Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
5
Helpful
2
Replies

consecutive authorization with several tacacs-servers

timofeytsitsilin
Level 1
Level 1

‎12-18-2013 11:59 PM - edited ‎03-10-2019 09:12 PM

Hi all,

Consider this scenario. A Cisco IOS device authenticates access to its VTYs using two tacacs-servers put in one server group. Normally, as implied in the IOS security docs, the second server is used only if the first one times out.

My quiestion. Is it possible to use both servers in a way, that if user's credentials are not present in the first sever's db, the second server's db is checked as well?

Thanks!

Best regards,

Timofey T.

Labels:
0 Helpful
2 Replies 2

edwjames
Level 3
Level 3

‎12-19-2013 05:55 AM

Hi Timofey,

IOS devices will not be able to do so, but if you can tweak the T+ servers to drop the request packet on the "user not found" criteria, then this will be possible.

What Tacacs servers are you using, if you are using ACS 5.x, there is an option.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

timofeytsitsilin
Level 1
Level 1
In response to edwjames

‎12-19-2013 07:50 AM

Hi Edward,

Thanks for the reply, it is really helpfull.

I'm using tac_plus, which doesn't have much to offer really.

Regards,

Timofey T.

0 Helpful
Customers Also Viewed These Support Documents