Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
2
Replies

ACS Primary and secondary instance clarification

vijay kumar
Level 2
Level 2

‎08-06-2014 10:23 AM - edited ‎03-10-2019 09:55 PM

 

Hi All,

 

We were having Two ACS(primary and secondary) in our network. secondary server was EOL. Hence we are replacing it with new ACS.

Primary ACS is having configuration for TACACS authentication and radius authentication for wireless users. We just replicated this with new ACS.

Moreover we had  a requirement of 802.1x auth for wired users. Hence we configured in the new ACS.

Hence please provide me Clarifications for the below

 

1. Can I use this new ACS as primary and make the existing ACS to join?

2.IS it possible to sync the database of existing ACS to new one?

3.Configuration backup from new ACS to existing ACS?

4. Or any better solution.

 

Thanks,

Vijay.

 

Labels:
0 Helpful
2 Replies 2

hdussa
Level 1
Level 1

‎08-06-2014 11:25 PM

Hi,

why do you want to make the new ACS to primary? Primary always sync its Database to all secondaries. So you´ll loose the existing ACS configuration.

If the new one needs to be the Primary, you need to make a Full Backup of the exististing ACS and Restore it to the new one. Then join the old ACS to the new one.

Do it in the Lab before!!!!!

Horst

0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎08-07-2014 01:16 AM

The configuration changes performed on the primary ACS server are replicated to all the secondary ACS servers in the deployment. At a time, you can have only one ACS server as the primary server.

So if you add a new device as primary then you loose all the configuration.

ACS provides you the option to back up the primary and secondary instances at any time apart from the regular scheduled backups. For a primary instance, you can back up the following:

  • ACS configuration data only
  • ACS configuration data and ADE-OS configuration data

If you want new as primary then restore the backup

Under normal circumstances, each configuration change is propagated to all secondary instances. Unlike ACS 4.x where full replication was performed, in ACS 5.3, only the specific changes are propagated. As configuration changes are performed, the administrator can monitor (on the Distributed System Management page) the status of the replication and the last replication ID to ensure the secondary server is up to date.

If configuration changes are not being replicated as expected, the administrator can request a full replication to the server. When you request full replication, the full set of configuration data is transferred to the secondary server to ensure the configuration data on the secondary server is re synchronized. The primary ACS transmits the compressed, encrypted copy of its database components to the secondary ACS.

0 Helpful
Customers Also Viewed These Support Documents