Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Certificate issue at Secondary ACS

Hi

We have distributed ACS deployment model where Primary ACS can do the configuration role and secondary ACS is doing the monitoring role.

Our root certtificate was expired two days back and we have installed this on primary ACS bit forgot to install it on secondary ACS.

Due to this our some wirless useers were not able to connect with wireless with authentication fails messages.

So my question is , are both primary and secondary ACS accepting the AAA request and replying as we are using didtributted deployment model.

Or can share any cisco document which shows this ?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Certificate issue at Secondary ACS

The WLC will send authentication to the primary ACS server and only will use the secondary if there is no response from the primary. The WLC will not fail back to the primary unless the secondary fails to respond or if you have Fallback enabled in which the WLC will check if the primary is up.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
5 REPLIES
Hall of Fame Super Silver

Re: Certificate issue at Secondary ACS

The WLC will send authentication to the primary ACS server and only will use the secondary if there is no response from the primary. The WLC will not fail back to the primary unless the secondary fails to respond or if you have Fallback enabled in which the WLC will check if the primary is up.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

Re: Certificate issue at Secondary ACS

Hi Scott

Thanks for the information

Exactly the same thing is happening .Now client are authenticated by secondary ACS not from primary ACS.

How can we make the primary ACS to work ? will it be distrupted ?

Community Member

Re: Certificate issue at Secondary ACS

is there any way to check , when it was moven from primary to secondary ACS ?

Hall of Fame Super Silver

Re: Certificate issue at Secondary ACS

You can see it in the WLC logs or if you issues a show radius summary. That will tell you which is active or not.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

Re: Certificate issue at Secondary ACS

Is there any way in monitoring tab on ACS that can shows when autheniocation was shifted from primary to secondary ACS for those WLC's.

or any alarm.

142
Views
0
Helpful
5
Replies
CreatePlease to create content