Thanks to all for the participation in resolving my matter.
On Thu, Jun 16, 2011 at 2:04 AM, Mark Senteza <[email protected]>wrote: > Yes, you can do that. > > I usually prefer to configure using server groups e.g. on IOS devices > > aaa group server tacacs+ TACACS-SERVERS > server 192.168.10.49 > server 192.168.20.49 > server 192.168.30.49 > > tacacs-server key ahf89bb8g > > aaa authentication login VTY-LOGIN group TACACS-SERVERS > > Like Kingsley mentioned, the first listed server is tried first, and so on. > So you can tailor the server group to list the local site's ACS server as > the first one, then the remote ones follow. > > I'm assuming that you've got ACS replication set up between your servers > too. > > Mark > > On Wed, Jun 15, 2011 at 3:23 AM, Kingsley Charles < > [email protected]> wrote: > >> With IOS switch and router, the global servers are tried in the order in >> which it is configured. In the given below config, 10.20.30.40 is tried >> first and then 10.77.165.203. >> >> tacacs-server host 10.20.30.40 key cisco >> tacacs-server host 10.20.30.50 key cisco >> >> With ASA, the same rule applies are tried. In the given below config, >> 10.20.30.40 is tried first and then 10.77.165.203. >> >> aaa-server tac protocol tacacs+ >> aaa-server tac (outside) host 10.20.30.40 >> key ****** >> aaa-server tac (outside) host 10.20.30.50 >> key ****** >> >> By doing this, we get the backup solution. >> >> >> With regards >> Kings >> >> On Wed, Jun 15, 2011 at 10:26 AM, ccie2b wannabccie <[email protected] >> > wrote: >> >>> Dears, >>> >>> I have 3 sites and each site is having ACS. they are working locally for >>> their sites. >>> >>> Can i have each 3 sites to have other location ACS servers to act as >>> backup of their primary ACS is not working . >>> >>> I want to know this for all the 3 AAA ? >>> >>> >>> this question is for ROUTERS /SWITCHES/ ASA FIREWALLS ? >>> >>> i know all CISCO ROUTERS / ASA FIREWALLS / SWITCHES L3 would support it >>> , but want to know if i have more than 1 ACS server to act as fallback...for >>> primary ACS. >>> >>> note: I am not asking for a fallback to local daabase, i am asking for >>> tacacs primary and tacacs secondary and tacacs tertiary ! hope i am clear >>> here !!!! >>> >>> >>> >>> I am a regular reader of the forum , but just registered and did my first >>> post !!!! >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
