ACS SE: what's wrong with the AAA-servers config?

Oct 29th, 2007


I have 2 ACS SE-appliances (1113). I'm experiencing lots of problems with the AAA-servers. After (re-)installation, I have different results: sometimes, there are 2 entries in the AAA-servers-list: an ACS01 (name of the appliance) and a "self". But on my second ACS, there is a "ACS02" and "Deliverance01" (in stead of 'Self').

Sometimes, the deliverance01 or self receives a 169.254.x.x address, sometimes a and sometimes it even has an address from the DHCP pool (although I configured the appliance NOT to use DHCP but static addressing!)...

If you try to change names (with the console or by the web interface (appliance configuration), it becomes a total mess: the names sometimes change ,sometimes they don't, sometimes the old names remain in the proxy distribution table although they don't exist in the aaa-servers table anymore.

If you use Database replication (although i have disabled the Network Config Device tables and Distribution table" to be replicated), it sometimes updates the AAA-server tables, then I get 2 entries named "Self", which leads to replication errors, and I cannot delete or change the wrong ones, ...).

Can somebody help me with the following:

What should be exactly in the AAA-servers table after a clean (re-)installation?

Thank you

bert.lefevre Mon, 10/29/2007 - 04:44

Ok, I (again) reinstalled my first appliance (with the recovery CD) and the appliance connected to the network:

I changed the default name into "ACS01" and used static ip-address ""

this is what I've got now in the AAA-server list (I didn't change anything yet):

ACS01 :


In the Proxy Distribution Table, I have the following:

AAA servers: Deliverance1

Forward to: ACS01

(I guess I have to switch those 2 as deliverance1 will apply to "self"?)

So this means that there are 3 entries for one device! (ACS01 ,Self and Deliverance1)... Is this normal?

andrew.brazier@... Wed, 10/31/2007 - 09:27

It's not unusual but you've figured out the answer yourself : ) Switch the entries a you've described.

hal.chaikin Wed, 10/31/2007 - 12:49

I ran into the identical problem when I tried configuring my two SE's. I ended up opening a TAC case on it. Basically the engineer informed me that the "deliverance01" is the standard default when the machine comes up.

I gamed it by configuring my dhcp server to have a two IP scope and then ensured it assigned the IP address I wanted each SE to have. I then powered them up one at a time.

After they were up, I went into the config's and changed them to static.

It ain't elegant - but it worked. Hope this helps.


