I have implemented a Cisco Secure ACS with TACACS protocol. We have network connectivity issues and whenever that happens TACACS fallsback to local database. Is there any way to enable capturing of the commands executed when ACS go offline.May be when ACS comes back those commands(accounting) can be send to it by the device itself.
My requirement may seem wierd. But I strongly beleive everything is possible with Cisco :)
What you are asking for is to have the IOS T+ client cache the commands and then forward them to the ACS once the T+ client can once again communicate with ACS. Yes? Per IOS T+ controls, no, this is not available. The T+ connection will fail and fall back to either another T+ server or stop sending accounting records.
The only solution here is to have two ACS servers online and have the T+ fall back to the secondary ACS in the event of loss of connection to the primary. Then, have both ACSes forward the accounting records to a third server, either ACS or syslog. This assumes, of course, that the T+ client doesn't lose connectivity to both ACSes.