Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tacacs-server host

Hello,

I would like to have more than one tacacs-server host commands in my config.

I'm wondering how the router will parse the server - in a round-robin fashion, it will go to the next server only if the first one is out of service and so on ... so far I haven't found anything in the docs.

Thank you,

Mihai Iancu

4 REPLIES
Silver

Re: tacacs-server host

no the tacacs server that is listed first will act as you primary , the second server listed in the config will be the backup, If the first server is unavail the router will contact the 2nd sever , after the tacacs-server timeout period expires , I think it is 1 munute by default , I would recommend lowering that parameter.

Cisco Employee

Re: tacacs-server host

That is correct. When you configure multiple TACACS servers, a connection is attempted to the first server (order in which they have been entered) and if it doesn't respond the next one is used.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Re: tacacs-server host

If you have multiple authentication server groupings you want to use also, you can use "aaa group server" to help organize a bit...

New Member

Re: tacacs-server host

what if the failed primary server comes back online?

will IOS still uses secondary server?

how IOS tests whether the primary server is back online?

or

will it comes back only after the secondary server fails and the primary is available?

356
Views
5
Helpful
4
Replies
CreatePlease login to create content