I have Two ACS , the Primary ACS has the IP address 192.168.1.8 and the secondary ACS has the IP address 192.168.1.9
I tried to forward the authentication requests to the secondary ACS to make sure that we have no problem in case the primary fail but the secondary ACS did not respond to the requests sent from the AAA Client though I have no problem with the primary ACS.
The secondary ACS has the same configuration and feature set as the primary ACS, the primary ACS is configured to replicates its username, configuration, etc. every 60 minutes, the Secondary ACS is configured to receive those replication information.
Unfortunately the secondary ACS is not responding and is giving the following message:
No response from (192.168.1.9:1645,1646)
RADIUS/ENCODE(00000019): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
I will appreciate if someone can help me with diagnosing what?s going on
Here is the complete debug while entering the username/password :
Unfortunately there are no any logs in the Secondary ACS, the only logs I can see is the commands I entered it on the AAA client, there is no failed attempts records.
The Radius is dead, currently I bypassed this issue by installing a new ACS on a third server , the IT department is persistent to solve this issue from the root, they want me to analyze the problem and discover the reason behind this phenomenon.
I will dedicate a time next week to play very hard with this ACS to know what?s going on, meanwhile I will be glad if some one can tell me some methods to run a debug on the windows machine.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :