Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS and Load Balancer


we want to rebuilt our design. In the future we want to have 4 ACS server behind a pair of load balancer. Does anybody knows whether the ASC server works with a load balancer.

thanks for your answers.

Torsten Waibel


Re: ACS and Load Balancer

Yes it does! We will be deploying 4 ACS servers behind an ACE shortly.

Hope that helps.

New Member

Re: ACS and Load Balancer


thanks for your answer. normally we are working with f5 load balancers. so it should also work with them.




Re: ACS and Load Balancer

What might not be immediately obvious is that some protocols will load balance better than others.

Most LBs use a "sticky" timer to ensure that multi-message authentication exchanges (like EAP) will get routed to the same ACS server.

Thats OK, but sticky timers are normally measured in seconds.

ACS may keep 802.1x/SSL session state for hours with supplicants performing periodic re-keying over the session lifetime.

A worst case example: a wireless lan secured using a one-time password like RSA. If a periodic rekey goes to the wrong ACS (that doesnt hold the session state) it will trigger a new full authentication and result in the user having to dig out their RSA token again.

Just something to bear in mind.. the sticky timer needs to be as long as the re-key/re-authenticate time.

New Member

Re: ACS and Load Balancer

Thanks darpotter.

we use the ACS server only for TACACS and RADIUS Authentication, Authorization and Accounting. So we need to know whether a f5 load balancer will work together with 4 ACS server. Will the load balancer distribute the requests from one router round robin to all ACS server or will only one ACS server be responsible for the requests from a router.

Re: ACS and Load Balancer

Good point, we sticky by source IP.

CreatePlease to create content