Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS SE Redundancy With 802.1x

Currently I have 802.1x with ACS working to authenticate users to active directory. Eveyrhting is working great. I have added another ACS Appliance in our configuration for failover or redundancy. But when I unplug the ACS thats working I am unable to authenticate IP phones to the secondayr ACS. I see the following failed message in the logs of the 2nd ACS

"Authen session timed out: Challenge not provided by client"

If I run a debug on dot1x I get the following:

3d22h: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.233.42:1645,1646 is not responding.

3d22h: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.233.42:1645,1646 has returned.

3d22h: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.233.42:1812,1813 is not responding

192.168.233.42 is the unplugeed ACS. It never reaches the secondary ACS

2 REPLIES
New Member

Re: ACS SE Redundancy With 802.1x

Switch has the following configured;

radius-server host 192.168.233.42 auth-port 1645 acct-port 1646 key Password!

radius-server host 192.168.233.44 auth-port 1645 acct-port 1646 key Password!

ip radius source-interface

New Member

Re: ACS SE Redundancy With 802.1x

You can try below commands and see if it makes any difference.

radius-server host 192.168.233.42 auth-port 1645 acct-port 1646 test username radius01 idle-timeout 1 key Password!

radius-server host 192.168.233.44 auth-port 1645 acct-port 1646 test username radius02 idle-timeout 1 key Password!

HTH

MD

210
Views
0
Helpful
2
Replies
CreatePlease to create content