Filter
Top Products
2-13
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Deploying ACS Servers to Support Server Failover
only create an 80-percent load on the other ACS for the duration of the outage. If the WAN is not suitable
for authentication connections, we recommend using two or more ACSs on the LAN in a primary or
secondary mode or load balanced.
Determining How Many ACS Servers to Deploy in Wireless Networks
In planning how many ACS servers to deploy in a wireless network, consider:
• The location and number of access points. For example, with 4,200 APs:
–
One ACS could handle half of the APs as primary server.
–
Other ACSs could handle the remaining APs.
• The number of EAP-TLS clients together with EAP-TLS authentications per second
• The number of clients
• Scalability with different protocols
For example, if you use EAP-TLS, you will need more ACS servers; but, if you use PEAP, you will
need fewer. EAP-TLS is slower than PEAP due to public-key infrastructure (PKI) processing time.
For a detailed formula that you can be use to calculate the number of ACS servers required in a wireless
network, see the white paper titled Deploying Cisco Secure ACS for Windows in an Aironet Environment,
available on Cisco.com at:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_white_papers_list.html
Deploying ACS Servers to Support Server Failover
This section discusses deployment topologies for implementing server failover. This section contains:
• Load Balancing and Failover, page 2-13
• Database Replication Considerations, page 2-13
• Database Synchronization Considerations, page 2-14
Load Balancing and Failover
To implement load balancing, you can set up user groups and then assign groups to a specific
RADIUS server (usually the nearest RADIUS server).
Database Replication Considerations
Database replication replicates selected database information, such as user and group information, from
a primary ACS to one or more ACS backups or clients. The following aspects of replication are
configurable with ACS:
• Configuration components for replication—What is replicated.
• Replication scheduling—When replication occurs.
• Replication frequency—How often systems are replicated.
• Replication partners—Which systems are replicated.