First the background - we have four ACS5.1 appliances (all at patch revison 4), Box1 is the management box - so just used for accessing the web interface and setting stuff up, boxes 2 and 3 do the main bulk of the work and box 4 is basically a spare. Box 1 is also acting as the log collector. We have about 1200 NAS devices (cisco switches) and in the region of 12000 devices authenticating.
The question is - should take 40 seconds or more for each click in the web interface to result in a page turnover. i.e. from entering login details, to a usable interface takes 40 seconds, click on any item - and its another 40 seconds....and so on. You can imagine that setting up an Access Ploicy takes a long time.
Any ideas - I had thought about moving the log collector onto the spare box - would this make any difference?
Yes, if you have that many devices then it would improve a lot the performance of box 1 (assume it is the primary) if you move the log collection to another machine which would act uniquely as log collector.
Having 4 ACSs, usually they are configured like BOX1=primary, BOX 2 and BOX3=secondaries and the last one BOX4=log collector.
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
We did have this issue for a while - however I found it was because I had left a physcial span tap device in line...removed that and the port on the 6509 that the ACS is conencted to now says 1000/full (on auto negotiation).
I have set up Cisco LMS - Health and Utilisation monitor to see if it is a port overload (as in volume of traffic) and will see where that goes.
In response to teh reply re: moving the logging - tried that and it did not seem to make any difference - if anything it seemed even slower....
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :