Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.3 performance

I'm using an ACS appliance (5.3) for Tacacs authentication and also hopefully Radius as well.     I upgraded it to 5.3.0.40.9 as I was having some performance issues with it when accessing the gui and read somewhere that this version was supposed to be better.     Unfortunately its not better, its actually worse, sometimes taking 20-30 seconds to display a screen (e.g. Radius authentication) and taking too long to save policy after making changes. 

It also now regularly displays this error which isn't easy to get rid of unless I log out and back in which is frustrating.    Anyone any ideas, is it worth upgrading to 5.4 and does that change the policies at all?  The performance issue almost seems like a disk fragmentation issue.

thanks

chrisACS error.JPG

3 REPLIES

ACS 5.3 performance

Chris:

- Have you tried different browsers and different machines to login? do they all show same behavior?

- What is the processes status of the ACS server?

- Have you tried to reload the ACS if that can help get rid of the issues you have?

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
New Member

Hello, This for sure looks

Hello,

 

This for sure looks like a browser issue or a DB issue.

 

You still running 5.3?

 

Regards,

 

Erick Delgado

 

 

This problem occurs when you

This problem occurs when you do the following:

a. Choose Users and Identity Stores > External Identity Stores > Active Directory > Directory Attributes.

b. Perform the attribute retrieval operation for any Active Directory user. Choose the attribute with the type string. For example, choose the name attribute.

c. Choose Access Policies > Access Services > Default Network Access > Authorization and create a rule with the condition as AD1:name with a value, and click Submit.

d. Now, choose Users and Identity Stores > External Identity Stores > Active Directory > Directory Attributes and edit the datatype of the name attribute from string to IPv4 Address, and click Submit.

Workaround:

Refrain from modifying the Active Directory attributes type after is created and used in a policy.

176
Views
0
Helpful
3
Replies
CreatePlease login to create content