Adding a secondary server of GBA 5.4
Hello
My client has an ACS 1121 version 5.4. Now, we want to install a 1121 ACS secondary.
Can someone help me with the procedure?
Thank you
Hi Jonathan,.
Please follow the user guide:
The Log collector will be for the entire deployment. It is recommended to have the collector of newspaper on the body that manages less queries AAA.
To set the Log collector:
Pawel
Tags: Cisco Security
Similar Questions
-
Secure ACS 5.7 - adding a secondary server to the primary
Hello.
I recently set up two servers Secure ACS 5.7 primary. I want to make one of the main servers a secondary server. When I try to register at the elementary level, I get the following message:
This failure has occurred: save failed due to invalid certificate. Your changes have not been saved.
Both servers have valid certificates. But other that to extend the validity of the cert, no other changes have been made.
Any ideas please?
Thank you
Daniel
Hello Daniel,.
For the communication of trust option work. It is necessary to use certificates signed by one or the other it external or internal, and add to it, you must import the transmitter respective root/intermediate cases under "users and storage of identity > section"Certificate authorities"on both ACS servers.»
Alternatively, you can choose not not to use the feature "Trust communication" by going in "System Administration > Configuration > global system Options > Trust Communication Settings." and uncheck the check box for the feature.
Note: Please mark responded as appropriate.
Note
Note
-
ACS 5.7 - access to tracking and reporting on a secondary server to the primary server
My organization has an ACS deployment, consisting of three servers. Currently, the primary ACS server is also the newspaper collector. However, Cisco recommends to a secondary server in the log collector.
I noticed that I have connection on the secondary server and click on "Monitoring and reporting", I am prompted to connect to the main server because that's where newspapers. I guess if the newspaper collector is on the secondary server and I click on "Monitoring and reporting" of the main server, I will ask you to connect to the secondary server.
Is there a way of not having to connect twice (once to access the web interface and new access reports)? It seems that deployment of ACS should support a kind of function of single sign-on and once you are connected to a server, gives you access to another without having to log in again.
Hi David,
I know that the Cisco documentation mentions the school be the best practical paper collector, however, which in fact means is that the server acting as collector of newspaper should be not authenticate users.
If your backend is the collector of newspaper that should be fine, as soon as it's not authenticate users (but secondary responds to this task).
And related to the shift, that of right, independently on the server to which you connect, once you click on "Monitoring and reporting" you will be redirected to the collector of the newspaper and need to connect in it, unless you are currently on the newspaper collector and click on 'tracking and reports.
SSO between servers would be a good thing but is not available.
Note: Please mark as answer as appropriate
-
ASA - added a public server and it is limited to this traffic
I added an internal e-mail server to a whole new ASA5510 today. I used the GUI because it is a fairly simple installation. In any case, I added a mail server to allow the port 25 inbound on an address static nat dedicated to this server. But now, this server can not do anything on the internet: the navigation or search DNS, etc.. The server is also the internal DNS server. I'm probably missing?
Hello
It not on MAC address about proxy arp
- Addresses on the same network as the interface is mapped.
If you are using addresses on the same network that the mapped interface, the ASA uses proxy ARP to respond to all ARP requests for mapped addresses, thus intercepting traffic destined to a mapped address. This solution simplifies the delivery because the ASA is not to be the gateway for all additional networks. This solution is ideal if the external network contains a sufficient number of free addresses, a consideration if you are using a 1:1 translation as dynamic NAT or static dynamic NAT PAT greatly expands the number of translations, which you can use with a small number of addresses, so even if the addresses available on the external network is small, this method can be used. For PAT, you can even use the IP address of the mapped interface.
Note If you configure the mapped interface to be any interface and you specify an address that is mapped to the same network as one interfaces mapped, then address topographiee in an ARP request for who arrives on a different interface, then you must manually configure an ARP entry for this network on the interface of penetration, by specifying its MAC address (see the arp command). Normally, if you specify an interface for the mapped interface, then you are using a single network for addresses mapped, so that this situation would not occur.
- Addresses on a single network.
If you need more addresses available on the mapped interface network, you can identify the address on a different subnet. The upstream router needs a static route for mapped addresses that points to the ASA. Otherwise for routed mode, you can configure a static route on the SAA for mapped addresses and then redistribute the route using your routing protocol. For transparent, if the real host is directly connected, configure the static route on the router upstream to point to the ASA: specify the IP address of the bridge group. For remote hosts in transparent mode, in the static route on the router upstream, you can also specify the IP address of router downstream.
Mapped addresses and routing
HTH
Sandy
-
Java for the secondary server of Iaas
By using the Installation Wizard, why doesn't the spell prereq check java for the secondary server to Iaas? What is the purpose of the java is used?
- Secondary server of Iaas (inf-1)
- Iaas (inf-2) backend
- Server roles
Kind regards
Hello
Yes you are right, and referring to the document correct when it come to the installation of JRE to vRA is a sine qua non for IaaS, so as it can support the deployment of MS SQL, so we need to install java on the machine hosting the web component rather than the external machine working with MS SQL.
