[tac_plus] tacacs+ redundancy
Andy Saykao
asaykao at gmail.com
Tue Dec 15 04:01:23 UTC 2009
I understand you can configure a aaa group so that if the first
tac_plus server fails to respond, it moves onto the second server.
aaa group server tacacs+ TacPlusServers
server 1.2.3.4
server 1.2.3.5
!
tacacs-server host 1.2.3.4
tacacs-server host 1.2.3.5
Is there any mechanism/configuration possible where the cisco device
marks the first server as being dead/unresponsive and uses the second
server instead until such times as the first server is online again?
It seems that when the first server dies, you have to wait for the
timeout period to expire before trying the second server. Would
certainly be more speedy if there was a way that the IOS could mark
the first server as being dead and re-try it at a later time while in
the mean time logging/auth-ing everything to the second server.
Thanks.
Andy
More information about the tac_plus
mailing list