[tac_plus] Create TACACS server hierarchy?

Aaron Wasserott aaron.wasserott at viawest.com
Thu Mar 6 23:05:23 UTC 2014


Is there a way to create a TACACS server hierarchy? For example, point a network device at tacacs server B, if the user does not exist there, then forward request to tacacs server A to complete? Ideally with server B handling all of the communication, such that a network device only needs to be configured for server B for AAA.

This is for a lab situation, where I would like people who don't normally have network device access to be able to manage their own devices. I would point all my lab network devices to a lab tacacs server, and if they were not granted additional permissions in the lab, it would fail-back to the level of auth they would normally have (ie, none).


More information about the tac_plus mailing list