Solved: ACS 5.1 failover Design

ncharaipotra · ‎07-27-2010

How does ACS 5.1 handle failover? Do you need two ACS devices?

jrabinow · ‎07-27-2010

In terms of configuration on the network device it is the same.Note that in ACS 5.1 configuration changes may only be performed on the primary server and get replicated to all secondary servers. If the primary fails the secondary can continue operating. However, in order to perform further configuration operations you need to promote the secondary to take the primary role and then continue performing configuration operations

View solution in original post

Chetan Kumar Ress · ‎07-27-2010

Hi ,

If you want redundancy in ACS server , Then you requried two ACS server .

One will be primary & other ACS will act as a Secondary.

So when the primary will fail then you can have secondary in place. For failover you need to configure both ACS server IP address in network devices.

Regards

Chetan Kumar

ncharaipotra · ‎07-27-2010

Thanks Chetan...so this same failover model from 4.x does apply with 5.1??

jrabinow · ‎07-27-2010

In terms of configuration on the network device it is the same.Note that in ACS 5.1 configuration changes may only be performed on the primary server and get replicated to all secondary servers. If the primary fails the secondary can continue operating. However, in order to perform further configuration operations you need to promote the secondary to take the primary role and then continue performing configuration operations

brian.k.clarke · ‎11-10-2010

I'd like follow-up/expand on this design, if the thread is still sending out notifications...

I understand the basic ACS (single-site) design, but let's now consider a multi-location environment - for example, 10 remote offices connected over a high-bandwidth MPLS WAN. My questions involve what would happen (and how to protect against) ACS/authentication/authorization problems if the centralized ACS HA pair became inaccessible, either due to appliance failure, of the WAN connection back to HQ dropped. Specifically:

1) If there is no ACS appliance (primary or secondary) available to provide authentication, do all the 802.1x-configured ports fail-close, I suspect? If true, that would mean that a remote site that was being authenticated through a centralized ACS solution would effectively disable all of the local switch ports configured for 802.1x, and all the workstations at that site would get ZERO network connectivity, even to local resources... (very bad). Is there any way of adapting this behavior so that if the ACS is not available, some other form of restricted access (or even fail-OPEN) would be a configurable option?

2) If there's no way around a 100% "fail-close" in the situation above, would it always be recommended to have an ACS appliance at each remote site (assuming they'd have any reason to still have local network connectivity - local network/server resources, local Internet connection, etc.)?

3) If an ACS was deployed at each remote site (so, as a secondary to the primary back at HQ) - please confirm that the local switches could be configured to authenticate/authorize to the local ACS first, then failover to an ACS back at HQ for backup. Of course, THIS would require that there's an Active Directory server at each location also for the ACS to pass credentials to...

Just looking for larger-scale ACS design guidelines, and haven't found anything specific enough yet. (So, links to reference docs/presos would also be very helpful. Stuff like the BW requirements for a recommended number of hosts/devices that should be allowed to use ACS over a certain speed link, etc.

Thanks, folks.