03-30-2023 03:49 AM
Hi,
I'm a bit confused on the matching order of multiple server-private A.B.C.D commands in the following:
aaa group server tacacs+ acs
server-private 10.1.1.1 key 123456
server-private 10.1.1.2 key 123456
server-private 10.1.1.3 key 123456
Solved! Go to Solution.
03-30-2023 03:52 AM
matching order depend on config order, which one you enter first will check first ...etc.
03-30-2023 03:52 AM
matching order depend on config order, which one you enter first will check first ...etc.
03-30-2023 04:00 AM
Thanks for your help.
Is there any documents or URL Links?
03-30-2023 04:10 AM
cisco doc.
The RADIUS host entries are tried in the order in which they are configured
RADIUS Configuration Guide - AAA Server Groups [Cisco Cloud Services Router 1000V Series] - Cisco
03-30-2023 04:27 AM
First before you use correct Syntax based on the Code and Device
post below information to address correctly your issue.
1. what is the device model ?
2. what IOS Code running ?
3. what is the Full config related to AAA ? and what is the issue you encountering?
4. what TACACS or RADIUS you have ISE or any other 3rd party ?
03-30-2023 04:42 AM
When you configure multiple server-private A.B.C.D commands in a Cisco device, the device will attempt to authenticate with the servers in the order they are listed.
In your example, the device will first attempt to authenticate with the TACACS+ server at 10.1.1.1 using the key "123456". If that server is unavailable or does not respond, the device will move on to the next server listed, 10.1.1.2, and attempt authentication with that server using the same key.
If 10.1.1.2 is also unavailable or does not respond, the device will move on to the next server listed, 10.1.1.3, and attempt authentication with that server using the same key. If none of the servers are available, the device will not be able to authenticate with the TACACS+ server.
It's worth noting that the order of the servers in the list can be important, depending on your network topology and the specific requirements of your network. For example, if 10.1.1.1 is located in a different data center or geographic region than the other servers, you may want to list it first in order to minimize latency and improve performance.
03-30-2023 06:28 AM
Thank you very much. It's very clear
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide