Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Understanding ACS v4.1

Hello, I am knew to ACS and I'm trying to understand it. We use the ACS for our wireless authentication. All of our 14 WiSM's are setup as our clients. I have 3 AAA servers, which are our 3 ACS. We have 2 remote agents. Right now i'm moving the remote agents to vm environment. I am working on getting the secondary remote agent working on the secondary ACS, i have tried to isolate so that only I authenticate through that ACS but it doesn't seem that way, I have other people going through that ACS when they should be authenticationg to the primary. Is there a limit on how many people can authenticate on one ACS? When does it decide to authenticate to the secondary one if the primary is up and functioning correctly? Thanks, Joanna


Re: Understanding ACS v4.1

NO there is no as such limitation. The only condition request will go to secondary is when there is no response from primary acs (upto timeout value). When timeout expires it sends same request to next server in the list.

When that user failed to connect to primary , please check if there is any logs in failed attempts?

Also check the WLC logs to know the fallback reason.



New Member

Re: Understanding ACS v4.1

Thanks JG, that's what I thought, but I can not figure out why it is not behaving this way. I checked logs in failed attempts but I only see "bad password" and "Authentication session invalidated" and some "Users Radius request rejected (by Radius extension DLL". Do you know where I can find a translation of these errors?