Scenario: Currently have a ACS (3.02) for Win2K, we recently purchased another server (faster) to act as a secondary AAA server.
1) Once the initial replication occurs between the old server (primary) to the new server (secondary), are there any specific steps to make the secondary primary and primary secondary ?? Only because the new server we bought is faster
2) Will AAA logs get replicated over as well after teh initail replication ?
3) When doing daily failed attempt log checks, does one have to check both servers ?
1) Which box is primary is defined in two different ways:
On the AAA client (switch, router, pix, etc), the first aaa server listed is the primary. The second is the secondary. So, if you want to start using the second box, then list it's ip address first in your router config.
Also, for the purposes of replication, one box is considered Master and one is considered Slave (or primary and secondary). Keep in mind that the ACS boxes don't know whether they are primary or secondary servers in relation to the AAA clients - again, that's determined by the clients.
So, if you want to make the new box the primary, then make it the initiator of replication, and make the secondary a received. Then, configure all your AAA clients such that the new box is listed as the first aaa server.
There are other ways to do this, but this works well in most cases.
2) No, the logs don't get replicated - they only apply for the individual AAA server. Also, keep in mind that if you are authenticating to an external DB like NT, LDAP, Token Servers, etc, be aware that this information is NOT replicated and must be manually configured. That's because each box has there own dll's for the external DB's that must be configured with that ACS box's information.
3) You only have to check both if you have AAA clients authenticating to both.
Best practices note: It is strongly recommended that you schedule replication AND backups to occur on a regular basis during low demand periods.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...