I want to config 2 ACS Server, one is Primary and the other is Secondary and I have 1500 devices. Now I config 800 devices point to Primary server and 700 devices point to secondary server. Does it work?
If it dont't work,I must config all my 1500 devices point to primary server. My question is "how can I config my 1500 devices point to primary server and if it's failt, my devices can auto point to secondary server?"
3. in your device configs set up the primary ACS first and then the secondary. See below:
tacacs-server host > tacacs-server host >
The config will attempt to locate the ACS servers in the order given in the config so the order matters. If the devices can not reach the primary then it will go down the list until it finds an ACS server that is communicating.
Its probably best not to set the 2 servers up on the same network if possible.
But I have just 1 problem. Cisco Secure ACS can use a notification e-mail send to administrator. I tried to config it but...
When I Install the Cisco Secure ACS, it appear an window include e-mail configuration. I disabled it. Now, I finished Installing ACS. And I want to enable notification e-mail. On Cisco ACS Menu, click System configuration -> ACS Service Management -> Check Email notification of event -> Type my Email and SMTP Server Hosname (Operated) -> Submit. But my Inbox doesn't receive any e-mail form ACS. Please help me.I wonder if this problem 's due to the ACS Installation???
Do you have either one of the check boxes selected in the SYSTEM MONITORING box above the EVENT LOGGING box? One of those has to be selected in order for you to receive e-mail alerts.
If one of those is selected then you may want to create an event to test it. If you still haven't received an alert then you may have to check with your e-mail team so see if there are any restrictions on the SMTP server or if your ACS server has to be authorized by the SMTP server.
I haven't really worked with event logging notifications in ACS all that much so this is about my limit of what I can help with.
May be you 're right. Cisco Secure ACS is not authorized by SMTP Server.
I have one more problem to see logging files in Cisco Secure ACS. It's Logged-in User Log. Althought logged in to one of my Cisco devices, i haven't see any things in Logged-in User Log. My server is TACACS+ Server, but when I add an AAA Server, I must chose Server Type is Cisco Secure ACS to use Database Replication (TACACS+ does not work whith DBR), and Cisco Devices were configured to work with TACACS+ protocol, so Server's type and Client's type is not match. I also config in AAA Client authorization and accounting using same type - TACACS+. by Reading some documents, it was said that the Logged-in Usre Log just work with RADIUS, is it right?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...