06-09-2006 05:54 AM - edited 03-10-2019 02:37 PM
Hi
Wht really happens when i give 3 tacacs server host address on a AS5300 server.i.e
tacacs host server 10.0.0.1
tacacs host server 10.0.0.2
tacacs host server 10.0.0.3
When a dial-in user dials into the first ACS server,he gets autheticated via the first ACS,at wht point does he get authenticated via the the .2 & .3 ACS server....
Replies highly apprciated.
Thanks
Mark
06-09-2006 06:31 AM
Router asks first tacacs 10.0.0.1 if doesnt reply in specified time (there is some default value - can be changed with command tacacs-server timeout) than continue to 10.0.0.2 if no response in timeout router goes to 10.0.0.3
M.
Hope that helps rate if it does
06-30-2006 04:59 AM
Mark,
The user will only be authenticated by one ACS server. If 10.0.0.1 is offline or returns an "error" message, the NAS will proceed to .2, then to .3. However, if .1 returns a authentication fail message, the NAS stops, it will not ask .2 or .3 for authentication.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide