We have Existing tacacs configuration form our devices and pointed the 2 ACS server. the acs server are manage with other vendor which the acs server is located at their site. Now were planning to manage the acs server. We Installed a new acs server from our location, we have thousand of devices, if we migrate to the new server can we just add the 2 acs server from the device? are the new acs server will able to comunicate from the device? how does a device select which primary or secondary acs server? please advise.
aaa authentication login vtymethod group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 0 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
Thanks for the resposnse appricate it, so you mean to say it is like a round robin depending on the running conifig of the device which is the first configure tacacs-server host?
The two old acs server will be decommision as soon as the new acs are operational, so grouping it might not be best approach as we dont want to add another configuration on the device as were looking thousand of device.
Thanks for the prompt response. its all clear now, we will just ad the new servers from the config and when it is operational and ready for deployment, will remove the old acs server configured from the device.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :