We have two ACS servers( ACS01, ACS02) running on VM( with latest 5.7 version), both contain different sets of data. we want to keep those two servers in distributed mode(ACS01 as primary and ACS02 as secondary) with full replication, if i set it up like that the data present in the ACS02 will be over written by ACS01. So is there process in moving the data present in ACS02 to ACS01 and set up those two in distributed mode.
Both ACS have different active directories present in different domains.
There is not actually an easy way to merge these 2 databases, what you will have to do is try to export/import the data that can be done using .csv option ( only Network devices, NDGs, Users, Identity groups, and command sets are exportable ), the rules and all other settings will have to be configured manually.
And related to the AD domain, the ACS will only be able to join to one single domain, if you want to be able to authenticate users from a foreign domain, it will be necessary to create a 2 way trust relationship between the 2 domains ( the one ACS will be joining to and the foreign domain).
After doing that, users from foreign domain will have to enter username+domain name to be able to authenticate.
When importing and exporting this data you are able to either only add ( to the existing data) or or overwrite all the data that you already have, so you will able to add the data from one ACS to the other without loosing your current database.
And related to your concern if you are able to migrate data from one AD to the other, I have read it is possible by using a tool called ADMT (Active Directory Migration Tool), but not quite sure about the details on how to do it. You might want to get some AD support on it.
Yes, that is something else you can do. Manually add all what you have on ACS02 to ACS01, and once you setup the distributed deployment, you will have a mirror between the 2 ACS.
I proposed the import/export option since you might have a hard time manually adding all the devices, users, and groups into ACS01 in the case you had too many of these configured, but if it is better for you, you can definitely do this manual procedure.
After migrating all data from ACS02 to ACS01, Do we need to update the tacacs configuration in each and every device (which are present in ACS02 earlier) ? or we can keep it like that because we are doing the distributed mode with full replication, so both the servers contain same data right.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :