12-30-2008 07:26 AM - edited 03-10-2019 04:15 PM
Hello All
I know that the ACS replicates the entire database from primary to secondary, and not vice-versa.. My scenario is:
primary ACS goes down, and the secondary takes over.. now, all user addition etc, is done on the secondary ACS.. now, when the primary comes back again, will it overwrite the secondary database and should we recreate the configs ? or is it that the secondary ACS replicates its data to primary ? its kinda confusing !
I'm gonna do ACS replication in a few days, and wanted to be really sure of this.
Raj
Solved! Go to Solution.
12-31-2008 03:34 AM
Hi,
So you configure a redudant ACS server as secondary.
All the database from the primary will be replicated to secondary.
As you said what happes if secondary takes over and configuration is done on the secondary.
It will be reflected on primary. depends how you configure it.
check it has the option for send and recive.
this link will be very helpful for you.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html
12-31-2008 03:34 AM
Hi,
So you configure a redudant ACS server as secondary.
All the database from the primary will be replicated to secondary.
As you said what happes if secondary takes over and configuration is done on the secondary.
It will be reflected on primary. depends how you configure it.
check it has the option for send and recive.
this link will be very helpful for you.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html
12-31-2008 03:43 AM
12-31-2008 03:35 AM
Raj,
ACS performs only one way replication ie from primary to secondary and not other way.
So if you have made changes in secondary acs , it will not be replicated, You need to manually add the changes in primary acs.
Regards,
~JG
Do rate helpful posts
12-31-2008 07:11 AM
Right JG.. Just wanted to confirm on this ! Doesnt it look like a flaw :) There should have been something like HSRP or pre-empt concept here, but i know it is really tough to manage from NAD point of view..
Thanks
01-07-2009 09:13 AM
The *only* safe way to manage this is to have a config master onto which all management is done.
Have this replicate to master and slave servers which service actual authentication traffic.
Since admin changes rarely cause ACS crashes its unlikely the primary would ever be unavailable for more than a few seconds (during initial stage of outbound replication, or someone clicks submit+restart)
01-07-2009 12:21 PM
Thanks for the reply..
Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: