Hi, About question No. 2, if you configure authentication order [tacplus password] you will be authenticated locally if tacplus is reachable and doesn't authenticate...in case you configure authentication order as [tacplus], you will only be authenticated locally if the tacplus server is not reachable... ThanksAbdullah Baheer
--- On Mon, 9/24/12, hani ibrahim <[email protected]> wrote: From: hani ibrahim <[email protected]> Subject: [j-nsp] How to configure two Tacacs servers with different keys in the same router ? To: [email protected] Date: Monday, September 24, 2012, 6:01 PM Dear All, Kindly, appreciate you help , i tired to configure two different tacacs servers on the same routes but i observed the below : 1- the first configured server is authenticating , but the 2nd one is not ? so is it possible to authenticate using both servers ? 2- i can authenticate locally + tacacs although I'm configuring authentication-order [tacplus password] ? so why ? config sample : tacplus-server { 10.10.10.1 {=========================================>this server is authenticating first port 49; secret "$898%&asdertynkll*&8778%^"; ## SECRET-DATA timeout 10; single-connection; source-address 11.11.11.1; } 20.20.20.1 {========================================> this one is not authenticating port 49 secret "$9$-vdY46tyh890dr%%@3df"; ## SECRET-DATA timeout 10; source-address 21.21.21.1; } user admin {=========================================>this user is used for both servers on the router uid 2010; class super-user; BR, Hany _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
