Solved

Cisco ACS propagation to secondaries in cluster

Posted on 2016-10-21
2
31 Views
Last Modified: 2016-10-22
I recently added some secondaries into a TACACS cluster. I was under the impression that most everything would be propagated from the primary to the secondaries. Some items did - like the network devices and AAA clients, root CA, user, LDAP, AD configuration. But other things like Access Policies and Policy Elements did not. Does anyone know why these might not have propagated to the secondaries?

In earlier versions - long ago - of ACS you could select what you did or did not want propagated. But I no longer see that in 5.4 code.
0
Comment
Question by:amigan_99
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 41855353
Everything apart from device-specific certificates should replicate to the secondaries. If you force replication to the secondaries each box should pull everything from the primary.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 41855368
You're right! The issue turns out to be browser-related. And interestingly it was not consistent. Using the same browser you could see the replicated policies on one ACS secondary and not another. AND those two secondaries were at the same code and patch revisions. Changing to Chrome let me see the replicated policy information although later I realized there are tech notes which specify you should use Explorer or an earlier version of Mozilla Firefox. Now I know. Thank you.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now