cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
0
Helpful
5
Replies

Certificate issue at Secondary ACS

Puneet Gupta
Level 1
Level 1

Hi

We have distributed ACS deployment model where Primary ACS can do the configuration role and secondary ACS is doing the monitoring role.

Our root certtificate was expired two days back and we have installed this on primary ACS bit forgot to install it on secondary ACS.

Due to this our some wirless useers were not able to connect with wireless with authentication fails messages.

So my question is , are both primary and secondary ACS accepting the AAA request and replying as we are using didtributted deployment model.

Or can share any cisco document which shows this ?

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

The WLC will send authentication to the primary ACS server and only will use the secondary if there is no response from the primary. The WLC will not fail back to the primary unless the secondary fails to respond or if you have Fallback enabled in which the WLC will check if the primary is up.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

The WLC will send authentication to the primary ACS server and only will use the secondary if there is no response from the primary. The WLC will not fail back to the primary unless the secondary fails to respond or if you have Fallback enabled in which the WLC will check if the primary is up.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott

Thanks for the information

Exactly the same thing is happening .Now client are authenticated by secondary ACS not from primary ACS.

How can we make the primary ACS to work ? will it be distrupted ?

is there any way to check , when it was moven from primary to secondary ACS ?

You can see it in the WLC logs or if you issues a show radius summary. That will tell you which is active or not.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Is there any way in monitoring tab on ACS that can shows when autheniocation was shifted from primary to secondary ACS for those WLC's.

or any alarm.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: