02-01-2010 11:18 AM - edited 03-10-2019 04:55 PM
Hi,
In a router, if you configure tacacs-server host tacacs-1 tacacs-2, this is how you set up ACS redundancy. My question is, how does router check the pulse of each tacacs server? By ping or some other keepalive mechanism? What does this command really do behind the scene?
What happen in our environment is that tacacs-1 services within Windows keep on stopping by itself. We can't authenticate and the tacacs service does not fail over to tacacs-2.
Solved! Go to Solution.
02-02-2010 08:41 AM
Hi Ganesh.H,
Thanks for the reply. Looking at the command documentation, it states:
"If the command is not configured, the timeout interval is 5 seconds."
So it is default configured regardless I enter this command or not. However, this command does not work as TACACS service does not fail over. Any other idea?
Kevin,
This command is not default configured in cisco swithces the default parameter is 5 sec if you configure tacas server timeout only without sepcifying the time in sec.
HTH
Ganesh.H
02-01-2010 11:06 PM
Hi,
In a router, if you configure tacacs-server host tacacs-1 tacacs-2, this is how you set up ACS redundancy. My question is, how does router check the pulse of each tacacs server? By ping or some other keepalive mechanism? What does this command really do behind the scene?
What happen in our environment is that tacacs-1 services within Windows keep on stopping by itself. We can't authenticate and the tacacs service does not fail over to tacacs-2.
Hi,
Actually the configuration is not like this for redundacy of tacas server in cisco switches,it should be like this in below sample :-
tacacs-server host 10.1.X.X - Primary
tacacs-server host 10.2.X.X - Secondary
TACACS+ is a method of information exchange between a device that provides network access tousers (the "TACACS+ client") and a device that contains authentication information for those users (the "TACACS+ server"). TACACS+ is based on AAA model: Authentication, authorization and
accounting and for your query Genrally a TACACS+ client and TACACS+ server communicate by means of TACACS+ packets sent over TCP/IP networks. TACACS+ packets are formatted using conventions outlined in The TACACS+ Protocol Version 1.78.
Hope that clear out your query !!
If helpful do rate the post
Ganesh.H
02-02-2010 07:30 AM
Thanks. But it still does not answer my question.
Basically, ACS is installed on Windows. Often the TACACS service is hung but Windows server itself is working. The redundancy command on the router does not fail over to the second TACACS server because the Windows server is working. How do I solve this issue?
Thanks.
02-02-2010 08:24 AM
Thanks. But it still does not answer my question.
Basically, ACS is installed on Windows. Often the TACACS service is hung but Windows server itself is working. The redundancy command on the router does not fail over to the second TACACS server because the Windows server is working. How do I solve this issue?
Thanks.
Hi,
To set the interval that the server waits for a server host to reply, use the tacacs-server timeout sec global configuration command in cisco switches.
seconds | Integer that specifies the timeout interval in seconds (between 1 and 300). The default is 5 seconds. |
Hope that help !!
If helpful do rate the post
Ganesh.H
02-02-2010 08:34 AM
Hi Ganesh.H,
Thanks for the reply. Looking at the command documentation, it states:
"If the command is not configured, the timeout interval is 5 seconds."
So it is default configured regardless I enter this command or not. However, this command does not work as TACACS service does not fail over. Any other idea?
02-02-2010 08:41 AM
Hi Ganesh.H,
Thanks for the reply. Looking at the command documentation, it states:
"If the command is not configured, the timeout interval is 5 seconds."
So it is default configured regardless I enter this command or not. However, this command does not work as TACACS service does not fail over. Any other idea?
Kevin,
This command is not default configured in cisco swithces the default parameter is 5 sec if you configure tacas server timeout only without sepcifying the time in sec.
HTH
Ganesh.H
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: