Re: Help with setting up Secondary ACS Server

From: Christian Zeng (christian@zengl.net)
Date: Sun Apr 20 2008 - 03:59:23 ART

• Next message: davidytk: "CCIE Book Study"
• Previous message: Eric Leung: "Re: spanning tree diameter"
• Maybe in reply to: Cacca Mucca: "Help with setting up Secondary ACS Server"
• Next in thread: Cacca Mucca: "Re: Help with setting up Secondary ACS Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

* Cacca Mucca wrote:
> 3. Modified both firewalls for all traffic between the two servers

Make sure to disable skinny protocol inspection (pix/asa). I had that
problem a week ago and received this hint from TAC).

> 4. Followed Cisco documentation (an oxymoron)
> a. Added both servers as AAA Servers on both databases
> b. They both have the same shared secret

On each ACS, not only the key for the other ACS must be set, but the key
for "Self" must also equal to the same shared key.

> c. Primary is configured to send and secondary is configured
> to receive

Just to make sure: You configure "Internal database replication", not
"database synchronization", correct?

HTH,

Christian

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: davidytk: "CCIE Book Study"
• Previous message: Eric Leung: "Re: spanning tree diameter"
• Maybe in reply to: Cacca Mucca: "Help with setting up Secondary ACS Server"
• Next in thread: Cacca Mucca: "Re: Help with setting up Secondary ACS Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART