I have x2 ACS v4.2 servers in a test environement, I wish to use one as primary and the other as the secondary. So in essence I want to duplicate the users, groups, and other settings from the primary onto the secondary. Does anyone have documentation on how to achieve this?
Re: How to deploy ACS v4.2 to support Server Failover
The replication feature is there to support exactly that.
Under interface options you can enable distributed system settings and replication. This allows to do define the secondary ACS in network config on the primary and vice versa... both require knowledge of the other servers' shared key.
On the primary (master), under replication settings you can choose which elements of the config you want to replicate, where to and when. On the secondary (slave) you say you'll accept replication from the primary. You can optionally configure "cascade" replication such that a slave automatically replicates to one or more additional slaves after receiving data, ie a chain or tree topology.
Historically replication doesnt include everything,, such as external database group mappings, user defined RADIUS vsa's etc. Its mainly for user and group data although over time more features have been added. Best to check the builtin docs or search cisco.com for the v4.2 full user guide.
Note that replication is NOT bi-directional... any database changes made to the seconday will be lost next time the primary replicates out. Also, while data is collated (on the master) prior to sending out, and while inbound data (on the slave) is processed, authentication processes will stop for about 30 seconds.
Although it creates added cost you could consider having a third ACS which is the configuration master whose only purpose is to replicate config out to two slaves.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...