Have had a ACS 4.2 solution installed across 2 servers (master/slave), everything working fine with devices using it for both RADIUS and TACACS+ authentication. This week however, I have had an issue with a network group that use RADIUS as switches (Nortel) can no longer authenticate. On closer inspection, firstly the shared secret entry has disappeared, if re-enter and submit/apply it's still not there when you query the network interface configuration. I know that the basics of the ACS work, as other devices (PIX,ASA) that use TACACS+ are authenticating fine and that the problem is isolated to RADIUS as another network device (AS5300) has the same issue. This started to happen at the end of last week and I found the service CSRadius had stopped on the server, it was re-started and that solved the problem, however the problem has happened again and this time the relevant services are running.
The only change to the configuration has been additional subnets added to the network interface in question, maybe there's a limit to how many subnets one interface is allowed?
A clear out has been done, with the network interface re-created, with everything working fine.Its one of those faults that has happened with no changes made to the ACS, nothing in the logs suggest there's a problem caused by a change. The DB replication to the secondary ACS is fine. I believe if this happens again, a TAC case will be logged.
Its just interesting to see the shared secret 'disappear' and I wondered if anyone else has had this happened to them and what was the cause.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :