ACS SE: what's wrong with the AAA-servers config?

Unanswered Question
Oct 29th, 2007

Hi,


I have 2 ACS SE-appliances (1113). I'm experiencing lots of problems with the AAA-servers. After (re-)installation, I have different results: sometimes, there are 2 entries in the AAA-servers-list: an ACS01 (name of the appliance) and a "self". But on my second ACS, there is a "ACS02" and "Deliverance01" (in stead of 'Self').


Sometimes, the deliverance01 or self receives a 169.254.x.x address, sometimes a 127.0.0.1 and sometimes it even has an address from the DHCP pool (although I configured the appliance NOT to use DHCP but static addressing!)...


If you try to change names (with the console or by the web interface (appliance configuration), it becomes a total mess: the names sometimes change ,sometimes they don't, sometimes the old names remain in the proxy distribution table although they don't exist in the aaa-servers table anymore.


If you use Database replication (although i have disabled the Network Config Device tables and Distribution table" to be replicated), it sometimes updates the AAA-server tables, then I get 2 entries named "Self", which leads to replication errors, and I cannot delete or change the wrong ones, ...).


Can somebody help me with the following:


What should be exactly in the AAA-servers table after a clean (re-)installation?


Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bert.lefevre Mon, 10/29/2007 - 04:44

Ok, I (again) reinstalled my first appliance (with the recovery CD) and the appliance connected to the network:


I changed the default name into "ACS01" and used static ip-address "14.14.14.3"


this is what I've got now in the AAA-server list (I didn't change anything yet):


ACS01 : 169.254.67.156

Self: 14.14.14.3


In the Proxy Distribution Table, I have the following:


AAA servers: Deliverance1

Forward to: ACS01


(I guess I have to switch those 2 as deliverance1 will apply to "self"?)


So this means that there are 3 entries for one device! (ACS01 ,Self and Deliverance1)... Is this normal?

andrew.brazier@... Wed, 10/31/2007 - 09:27

It's not unusual but you've figured out the answer yourself : ) Switch the entries a you've described.

hal.chaikin Wed, 10/31/2007 - 12:49

I ran into the identical problem when I tried configuring my two SE's. I ended up opening a TAC case on it. Basically the engineer informed me that the "deliverance01" is the standard default when the machine comes up.


I gamed it by configuring my dhcp server to have a two IP scope and then ensured it assigned the IP address I wanted each SE to have. I then powered them up one at a time.


After they were up, I went into the config's and changed them to static.


It ain't elegant - but it worked. Hope this helps.

Actions

This Discussion