I am implementing two identical ACS 4.0 servers for my customer as RADIUS servers. They will be pointing to existing AD user DB by unknown user policy. Group mapping is done as well.
I just got challenged by my customer to ask me to enable "auto configuration synchronization" between the two boxes. I checked through the manual again and got no hint for this. Anyone can give me some idea on this? Thanks in advance!
1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication
2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.
3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.
4) Ensure that the secondary server has it's replication scheduling set to "manual".
5) Please verify that your servers are all running exactly the same ACS version and build.
6) Also let me know if we have any firewall in between two acs servers.
Are these supported and unsupported features documented somewhere in CCO? I'm concerned about the inability to replicate Dynamically-mapped users. I went through the whole ACS SE 4.1 User Guide and didn't find an exact answer.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :