TACACS IOS configuration

savyer · ‎01-31-2005

Hi all,

What does "tacacs administration" option provide and what are advantages/disadvantages to enable it on router?

Does "tacacs single-connection" have any advantage vs. multiconnection mode?

Thanks in advance

gfullage · ‎01-31-2005

Hmmm, yeah, the documentation on this is sparse to say the least, my apologies. This is configured when the router is used in conjunction with a Resource Pool Manager Server. See:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/rpms/rpms_1-0/rpms_sol/cfg_isp.htm

It allows the RPMS to control resource pool management on the router. T+ is the underlying communication protocol.

As for the "single-connection" option, it tells the router to open a TCP connection to the ACS server and leave it open, and use this same connection to authenticate any further TACACS usernames/passwords. Basically just saves having to open up a new TCP connection for every authentication attempt. You probably wouldn't see any benefits from it unless your server/router were extremely busy. If you configure this on the router, make sure you select the " Single Connect TACACS+ AAA Client (Record stop in accounting on failure)." option under this NAS on the ACS configuration as well.

savyer · ‎02-01-2005

So basically it doesn't make sense to enable tacacs administration option if tacacs is used only to control admin access to the router. Is that correct assumption?

Does single-connection mode induce additional resource tax on ACS server vs. multiple conneciton?

Thanks for your response.