Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACS 5.3 unreachable if network activity decrease

Hi,

I am triing to migrate my old ACS to the new one. I am using ACS 5.3 on appliance CSACS-1121. Sometime, i loose the connection to the appliance and i could not connect to the appliance with SSH, i could not start the GUI and the authentication is switched to the secondary instance. As soon as I have traffic, the connection is restored.

How can fix this problem. Could you tell me what kind of config, on the switch and on the appliance, i have to do.

Many thanks in advance for your answer.

Kind Gilles

Everyone's tags (4)
3 REPLIES

ACS 5.3 unreachable if network activity decrease

Hello Gilles

What you say is expected behavior. If you have several ACS appliances only one of them is primary and all the other ones are secondary.

"Primary" and "secondary" concepts are different from "active" and "standby" concepts. All ACS are "active".

The switch configuration tells the switch which ACS to talk to. It can be one, two, three, any number of ACS. Also if there are more than one ACS, the switch configuration gives the preference to the first ACS declared in the configuration. Only if the first ACS doesn't respond at all , the switch will try to talk to the second ACS declared. Only if the second ACS doesn't respond at all then the switch will try to talk to the third ACS and so on.

here's an example of switch configuration with three ACS

radius-server host 192.168.1.10 key MYPASSWORD

radius-server host 192.168.1.11 key MYPASSWORD

radius-server host 192.168.1.12 key MYPASSWORD

radius-server vsa send authentication

aaa new-model

!

aaa group server radius ACS

server 192.168.1.10

server 192.168.1.11

server 192.168.1.12

!

aaa authentication dot1x default group ACS

aaa authorization network default group ACS

aaa accounting dot1x default start-stop group ACS

New Member

ACS 5.3 unreachable if network activity decrease

Hello,

It's a miss understanding.

I dont have any problem with the ACS application. But I think it's a problem with the IP Stack of the appliance and the switch cisco catalyst 3560. I lost the connexion with some host from and to the ACS appliance !

For example, we have a management application. This is polling the appliance each 5 minutes (ping and SNMP) after a while, the application could not reach the appliance ! this begin especcially when the request to the appliance is going down.

If i try to ping from the appliance the managment application. I have no answer and both are reachable from my workstation. Network is up and running well and ACS instance working fine !

Do you have an idea how to fix this problem. It a special network config to do on the switch 3560 or on the aplliance. Is it a hardware problem from the appliance ?

Many thanks for your help

New Member

ACS 5.3 unreachable if network activity decrease

Hello,

I found the solution : I reconfig the poret of the switch by using standard Cisco macro and it's working fine.

Kind Gilles

571
Views
0
Helpful
3
Replies
CreatePlease to create content