Wednesday, May 4, 2016

HOWTO: setup replication for cisco ACS servers 5.8

In this blog I will show you how simple the process for  setting up  ACS AAA server for replications.

This process requires you to have admin accounts available on the primary and secondary unit.

NOTE:  If you do not have  a valid  CA certficate installed, you must disable trust communications under the system administration global settings.

Now on the "secondary you will need to set the name ( DNS ) or ip-address of the primary under;

System Administration

Operations > 

Local Operations > 

Deployment Operations

This section is what enabled the secondary as a "secondary" or dereigster or promoting it as a primary.


When you 1st register, the secondary will restart the acs process.
And you will have a screen similar and unavailable login.

Standby,  this can take 5-10 min to complete. 

You can monitor the status on the  primary unit 
and after the pending status has completed you will know if the  secondary is up.

Next, we will test replication by crafting a user account on the primary and monitor the replicate. 

( here's the account creation on the primary )

( and now it's replicated on the secondary )

NOTE:  The login on the secondary when made available will have the key words of  "secondary"

 Key notes;

1: once you are set as primary--> secondary ;  all changes are executed on the  primary unit
2: if the primary is down, you can promote ( secondary ) as primary  from the secondary

3: if you make a mistake  and are not running in  standalone alone, you mistake is transferred to the secondary
4: For #1, only a handful of items are configurable on the secondary but typically you can't configure  the following;


hint: For  items that's not configurable on the primary the export/create/duplicate buttons are missing.

You can use the system options command to validate replication by reviewing the replication ID, status 
   and last replication date/time.

System AdministrationOperations > Distributed System Management > 

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment