Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS+ question

I am setting up a secure dial in system using CiscoSecure ACS for NT. We will be using TACACS+ and secure id tokens.

I know I can define multiple TACACS servers on the NAS (2600) but if the first server defined fails the user request, will the second TACACS server then be queried? I think if the first fails then the connection is dropped but I cant seem to confirm this.

Anybody out there know the answer?

2 REPLIES
Bronze

Re: TACACS+ question

There are two issues really; whether the first server doesn't respond at all, in which case the NAS will automatically try the next host after the timeout; and whether the first server does reply but with a FAIL, in which case the user is dropped. In other words, the second server is used as a backup and not as an additional authentication attempt.

New Member

Re: TACACS+ question

If the first server fails, i.e. rejects the request you are done, it only looks to the secon d server if the first server fails to respond at all.

89
Views
0
Helpful
2
Replies
CreatePlease login to create content