Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

consecutive authorization with several tacacs-servers

Hi all,

Consider this scenario. A Cisco IOS device authenticates access to its VTYs using two tacacs-servers put in one server group. Normally, as implied in the IOS security docs, the second server is used only if the first one times out.

My quiestion. Is it possible to use both servers in a way, that if user's credentials are not present in the first sever's db, the second server's db is checked as well?

Thanks!

Best regards,

Timofey T.

Everyone's tags (4)
2 REPLIES
Silver

consecutive authorization with several tacacs-servers

Hi Timofey,

IOS devices will not be able to do so, but if you can tweak the T+ servers to drop the request packet on the "user not found" criteria, then this will be possible.

What Tacacs servers are you using, if you are using ACS 5.x, there is an option.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
New Member

consecutive authorization with several tacacs-servers

Hi Edward,

Thanks for the reply, it is really helpfull.

I'm using tac_plus, which doesn't have much to offer really.

Regards,

Timofey T.

205
Views
5
Helpful
2
Replies