×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

20 seconds delay after command 'acs-config'

Unanswered Question
Dec 26th, 2011
User Badges:

   When I establish an SSH conneciton to Cisco Secure ACS and then enter command acs-config I have to wait exactly 20 seconds before system asks for username. Is it possible to get rid of this delay?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Mon, 12/26/2011 - 07:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Are you using an appliance or running ACS on a VM? What version number?


If an appliance, have you seen the same behavior using a client connected via console?


You could try turning on debug-log and then logging in (via a second session) and inspecting the log for anomalies.

yuri.volkov Mon, 12/26/2011 - 12:35
User Badges:

  CSACS-1121-K9 chassis.

  Cisco Application Deployment Engine OS Build Version: 1.2.0.146.

  Cisco ACS Version 5.1.0.44.


  Unfortunately, turning on debug-log hasn't shown anything useful neither during 20sec delay, nor after it. Though, I might have done something wrong. I'll try logging via console.


  If it can give any hint: when I press Ctrl-C during delay, I get the following message: "Your ACS config session has failed. It is possible that you have exceeded the maximum number of allowed ACS config CLI sessions. Close any open sessions and try again."

Marvin Rhoads Mon, 12/26/2011 - 15:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Hmmm, your "hint" reminds me of behavior I have seen in network devices where there was an automated system logging into - and not properly terminating sessions with - devices' vty lines. It ended up exhausting the available vty lines and one could not log in remotely until they had timed out.


Session idle timeout for ACS however is configurable at the lower end at 5 minutes. So that doesn't correlate to the 20 second behaviour you are seeing.


Does the GUI present this anomaly as well?


TAC would probably suggest upgrading to the current release (ACS 5.3) but I don't see any resolved caveats that allude to the behavior you are seeing.

yuri.volkov Wed, 02/22/2012 - 06:55
User Badges:

   There is no delay when I log in via web interface. Only when I issue command 'acs-config' either via an ssh session or via console.

Actions

This Discussion