Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
2
Replies

Tacacs Host

sumeethsiriyur
Beginner
Beginner

‎06-09-2006 05:54 AM - edited ‎03-10-2019 02:37 PM

Hi

Wht really happens when i give 3 tacacs server host address on a AS5300 server.i.e

tacacs host server 10.0.0.1

tacacs host server 10.0.0.2

tacacs host server 10.0.0.3

When a dial-in user dials into the first ACS server,he gets autheticated via the first ACS,at wht point does he get authenticated via the the .2 & .3 ACS server....

Replies highly apprciated.

Thanks

Mark

Labels:
0 Helpful
2 Replies 2

m.sir
Rising star
Rising star

‎06-09-2006 06:31 AM

Router asks first tacacs 10.0.0.1 if doesnt reply in specified time (there is some default value - can be changed with command tacacs-server timeout) than continue to 10.0.0.2 if no response in timeout router goes to 10.0.0.3

M.

Hope that helps rate if it does

0 Helpful

hemendoz
Cisco Employee
Cisco Employee

‎06-30-2006 04:59 AM

Mark,

The user will only be authenticated by one ACS server. If 10.0.0.1 is offline or returns an "error" message, the NAS will proceed to .2, then to .3. However, if .1 returns a authentication fail message, the NAS stops, it will not ask .2 or .3 for authentication.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents