Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
2
Replies

Tacacs Host

sumeethsiriyur
Level 1
Level 1

‎06-09-2006 05:54 AM - edited ‎03-10-2019 02:37 PM

Hi

Wht really happens when i give 3 tacacs server host address on a AS5300 server.i.e

tacacs host server 10.0.0.1

tacacs host server 10.0.0.2

tacacs host server 10.0.0.3

When a dial-in user dials into the first ACS server,he gets autheticated via the first ACS,at wht point does he get authenticated via the the .2 & .3 ACS server....

Replies highly apprciated.

Thanks

Mark

Labels:
0 Helpful
2 Replies 2

m.sir
Level 7
Level 7

‎06-09-2006 06:31 AM

Router asks first tacacs 10.0.0.1 if doesnt reply in specified time (there is some default value - can be changed with command tacacs-server timeout) than continue to 10.0.0.2 if no response in timeout router goes to 10.0.0.3

M.

Hope that helps rate if it does

0 Helpful

hemendoz
Cisco Employee
Cisco Employee

‎06-30-2006 04:59 AM

Mark,

The user will only be authenticated by one ACS server. If 10.0.0.1 is offline or returns an "error" message, the NAS will proceed to .2, then to .3. However, if .1 returns a authentication fail message, the NAS stops, it will not ask .2 or .3 for authentication.

HTH

0 Helpful
Customers Also Viewed These Support Documents