12-18-2013 11:59 PM - edited 03-10-2019 09:12 PM
Hi all,
Consider this scenario. A Cisco IOS device authenticates access to its VTYs using two tacacs-servers put in one server group. Normally, as implied in the IOS security docs, the second server is used only if the first one times out.
My quiestion. Is it possible to use both servers in a way, that if user's credentials are not present in the first sever's db, the second server's db is checked as well?
Thanks!
Best regards,
Timofey T.
12-19-2013 05:55 AM
Hi Timofey,
IOS devices will not be able to do so, but if you can tweak the T+ servers to drop the request packet on the "user not found" criteria, then this will be possible.
What Tacacs servers are you using, if you are using ACS 5.x, there is an option.
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed
12-19-2013 07:50 AM
Hi Edward,
Thanks for the reply, it is really helpfull.
I'm using tac_plus, which doesn't have much to offer really.
Regards,
Timofey T.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide