04-01-2019 05:41 AM
I have aaa configured with authentication, authorization, and accounting. When I make a change that affects connectivity to the AAA server, I can still add commands to the device. However, there is a significant wait time between executing commands. If I remove aaa accounting, then I can continue to enter commands as normal. Is there a command to decrease the wait time such as a timeout?
Thanks in advance!
04-01-2019 06:35 AM
Dear,
you can try to use the following command:
tacacs-server timeout <seconds>
04-01-2019 02:40 PM
Each accounting packet requires an ACK from the AAA server. I suppose you don't have command authorization enabled or else the whole thing would grind to a halt ;-)
Do you have more than one AAA server defined in a Group perhaps? I would have thought having an alternative AAA server would resolve that while Primary server was in maintenance.
04-02-2019 01:58 PM
Authorization works because the backup is local. The issue is that the accounting does not have a local backup. So, if the accounting server is not reachable on the network, each command entry will wait for the timeout period (I'm guessing). Should I set the timeout to two seconds?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide