Firstly, thanks for taking the time to read my post / question.
I'm currently in the process of setting up an ACS 5.2 device and authenticating wired clients via their AD credentials (Single Sign On option in Win 7). The question I have is, what happens to the set-up if the AD servers become unavailable?
I can use the command
authentication event server dead action authorize vlan XXX
To help mitigate any issues should the ACS servers fail however if the AD server goes down is the authentication treated as a failure?
I've tested every other eventuality on my test setup however this is one that I can't test and can't seem to find any documentation about.
first you can have several Domain Controllers in your AD, so that limits the down possibility.
What ACS decides the authentication is, is configurable, If AD is your only database in the policy you can decide in the advanced options if you consider "user not found" as reject or not, if you consider "process failed" as drop or reject etc ...
Accses policies-> your policy-> identity-> advanced options.
If you set drop on ACs, it will become a "no-response" on the switch.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :