tacacs-server host

m.iancu · ‎01-16-2004

Hello,

I would like to have more than one tacacs-server host commands in my config.

I'm wondering how the router will parse the server - in a round-robin fashion, it will go to the next server only if the first one is out of service and so on ... so far I haven't found anything in the docs.

Thank you,

Mihai Iancu

deilert · ‎01-16-2004

no the tacacs server that is listed first will act as you primary , the second server listed in the config will be the backup, If the first server is unavail the router will contact the 2nd sever , after the tacacs-server timeout period expires , I think it is 1 munute by default , I would recommend lowering that parameter.

Harold Ritter · ‎01-16-2004

That is correct. When you configure multiple TACACS servers, a connection is attempted to the first server (order in which they have been entered) and if it doesn't respond the next one is used.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Craig Norborg · ‎01-16-2004

If you have multiple authentication server groupings you want to use also, you can use "aaa group server" to help organize a bit...

manojkreddy · ‎01-29-2004

what if the failed primary server comes back online?

will IOS still uses secondary server?

how IOS tests whether the primary server is back online?

or

will it comes back only after the secondary server fails and the primary is available?