06-21-2024 12:20 PM
Hello!
I am curious if I'm configuring TACACS like this
tacacs-server host 192.168.10.11
tacacs-server host 192.168.10.12
Will it be load balanced?
Will it prioritize in order?
Thanks!
Solved! Go to Solution.
06-21-2024 02:01 PM
Hello @bakaholic39
TACACS+ configuration on most devices does not inherently support load balancing in the sense of distributing requests evenly across multiple servers. The typical behavior is failover, not load balancing. Thus, the second server acts as a backup rather than sharing the load with the first server.
06-21-2024 12:36 PM
tacacs-server host 192.168.10.11
tacacs-server host 192.168.10.12
Will it prioritize in order? - this is first one order, if that fails then second.
If you like to LB, then you need to use LoadBalancer.
06-21-2024 12:37 PM
Hi,
Priority based. It will try .11, if not available, it will try .12
HTH
06-21-2024 02:01 PM
Hello @bakaholic39
TACACS+ configuration on most devices does not inherently support load balancing in the sense of distributing requests evenly across multiple servers. The typical behavior is failover, not load balancing. Thus, the second server acts as a backup rather than sharing the load with the first server.
06-21-2024 08:21 PM
hi,
just be mindful, in 'newer' IOS-XE these commands are no longer supported.
these are now configured under 'aaa group server'
aaa new-model
aaa group server tacacs+ <TACACS GROUP NAME>
server-private <TACACS HOST IP 1> key <TACACS KEY>
server-private <TACACS HOST IP 2> key <TACACS KEY>
06-22-2024 05:00 AM
if you use ISE then you can easily load balance
https://community.cisco.com/t5/security-blogs/how-to-tacacs-failover-with-f5-big-ip-virtual-servers/ba-p/3796384
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide