Yes, you can do that. I usually prefer to configure using server groups e.g. on IOS devices
aaa group server tacacs+ TACACS-SERVERS server 192.168.10.49 server 192.168.20.49 server 192.168.30.49 tacacs-server key ahf89bb8g aaa authentication login VTY-LOGIN group TACACS-SERVERS Like Kingsley mentioned, the first listed server is tried first, and so on. So you can tailor the server group to list the local site's ACS server as the first one, then the remote ones follow. I'm assuming that you've got ACS replication set up between your servers too. Mark On Wed, Jun 15, 2011 at 3:23 AM, Kingsley Charles < [email protected]> wrote: > With IOS switch and router, the global servers are tried in the order in > which it is configured. In the given below config, 10.20.30.40 is tried > first and then 10.77.165.203. > > tacacs-server host 10.20.30.40 key cisco > tacacs-server host 10.20.30.50 key cisco > > With ASA, the same rule applies are tried. In the given below config, > 10.20.30.40 is tried first and then 10.77.165.203. > > aaa-server tac protocol tacacs+ > aaa-server tac (outside) host 10.20.30.40 > key ****** > aaa-server tac (outside) host 10.20.30.50 > key ****** > > By doing this, we get the backup solution. > > > With regards > Kings > > On Wed, Jun 15, 2011 at 10:26 AM, ccie2b wannabccie > <[email protected]>wrote: > >> Dears, >> >> I have 3 sites and each site is having ACS. they are working locally for >> their sites. >> >> Can i have each 3 sites to have other location ACS servers to act as >> backup of their primary ACS is not working . >> >> I want to know this for all the 3 AAA ? >> >> >> this question is for ROUTERS /SWITCHES/ ASA FIREWALLS ? >> >> i know all CISCO ROUTERS / ASA FIREWALLS / SWITCHES L3 would support it , >> but want to know if i have more than 1 ACS server to act as fallback...for >> primary ACS. >> >> note: I am not asking for a fallback to local daabase, i am asking for >> tacacs primary and tacacs secondary and tacacs tertiary ! hope i am clear >> here !!!! >> >> >> >> I am a regular reader of the forum , but just registered and did my first >> post !!!! >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
