Hello, I am knew to ACS and I'm trying to understand it. We use the ACS for our wireless authentication. All of our 14 WiSM's are setup as our clients. I have 3 AAA servers, which are our 3 ACS. We have 2 remote agents. Right now i'm moving the remote agents to vm environment. I am working on getting the secondary remote agent working on the secondary ACS, i have tried to isolate so that only I authenticate through that ACS but it doesn't seem that way, I have other people going through that ACS when they should be authenticationg to the primary. Is there a limit on how many people can authenticate on one ACS? When does it decide to authenticate to the secondary one if the primary is up and functioning correctly? Thanks, Joanna
NO there is no as such limitation. The only condition request will go to secondary is when there is no response from primary acs (upto timeout value). When timeout expires it sends same request to next server in the list.
When that user failed to connect to primary , please check if there is any logs in failed attempts?
Also check the WLC logs to know the fallback reason.
Thanks JG, that's what I thought, but I can not figure out why it is not behaving this way. I checked logs in failed attempts but I only see "bad password" and "Authentication session invalidated" and some "Users Radius request rejected (by Radius extension DLL". Do you know where I can find a translation of these errors?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...