I've recently setup multiple ACS 5.1 boxes with the primary/secondary replication for redundancy.
I was thinking to use this for redundant RADIUS services (point wireless controllers etc. towards multiple ACS-instances, and let RADIUS monitoring dead-timers figure out which servers to use, in case of a failure). For RADIUS this works perfect.
aaa authentication login default group TACACS local
[aaa authorization lines for each priv level also setup with fallback to local]
I have 2 issues with this:
My thought was that if one TACACS server fails, the IOS-units would use the next server in the server-group, but what happens is that after ACS1 times out, my login-prompt only accepts the localadmin account.
Also - If i shutdown ACS1 WHILE being logged in, the authorization correctly falls back to ACS2, BUT only after trying ACS1 on every command entered. I can't seem to fin any dead-time feature on TACACS, which would solve this issue.
Anyone got a best-practise take on redundant ACS-servers for TACACS? Can't seem to find any on CCO.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...