PrepAway - Latest Free Exam Questions & Answers

Which of the following statements is true regarding a s…

Which of the following statements is true regarding a split ACS deployment? (Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
Cisco recommends using a dedicated log collector instead of the primary or secondary server.

B.
The split configuration has the drawback of making an administrator less aware of the functional status of
each server.

C.
The AAA load is divided between the primary and secondary servers, which produces a lessthanoptimal
AAA flow.

D.
The primary and secondary servers can be used for different, specialized operations such as network
admission and device administration.

Explanation:
In a split Cisco Secure Access Control System (ACS) deployment, the primary and secondary servers can be
used for different, specialized operations such as network admission and device administration. ACS is an
Authentication, Authorization, and Accounting (AAA) server that uses Remote Authentication DialIn User
Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) to provide AAA
services for users, hosts, and network infrastructure devices such as switches and routers. An ACS deployment
typically consists of a cluster containing a primary server and one or more secondary servers. In a split ACS
deployment, the AAA load is distributed between the primary and secondary server. This distribution provides a
more optimal AAA flow than a traditional smallscale deployment in which the secondary server functions only as
a backup if the primary server fails.
The split ACS deployment offers a few other advantages over a traditional smallscale deployment. For
example, an administrator will be more aware of the status of the primary and secondary servers because they
are both operational in a split ACS deployment. By contrast, in a traditional smallscale deployment, an
administrator will be less aware of the status of the secondary server because it is not actively involved in the
AAA process. In addition, because both servers are active, each server can be dedicated to a specialized
operation. For example, the primary server could be dedicated to device administration operations and the
secondary server could be dedicated to network admission operations. If either server fails, the remaining
server could take over the full load of AAA operations until the failed server is restored.

Cisco: Understanding the ACS Server Deployment: Split ACS Deployment (PDF)


Leave a Reply