Rgds
Frédéric
-
Questions about vCSHB 6.5.1 (LAN or WAN and physical vs. virtual secondary server)
Hello
I have a few questions about vCSHB 6.5.1:
1) there are two sets of installation guides: one for secondary physical server and a secondary server.
What are the main differences between these two scenarios?
(2) for vCSHB, there are two deployment options: LAN and WAN
2 (a) which option is most common?
2 (b) If an option (for example, LAN) works in an environment, can I assume that the other would work as well?
And what a difference these two options?(3) is vCSHB backward compatible? VCSHB 6.5.1 works in an environment where an earlier version (for example vCSHB 6.4) works?
(4) what version of vCSHB (e.g. vCSHB 6.5 or 6.4 and 6.3) is widely deployed today?
Thank you.
(1) there should be nominal differences - what is different is discussed the virtual network set up against the physical network implemented
2 (a), in my experience LAN configuration is more common because it over a high availability solution oppesed to DR.
2 (b) not necessarily, you should make sure that the appropriate ports are open
(3) I think it is but you have to bring everything up to a compatible version as a best practice
(4) I'd go with the latest version as it has been out for a few weeks-
-
Repository migration to a secondary server in clustered environment
I implemented a clustered of QA following environment
Machine 1 - main cluster service, host of Java, Presentation Server and the BI server. This server also has the master repository
Machine 2 - secondary cluster service, host of Java, Presentation Server and the BI server.
Everything works fine. Now, I'm trying migrate repository updated dev to QA. I dropped all services, copied the new repositoty to 3 - Reposioty directory on server 1, shared location and directory of repository on the secondary server.
When I do the service to the top the machine 2, the repository on machine 2 is returned to the previous version of the repository. I see this by noting that the date of the last modification of the repository gets changed at an early date. SO I understand that machine 2 tries to synchronize with the master repository on the computer 1. But why is it synchronize with an older version of the repository when I placed the new repository as master?
Any help is greatly appreciated
Published by: VNC on January 25, 2010 11:49In a cluster environment, when we modify the repository on the online mode, it will create files in the shared location. The file name will be "
> .rpd. " >". This file will reflect the secondary repository when you reboot the secondary server to BI.
"In your case, you have replaced the RPD file in 3 places, but even these".rpd.> "files reside there. reflects this file in the secondary server. So, you can remove the primary and secondary location .sav files, and also remove all the .rpd. > files from the shared location. That will solve your problem. -
ACS secondary server does not authenticate users through 3850 WLC
HI - I have a question that my secondary ACS server does not authenticate users when the primary is taken offline. My configuration is:
3850 WLC by using the code version 03.07.00E
ACS Version 5.6 (primary/secondary)
The two ACS servers added to WLC (ACS-NLBP-01 (primary) / HEN-ACS-01 (secondary)), defined in the Group server (ACS_AUTH) and also the method list (ACS_AUTH). List of the ACS_AUTH method is then applied to the SSID.
A 'test of ACS_AUTH aaa server group' command for the two outcomes of ACS server as a result of access. Communication IP/Radius is operational between WLC and two ACS servers.
configuration of 3850 also attached for reference.
Any help would be appreciated.
Thank you
Scott
Please add the below listed orders and test again when you can.
Server radius # deadtime $min$
retransmission of radius-# 1 Server
# Server radius-dead-criteria times 5 tent 1Configuring settings for all RADIUS servers
HTH
~ Jousset
-
Adding a secondary network in Ubuntu JEOS in ESXi interface
Hello world
I was able to migrate a server http Ubuntu JEOS 32bits and get eth0 works) - thank you!
I am now trying to add a secondary NETWORK card to this server. I've set up with 2 network cards in each subnet of ESXi. I added another virtual ethernet card on the virtual computer.
Problem is, ESXi is to assign the primary network card MAC address and will not affect the mac for the secondary network card?
I'm doing something wrong?
Peter
I don't know if this option is present in your linux distribution. In CentOS, RHEL etc... There is an option in the Network Setup page (run cmd), in which it allows you to probe the mac address assigned to the NIC automatically neat from the GUI.
I don't think you really need to probe the mac address. But just in case any suggestions do not work, you can remove the second NIC of the virtual machine, remove all the settings of the card NETWORK card in your GDS network files. Add a new fresh NIC card and configure the settings of the new!
-
Why approximately 100 users have been added to my server - which are all of type system
I'm under Server 5.0.15 on El Capitan 10.11.3. I looked at my list of users today and about 100 user of the system have been added which were not a few days ago. They are safe or should I worry and try to get rid of them.
Some examples are:
Non privileged user
Unknown user
UNIX to Unix Copy Protocol
TeamsServer
World Wide Web server
The list is long.
Perhaps more useful is this screenshot that some users having recently "published" their own shoes.
-
Adding a DHCP server in my virtual environment so my virtual stuff get IP, instead of vmware dhcp
Hi all
I do a laboratory test where I need DHCP Server1. 2 3. ADDC and DNS of the client machines and exchange 2003 environment. I want it to be fully functional and I want my DHCP server to assign the ip address of my entire network, but I don't see any option to add my dhcp in this environment, I tried, but virtual machines take ip from the dhcp server on VMware builtin, could someone guide me how can I make my dhcp added to this environment?
