Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
1
Replies

ACE - TACACS+ probe

Go to solution
lpl
Level 1
Level 1

‎03-16-2012 07:42 AM

Hi all,

Small question about load-balancing TACACS+ server:

In the ACE IOS, there is a preconfigured probe for RADIUS servers, however there isn't any for TACACS+ server.

Does anyone have a TCL script to check the TACACS+ service?

Note: if you configure ACE authentication method with TACACS+, you can have the ACE to send probe access-request packets to verify that the TACACS+ server is available. it means that the ACE natively knows how to probe a TACACS+ server... Why is the TACACS+ probe is not natively available in the ACE IOS then?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrhiggi
Level 3
Level 3

‎04-13-2012 04:18 PM

Hello Louis-

   ACE is linux, so there are built in modules already present to handle the internal workings of TACACS.  Scripted probes are written in TCL, and there has not been any significant drive to add in any furthur base TCL probes as of yet.

   The complexity of a TACACS probe is the authentication for the handshake.  ASCII and PAP would not be too bad, but most people utilize CHAP/MS-CHAP for security reasons. You would have to hand-code something to handle the raw data on the socket turning into meaninful information, then reacting and flushing the correct information back to the server.

Regards,

Chris Higgins

View solution in original post

0 Helpful
1 Reply 1

Go to solution
chrhiggi
Level 3
Level 3

‎04-13-2012 04:18 PM

Hello Louis-

   ACE is linux, so there are built in modules already present to handle the internal workings of TACACS.  Scripted probes are written in TCL, and there has not been any significant drive to add in any furthur base TCL probes as of yet.

   The complexity of a TACACS probe is the authentication for the handshake.  ASCII and PAP would not be too bad, but most people utilize CHAP/MS-CHAP for security reasons. You would have to hand-code something to handle the raw data on the socket turning into meaninful information, then reacting and flushing the correct information back to the server.

Regards,

Chris Higgins

0 Helpful
Customers Also Viewed These Support Documents