Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco Secure ACS server configured for ASA is unable to register logs in Radius Accounting or logged in user report

Core issue

In this issue, if ASA is configured with two ACS servers, and both are Active, ASA reports primary as failed and sends accounting logs for wireless users who use EAP-FAST to secondary ACS server.

Resolution

Complete these steps in order to resolve this issue:

  1. Change the reactivation-mode as Timed on ASA with these commands:

    hostname(config)# aaa-server RADIUS protocol radius
    hostname(config-aaa-server)#
    reactivation-mode timed

    In timed mode, failed servers are reactivated after 30 seconds of down time. This is useful when customers use the first server in a server list as the primary server and prefer that it is online whenever possible. This policy breaks down in the case of UDP servers. Since a connection to a UDP server does not fail, even if the server is not present, UDP servers are put back on line blindly. This could lead to slowed connection times or connection failures if a server list contains multiple servers that are not reachable.

    Accounting server groups that have simultaneous accounting enabled are forced to use the timed mode. This implies that all servers in a given list are equivalent.

  2. From AP GUI, choose Security > Server Manager. For RADIUS Accounting, configure Primary and Secondary server as Priority 1 and 2 respectively.

  3. Go to the service set identifier (SSID), and check Accounting.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:40 PM
Updated by:
 
Labels (1)