Nortel switches authenticating to both ACS via RADIUS

Unanswered Question
Aug 11th, 2009

Dual ACS solution (4.2) with one ACS doing the authenticating, the other acting as a standby.

Recently when accessing nortel switches, they authenticate to both ACS, as some are going to ACS2 despite their primary RADIUS server being ACS1.

The ACS solution has other network devices, using TACACS+ and they seem fine. DB replication is fine between the ACS and nothing I believe has changed in the configuration between the two.

Any ideas? (all I can think is the response from ACS1 is exceeding the timeout and the switches then select ACS2, but there's no evidence to suggest a problem in network delay).

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Laden Sun, 08/16/2009 - 13:53

I am unfamiliar with the Nortel switches. If a cisco switch queries a AAA server and it fails to respond, it will mark it as dead and move to the next. When the AAA server is back online, the switch will not revert to the previous server. It will remain on the current AAA server until AAA is disabled or the current AAA server fails to respond.

Network delay would cause this. Maybe the services were disabled or replication was occuring while the device was trying to authenticate.

Thank You,

Dan Laden

Actions

This Discussion