I have a problem with ACS 3.2 and its CSAuth eating memory. There was a bug in the previous versions with the memory leak and according to the release notes the 3.2(1.20) should be free from it but seems like it is still there: in 12 hours of being up the memory consumption has done up from around 40Mb original to 400Mb. Eventually it will crash and be started again by CSMon
Does anybody else have this issue with the latest ACS or it is just something with the W2K config where the ACS is installed
The TAC case is opened and I spoke to the engineer, he said that ACS 3.2 is compatable with W2K SP3 but not the Hot Fixes. I have all the Hot Fixes (critical only) installed on the AAA box, so I deployed another box with W2K and no Hot Fixes in the lab. There is a script running on the box that telnets to a single test router every 0.5 min, the test router send authentication, authorization, accounting info to AAA. It has been running for 3 days now and there is still a small memory leak: the CSAuth started off from taking 14Mb of RAM, now it is up to 17Mb.
The production box authenticates around 100 routers, switchs, VPN boxes + CW2000 does its frequent polls authenticating via AAA
Thanks for the information. If the CSAuth eating the memory, then someday one needs to kill the process to release the area taken by the CSAuth. This is a problem for a production environment. I have a ACS Appliance (the hardware ACS), will like to test if this box has the leaking issue also.
Cisco TAC engineer agreed that there might be a memory leak in ACS 3.2(1) in despite of cisco release notes statement about fixing this. He said that it should be fixed in 3.2(2).
Also there was another problem with the device groups and their use with NAR that was suppose to be fixed in 3.2 and it was not, so I had to define the network devices (clients) separately in the NAR and not by their device groups.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...