Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
0
Helpful
9
Replies

Wireless ACS not failin gover

Go to solution
Steve Coady
Level 1
Level 1

‎08-20-2013 05:51 AM - edited ‎07-04-2021 12:41 AM

Hello

I have the following ACS's. They are VM

     Cisco Secure ACS

     Version : 5.2.0.26

I have been having trouble with the Primary hanging up, but the secondary does not take over.

I have spoken with TAC and they advised me to upgrade the software to stop the hangup, but I am not sure why it does not failover.

What can I check to make sure the triggers are in place and working properly?

sMc
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Steve Coady

‎08-21-2013 06:36 AM

If your ACS is a primary secondary and the primary gets hung up but the secondary still doesn't take over the primary role, then you might have an issue with the primary and you should maybe promote the secondary as the primary and fix the issue with the primary.  This is what you have to troubleshoot. because the WLC will still send request to the primary if that is how it is defined in your wlan, until the primary doesn't respond and is marked dead.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Steve Coady

‎08-22-2013 02:14 AM

Well, You need to make sure that the primary server is really down. Then the AAA clients need to failover.

When the server is shown to be down is it pingable form the AAA devices?

If the primary is really down and that is detected by the AAA clients, the AAA clients will then automatically failover to the next configured AAA server (if it is correctly configured).

What you'r AAA clinets? I think debugs/logs form the AAA clients are needed to make sure that they detect the primary server as down and to see if they failover or not.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎08-21-2013 04:16 AM

Hello Steve.

What do you exactly mean by the secondary is not taking over?

Do you mean that:

1-) You are not able to login to the GUI of the secondary for configuration.

or

2-) Your AAA clients do not fall over to use the secondary server if the primary server is down.

?

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Amjad Abdullah

‎08-21-2013 06:03 AM

Amjad

My AAA clients do not fall over to use the secondary server when the primary server is hungup.

sMc
0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Steve Coady

‎08-21-2013 06:26 AM

Steve:

well, then you may need to check and make sure your AAA clients are having both ACS servers added as RADIUS servers. The fallback (for AAA authentication when one server is down) happens on the AAA client side, not the server side.

Have you added both servers to the AAA clients?

If no then please make sure both server ip addresses are added. Then, when one server is down and the AAA client experience a timeout for a request to one server it will fallover to the next configured server.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Amjad Abdullah

‎08-21-2013 06:47 AM

Amjad

Where, exactly would the servers be added, (ACS?, WLC?, WLS?)

These devices were setup by contractor. I am 99.9 % sure the servers are defined, I justr am not sure where to look for them.

sMc
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Steve Coady

‎08-21-2013 12:48 PM

Ok

The AAA servers are configured on each Controller. My controllers have both servers defined with Server1-Primary

Server 2-Secondary. Based on what I see, failover should occur. What else should I check?

sMc
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Steve Coady

‎08-21-2013 03:20 PM

Failover will only occur if the primary doesn't respond. If the primary responds even though its hosed up, the wlc will not failover.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Steve Coady

‎08-22-2013 02:14 AM

Well, You need to make sure that the primary server is really down. Then the AAA clients need to failover.

When the server is shown to be down is it pingable form the AAA devices?

If the primary is really down and that is detected by the AAA clients, the AAA clients will then automatically failover to the next configured AAA server (if it is correctly configured).

What you'r AAA clinets? I think debugs/logs form the AAA clients are needed to make sure that they detect the primary server as down and to see if they failover or not.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Amjad Abdullah

‎08-23-2013 07:18 AM

Amjad

The issue has been the "hangup" does not cause the server to be completely down.

The fix we are applying this weekend is to first add the 5.2 patch and then upgrade s/w to 5.3. We are only going to apply

to one of the servers, then run on that server for a week or so to make sure there are no other issues that develop. Hopefully

all will go well, we can upgrade the 2nd server, restart replication and move on to other fires.

Thanks for the input.

sMc
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Steve Coady

‎08-21-2013 06:36 AM

If your ACS is a primary secondary and the primary gets hung up but the secondary still doesn't take over the primary role, then you might have an issue with the primary and you should maybe promote the secondary as the primary and fix the issue with the primary.  This is what you have to troubleshoot. because the WLC will still send request to the primary if that is how it is defined in your wlan, until the primary doesn't respond and is marked dead.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card