Eventually this environment will be upgraded for 2013 Exchange and windows 2012r2.
You must assign a static IP for your DHCP server... after that, try to restart the DHCP service and see if your stations get IP... otherwise, confirm that your DHCP server is authorized on AD.
-
Adding a secondary WLC with different software version
Hi all
Soon I will deploy a secondary WLC (primary, active) with the version of the 7.4.121.0 software
The environment have a standalone WLC (secondary, hot standby) with the version of the 7.0.240.0 software
I have read the deployment guide "Configuring High Availability" and have this quote: ' we recommend that you do not combine two controllers on controller different versions of software.» If they are matched, then the controller with address of management of lower redundancy becomes the active controller and the other controller goes into maintenance mode. »
I know that the upgrade to secondary WLC can be provide by WLC primary only.
So, how can I do this?
1 - downgrade the WLC secondary to the 7.0.240.0 and the controllers of the pair of two or
2 - controllers to couple the two and to match the two controllers (perhaps with questions)?
And it s necessary in both controllers have the same version of software images (boot primary and secondary boot)?
Thanks for any response.
It is necessary to have the same version of code... because if ap moves one wlc to another, they will have to be upgraded and or downgrade, which can take 5 minutes or more. This will affect your end users. The WLC should also be the same model... well its recommended. But if your current wlc does support the latest code, then your new wlc will have to be downgraded.
Here is a table of compatibility to keep handy:
http://www.Cisco.com/c/en/us/TD/docs/wireless/compatibility/matrix/Compa...
-
AAA / adding additional ACS server
Hello guys,.
You need to install AAA proposed plan as attaché. We used the current configuration for a very long time for our facilities and data centre devices. Now we want to add a more updated ACS apart from the existing two and need to point out all the data center on the new ACS server devices.
Is it possible to set up groups of many materials and separate ACS server for defined groups? If possible please let me know the commands, and if not, please let me know the two ways.
Hope you could understand my needs and the current configuration. PFA...
Thanks in advance!
Best regards
Anurag.K
Hi Anurag,
You can add the new ACS/Ganymede server and have this server in the upper part of the sequence.
10.16.2.10 RADIUS server host
10.16.2.8 RADIUS server host
10.16.2.9 RADIUS server host
GANYMEDE server key xxxxx
If you really want to create a separate group for the new ACS/Ganymede server then you must have under configuration shown.
AAA server Ganymede group + Group1
Server 10.16.2.8
Server 10.16.2.9
AAA server Ganymede group + group2
Server 10.16.2.10
AAA authentication login default group GROUP1 GROUP2 line
I want to knoiw if you have doubts.
~ BR
Jatin kone* Does the rate of useful messages *.
-
I install new software to version 8.03 running ASA5510 and using ASDM-603.
The ASDM to add host computers using snmp-server, most of the ip addresses in the subnet works very well. However, I have two addresses that always display an error "conflict of IP address with the broadcast interface address.
One of the addresses is 192.168.100.79 and the management of the ip interface is 192.168.100.252 with a 24 bit mask. It's weird because I can add 192.168.100.78 or 80 simply not the 79. BTW, 88 is a second, I tried and got the same error. I have several in the same subnet that works wonders.
Someone knows what may cause this?
Thanks in advance.
This is bug CSCsm15806, where if you have any interface on the ASA configured with a 255.255.255.252 mask, ASDM raise an error when you try add a snmp server with an address of the host that would be a broadcast with this mask address. The interface is not serious, this is just if you have any interface with a 255.255.255.252 mask on it.
The bug was fixed only 4 days ago so is not yet in an official statement. For now, just add the snmp via the CLI server and you will be OK, but proceed to 6.0 (4) when you see it on the website.
-
450 GB HDD added in ESX Server
Dear Sir.
I installed ESX Server on the DL380 G4 machine with hardware-level RAID0 configuration, now created a machine initially 25 GB drive hard and after the installation of the machine when I want to add 450 GB HARD drive, it gives me error...
screenshot attached referance...
Principle systems engineer
NetSol Technologies
Lahore Cantt Pakistan
54792
In the picture properties of storage that you had posted factors it is button change what options are you in there? You can post a screenshot
Maybe you are looking for
-
Hello Please provide details How can I increase the RAM? And if I can add ssd drive? Thank you
-
When you try to add and remove windows components I get this error. IIS.dll Setup library could not be loaded, or function OcEntry could not be found. code error 0x7e is on a system win 2003
-
Hello, I am running Windows Vista. To restart pc after updating I got an error message saying the ntoskrnl.exe is missing or damaged and should be replaced. Status: 0xc0000098 I tried to re install with disk but cannot get past the splash screen. Hel
-
Bulgarian phonetic keyboard layout
Hello Maybe this question was asked before, but as I wasn't able to find any useful information, I will ask the question once more. Everyone who uses the phonetic BG keyb. put in page noticed that the built-in Vista BG Phon keyb... page layout is dif
-
Cancel printing is not working, get stuck in the process.
Maybe a spooler problem? Help, please. I have a Lexmark, printer scanner.