06-28-2002 02:29 PM - edited 03-08-2019 11:14 PM
I have one CiscoSecure as my primary access server and a second CiscoSecure access server set up as a backup server over the WAN .
can my router point to the secondary tacacs for authenication ?
or it can only point to the primary server and if the primary server fail then it will switch to the secondary for authenication.
06-28-2002 02:29 PM
You can have the router pointed to both servers. As long as your database is synchronized, pointing router to either server as primary should work just fine.
06-29-2002 03:02 PM
adding further to the post.
You can setup anyway you like, as long as the router poitns the tacacs ip address to your secondary, then it will only direct all requests there, if you point to both, then it will only use the secondary if the primary server FAILS. Another way of doing this is, on the router, you only specifiy your Primary ACS, but on ACS, you proxy all the requests to the secondary ACS. etc. OR you can do replication on ACS, this way, both ACS are synced and databases are same.
HTH
R/Yusuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide