerned its still the secondary of the primary acs which went down. You will not be able to make most changes without going to deployment options and changing to either Local Mode or Promote to Primary. 

Local Mode means your databases will be removed from an existing cluster. Switch to Primary means that the primary and secondary servers switch roles. What you would generally do during a disconnect is to work in Local Mode and when the primary is restored you could register the secondary back to the primary to get synced with the primary.

If you would like to save changes from the secondary (server B) which were performed while the primary was down (server A), you should turn B to primary with Promote to Primary, add A as secondary, and after sync switch the roles between them by promoting A to primary.

View solution in original post

Go to solution
Nadav
Level 7
Level 7
In response to Abdul moheed

‎12-07-2015 01:13 AM

The deployment guide for 5.8 is located here:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/installation/guide/csacs_book/csacs_deploy.html

Here is the section of the user guide that deals with deployment:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Nadav
Level 7
Level 7

‎12-06-2015 01:38 AM

Hi Abdul,

1) Yes, you need to configure the IP's of all tacacs servers on your switches so that they can be authenticated by those tacacs servers in accordance with the network device's aaa groups. The two ACS servers in a cluster do not share a virtual IP address.

2) If the primary ACS is disconnected then it will not work as a primary. As far as it is concerned its still the secondary of the primary acs which went down. You will not be able to make most changes without going to deployment options and changing to either Local Mode or Promote to Primary. 

Local Mode means your databases will be removed from an existing cluster. Switch to Primary means that the primary and secondary servers switch roles. What you would generally do during a disconnect is to work in Local Mode and when the primary is restored you could register the secondary back to the primary to get synced with the primary.

If you would like to save changes from the secondary (server B) which were performed while the primary was down (server A), you should turn B to primary with Promote to Primary, add A as secondary, and after sync switch the roles between them by promoting A to primary.

Go to solution
Abdul moheed
Level 1
Level 1
In response to Nadav

‎12-07-2015 12:22 AM

Thanks nadav...

For point#2, Kindly can you send any reference link so that i can get more knowledge on it

0 Helpful

Go to solution
Nadav
Level 7
Level 7
In response to Abdul moheed

‎12-07-2015 01:13 AM

The deployment guide for 5.8 is located here:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/installation/guide/csacs_book/csacs_deploy.html

Here is the section of the user guide that deals with deployment:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_operations.html

0 Helpful
Customers Also Viewed These Support Documents