[tac_plus] Re: tacacs+ redundancy
Schmidt, Daniel
dan.schmidt at uplinkdata.com
Tue Dec 15 15:41:31 UTC 2009
tacacs-server timeout
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Andy Saykao
Sent: Monday, December 14, 2009 9:01 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] tacacs+ redundancy
I understand you can configure a aaa group so that if the first
tac_plus server fails to respond, it moves onto the second server.
aaa group server tacacs+ TacPlusServers
server 1.2.3.4
server 1.2.3.5
!
tacacs-server host 1.2.3.4
tacacs-server host 1.2.3.5
Is there any mechanism/configuration possible where the cisco device
marks the first server as being dead/unresponsive and uses the second
server instead until such times as the first server is online again?
It seems that when the first server dies, you have to wait for the
timeout period to expire before trying the second server. Would
certainly be more speedy if there was a way that the IOS could mark
the first server as being dead and re-try it at a later time while in
the mean time logging/auth-ing everything to the second server.
Thanks.
Andy
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list