10-03-2011 10:27 AM - edited 03-10-2019 06:26 PM
We have 3x Cisco ACS servers that we are using for centralised authentication for our switches, routers, etc.. the authentication works when the first server is available, but the devices are not querying the other 2 if the primary is unavailable
aaa authentication login default group tacacs+ local
tacacs-server host 192.168.1.1
tacacs-server host 192.168.1.2
tacacs-server host 192.168.1.3
Can someone please advise? Thanks in advance!
10-03-2011 07:51 PM
Which Cisco ACS version you using ?
10-04-2011 08:08 AM
4.1
10-04-2011 09:15 AM
Can you verify that the second and third ACS servers do have correct configuration of the routers and switches as authentication clients?
Perhaps running debug aaa authentication when attempting the second and third server and posting the output would help us to find the problem.
HTH
Rick
10-04-2011 09:17 AM
The primary is replicating to the other 2 ACS servers so I know the information is correct.
10-04-2011 09:43 AM
Thanks for the information. Could you post the output of show tacacs and of show aaa server sg tacacs+
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide