nanog mailing list archives
Re: The state of TACACS+
From: Javier Henderson <javier () kjsl org>
Date: Mon, 30 Dec 2013 19:05:04 -0500
On Dec 30, 2013, at 6:42 PM, Jimmy Hess <mysidia () gmail com> wrote:
How do you feel about having to wait 30 seconds between every command you enter to troubleshoot, to fail to the second server, if the TACACS or RADIUS system is nonresponsive, because the dumb router can't remember which TACACS servers are up and which ones are down, and always tries the first one in the list first? At least RADIUS has the concept of a "dead timer" :)
Are you talking about Cisco routers? The default timeout value for TACACS+ is five seconds, so I’m not sure where you’re coming up with thirty seconds, unless you have seven servers listed on the router and the first six are dead/unreachable. -jav
Current thread:
- The state of TACACS+ Robert Drake (Dec 30)
- Re: The state of TACACS+ Jonathan Lassoff (Dec 30)
- Re: The state of TACACS+ Saku Ytti (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Saku Ytti (Dec 30)
- Re: The state of TACACS+ cb.list6 (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Christian Kratzer (Dec 30)
- Re: The state of TACACS+ Javier Henderson (Dec 30)
- Re: The state of TACACS+ Jimmy Hess (Dec 30)
- Re: The state of TACACS+ Javier Henderson (Dec 30)
- Re: The state of TACACS+ Jimmy Hess (Dec 30)