Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1841
Views
0
Helpful
5
Replies

TACACS Server failover

networker99
Level 1
Level 1

‎10-03-2011 10:27 AM - edited ‎03-10-2019 06:26 PM

We have 3x Cisco ACS servers that we are using for centralised authentication for our switches, routers, etc..  the authentication works when the first server is available, but the devices are not querying the other 2 if the primary is unavailable

aaa authentication login default group tacacs+ local

tacacs-server host 192.168.1.1

tacacs-server host 192.168.1.2

tacacs-server host 192.168.1.3

Can someone please advise?  Thanks in advance!

Labels:
0 Helpful
5 Replies 5

santosh.kotkar
Level 1
Level 1

‎10-03-2011 07:51 PM

Which Cisco ACS version you using ?

0 Helpful

networker99
Level 1
Level 1
In response to santosh.kotkar

‎10-04-2011 08:08 AM

4.1

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to networker99

‎10-04-2011 09:15 AM

Can you verify that the second and third ACS servers do have correct configuration of the routers and switches as authentication clients?

Perhaps running debug aaa authentication when attempting the second and third server and posting the output would help us to find the problem.

HTH

Rick

HTH

Rick
0 Helpful

networker99
Level 1
Level 1
In response to Richard Burts

‎10-04-2011 09:17 AM

The primary is replicating to the other 2 ACS servers so I know the information is correct.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to networker99

‎10-04-2011 09:43 AM

Thanks for the information. Could you post the output of show tacacs and of show aaa server sg tacacs+

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents