We are trying to upgrade from an ACS 3.2 for Windows server to our new ACS 4.0 SE box. We have upgraded the Windows box to 4.0, backed up the configuration and restored it to the new box. We have pointed a couple of clients to the new box for testing, and can authenticate. So far so good, but when we went to the final step, assigning the IP address of the old server to the new box, we had a problem ? the ACS SE box will not let us assign the address to the local NIC ? I get an message that the configuration could not be assigned to the NIC.
To go into detail on what was done:
The Windows server was changed from x.x.3.45 to x.x.0.45 (we use a 255.255.248.0 subnet mask), and rebooted.
On the ACS SE box, I used set IP to change the IP from x.x.0.20 (used for testing and setting up the configuration) to x.x.3.45. The system would not complete this step - This is when The system indicated that the configuration could not be applied to the NIC.
I then set the NIC to DHCP, which was success fully applied. I then set the NIC to x.x.3.46, which it also accepted. At this point I thought it may be doing DNS lookup, and seeing another host name for the IP, so I deleted the PTR record for x.x.3.45, and tried setting that as the IP again. I got the same response.
I thought it for some reason could be detecting an IP conflict, so I tried setting the IP to an address I knew was in use. As I expected, this did not work, but the error did say IP conflict ? and I was not getting that error on x.x.3.45.
At this point I moved the connection on the ACS to the other Ethernet interface, but that did not improve the issue.
I tried performing a reboot on the ACS box, but still could not set the desired IP address. At this point what I thought would be a 5 minute outage for VPN authentication had lasted 45 minutes, and I had to put the target address back on the Windows ACS server.
Any idea what is causing this? I can set the IP address of the ACS SE to any IP accept for the one that I need! Since we have 70+ Cisco devices that point to x.x.3.45 for authentication, we really do not want to change the address of our ACS.