Identifying The Tacacs+ Server Host On The Gss - Cisco GSS-4492R-K9 Administration Manual

Administration guide
Table of Contents

Advertisement

Chapter 4
Managing GSS User Accounts Through a TACACS+ Server

Identifying the TACACS+ Server Host on the GSS

Identifying the TACACS+ Server Host on the GSS
The TACACS+ server contains the TACACS+ authentication, authorization, and
accounting relational databases. You can designate a maximum of three servers
on the GSS. However, the GSS uses only one server at a time. For recommended
guidelines on setting up a TACACS+ server (the Cisco Secure ACS in this
example), see the
"Configuring a TACACS+ Server for Use with the GSS"
section.
Use the tacacs-server host command to set up a list of preferred TACACS+
security daemons for use with the GSS. The TACACS+ software searches for the
server hosts in the order that you specify through the tacacs-server host
command.
The GSS periodically queries all configured TACACS+ servers with a TCP
keepalive to ensure network connectivity and TACACS+ application operation. If
the GSS determines that the first TACACS server is down, the GSS attempts to
connect to the next server in the list of configured TACACS+ servers as the
backup server. If a second (or third) TACACS+ server is available for use, the GSS
selects that server as the active TACACS+ server.
The GSS uses TCP keepalives as the default to monitor connectivity with the
Note
active TACACS+ server. As a secondary measure, if the TCP keepalives fail, or if
you disable the use of keepalives, you can use the tacacs-server timeout
command to define a global TACACS+ timeout period that the GSS uses to wait
for a response to a connection attempt from a TACACS+ server. The timeout value
applies to all defined TACACS+ servers. See the
"Specifying the TACACS+
Server Timeout on the GSS"
section for details
Use the tacacs-server host command to specify the names of the IP host or hosts
maintaining the TACACS+ server. You must provide the IP address or hostname
for the server. By default, the GSS uses TCP port 49 to communicate with the
TACACS+ server. You can optionally change the TCP port number to a different
port number. To maintain security between the GSS and the TACACS+ server, you
can also specify an encryption key.
Cisco Global Site Selector Administration Guide
4-19
OL-10410-01

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents