cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
180
Views
0
Helpful
2
Replies

TACACS+ question

netops01
Level 1
Level 1

I am setting up a secure dial in system using CiscoSecure ACS for NT. We will be using TACACS+ and secure id tokens.

I know I can define multiple TACACS servers on the NAS (2600) but if the first server defined fails the user request, will the second TACACS server then be queried? I think if the first fails then the connection is dropped but I cant seem to confirm this.

Anybody out there know the answer?

2 Replies 2

mljohnson
Level 4
Level 4

There are two issues really; whether the first server doesn't respond at all, in which case the NAS will automatically try the next host after the timeout; and whether the first server does reply but with a FAIL, in which case the user is dropped. In other words, the second server is used as a backup and not as an additional authentication attempt.

mzvv6m
Level 1
Level 1

If the first server fails, i.e. rejects the request you are done, it only looks to the secon d server if the first server fails to respond at all.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: