Understanding ACS v4.1

jcerero77 · ‎05-01-2009

Hello, I am knew to ACS and I'm trying to understand it. We use the ACS for our wireless authentication. All of our 14 WiSM's are setup as our clients. I have 3 AAA servers, which are our 3 ACS. We have 2 remote agents. Right now i'm moving the remote agents to vm environment. I am working on getting the secondary remote agent working on the secondary ACS, i have tried to isolate so that only I authenticate through that ACS but it doesn't seem that way, I have other people going through that ACS when they should be authenticationg to the primary. Is there a limit on how many people can authenticate on one ACS? When does it decide to authenticate to the secondary one if the primary is up and functioning correctly? Thanks, Joanna

Jagdeep Gambhir · ‎05-01-2009

NO there is no as such limitation. The only condition request will go to secondary is when there is no response from primary acs (upto timeout value). When timeout expires it sends same request to next server in the list.

When that user failed to connect to primary , please check if there is any logs in failed attempts?

Also check the WLC logs to know the fallback reason.

Regards,

~JG

jcerero77 · ‎05-05-2009

Thanks JG, that's what I thought, but I can not figure out why it is not behaving this way. I checked logs in failed attempts but I only see "bad password" and "Authentication session invalidated" and some "Users Radius request rejected (by Radius extension DLL". Do you know where I can find a translation of these errors?