Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

Nortel switches authenticating to both ACS via RADIUS

JDiTomaso
Level 1
Level 1

‎08-11-2009 02:40 AM - edited ‎03-10-2019 04:38 PM

Dual ACS solution (4.2) with one ACS doing the authenticating, the other acting as a standby.

Recently when accessing nortel switches, they authenticate to both ACS, as some are going to ACS2 despite their primary RADIUS server being ACS1.

The ACS solution has other network devices, using TACACS+ and they seem fine. DB replication is fine between the ACS and nothing I believe has changed in the configuration between the two.

Any ideas? (all I can think is the response from ACS1 is exceeding the timeout and the switches then select ACS2, but there's no evidence to suggest a problem in network delay).

Labels:
0 Helpful
1 Reply 1

Daniel Laden
Level 4
Level 4

‎08-16-2009 01:53 PM

I am unfamiliar with the Nortel switches. If a cisco switch queries a AAA server and it fails to respond, it will mark it as dead and move to the next. When the AAA server is back online, the switch will not revert to the previous server. It will remain on the current AAA server until AAA is disabled or the current AAA server fails to respond.

Network delay would cause this. Maybe the services were disabled or replication was occuring while the device was trying to authenticate.

Thank You,

Dan Laden

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents