We have distributed ACS deployment model where Primary ACS can do the configuration role and secondary ACS is doing the monitoring role.
Our root certtificate was expired two days back and we have installed this on primary ACS bit forgot to install it on secondary ACS.
Due to this our some wirless useers were not able to connect with wireless with authentication fails messages.
So my question is , are both primary and secondary ACS accepting the AAA request and replying as we are using didtributted deployment model.
Or can share any cisco document which shows this ?
The WLC will send authentication to the primary ACS server and only will use the secondary if there is no response from the primary. The WLC will not fail back to the primary unless the secondary fails to respond or if you have Fallback enabled in which the WLC will check if the primary is up.
Sent from Cisco Technical Support iPhone App