Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
1
Replies

AAA authentication

Go to solution
jahasrahman
Level 1
Level 1

‎11-28-2016 10:14 PM - edited ‎03-11-2019 12:15 AM

Hi 

I have the following commands configured on my switches

aaa new-model
aaa authentication login default group tacacs+ enable
aaa accounting commands 15 default stop-only group tacacs+
aaa session-id common
tacacs-server host 1.1.1.1 key 7 0532091A0C595D1D3B00351D190900
tacacs-server host 2.2.2.2 key 7 0532091A0C595D1D3B00351D190900
tacacs-server directed-request

I need to know when does the TACACS server host failback to the 2.2.2.2 IP. The request goes only to the 1.1.1.1, and if the authentication fails, it won't let you in. Please tell me how the sequence of servers work.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎11-29-2016 10:43 AM

Hello Jahas-

The TACACS/AAA servers are processed in a top-down fashion. Thus, the network device in your example will always use 1.1.1.1 unless it becomes unavailable. If the 1.1.1.1 becomes unavailable then the network device will start using 2.2.2.2. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎11-29-2016 10:43 AM

Hello Jahas-

The TACACS/AAA servers are processed in a top-down fashion. Thus, the network device in your example will always use 1.1.1.1 unless it becomes unavailable. If the 1.1.1.1 becomes unavailable then the network device will start using 2.2.2.2. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents