Which of the following statements is true regarding a split ACS deployment? (Select the best answer.)
- Cisco recommends using a dedicated log collector instead of the primary or secondary server.
- The split configuration has the drawback of making an administrator less aware of the functional status of each server.
- The AAA load is divided between the primary and secondary servers, which produces a lessthanoptimal AAA flow.
- The primary and secondary servers can be used for different, specialized operations such as network admission and device administration.
In a split Cisco Secure Access Control System (ACS) deployment, the primary and secondary servers can be used for different, specialized operations such as network admission and device administration. ACS is an Authentication, Authorization, and Accounting (AAA) server that uses Remote Authentication DialIn User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) to provide AAA services for users, hosts, and network infrastructure devices such as switches and routers. An ACS deployment typically consists of a cluster containing a primary server and one or more secondary servers. In a split ACS deployment, the AAA load is distributed between the primary and secondary server. This distribution provides a more optimal AAA flow than a traditional smallscale deployment in which the secondary server functions only as a backup if the primary server fails.
The split ACS deployment offers a few other advantages over a traditional smallscale deployment. For example, an administrator will be more aware of the status of the primary and secondary servers because they are both operational in a split ACS deployment. By contrast, in a traditional smallscale deployment, an administrator will be less aware of the status of the secondary server because it is not actively involved in the AAA process. In addition, because both servers are active, each server can be dedicated to a specialized operation. For example, the primary server could be dedicated to device administration operations and the secondary server could be dedicated to network admission operations. If either server fails, the remaining server could take over the full load of AAA operations until the failed server is restored.