I have a Task where I have to relocate ACS setup of Primary and Secondary ACS to a new DC, no configuration changes will be done, however, I have to do this with zero downtime.
The plan is move the secondary server first to the new DC, promote the server to Primary, and then move the second server.
As far as I know, the secondary server will be able to receive and process AAA requests with no changes needed, please correct me if I am wrong here.
My question is, when I promote the secondary server to Primary role, will the IP address swap? would it take the IP address of the existing primary server?
I need to make sure if this will happen or not since I am not sure if the wireless infrastructure (the critical service is the wireless) is configured for both ACS IP addresses or not, and I would appreciate you help to understand this better.
Is there any change in the HA/promoting servers behavior between the different 5.x versions? would this be different for a 5.4 setup for example?
If you prompt the secondary to a primary the IP addresses do not swap. Only the server role changes from primary to secondary and vice versa.
Now, you can configure the new AD in the primary and that will be replicated automatically to the secondary server. You have however to make sure that the new AD has same structure as the old one. Otherwise, the policies that you configure for specific AD groups or attributes may not work. If both ADs are exactly the same then it is supposed to make no change If the user credentials you use to join the ACS to the AD are exist in both current and new ADs.
Rating useful repies is more useful than saying "Thank you"
Rating useful replies is more useful than saying "Thank you"
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :