tacacs-server monitor

Description                                                    Check the status of TACACS+ servers.

Syntax                                                                  [no] tacacs-server monitor [interval seconds




Frequency (in seconds) that you want the ACOS device to check the status of the TACACS+ server. You can specify 1 - 120 seconds.

Default                                                                Status checking of the TACACS+ server is not enabled. When enabled, the default interval is 60 seconds.

Mode                                                                   Global configuration

Usage                                                                  When TACACS+ server monitoring is configured, the ACOS device sends a TACACS+ monitor request, which contains the user name and password to the server in order to log into the device and check if the server is available. If it is, then the last_available_timestamp will be updated with current time.

     If a user login authentication request arrives at the ACOS device, then ACOS will send the request to the TACACS+ server that has the most recent last_available_timestamp value.

     If the user’s login attempt is successful, then timestamp for that server will be updated to the current time.

     However, if the user authentication request fails, then ACOS will send the request to the secondary TACACS+ server.

     To enable this feature, you must configure the user name and password for the TACACS+ server’s administrative account. While a simple server port “ping” could be used to check the status, this is not recommended because it could cause the ACOS device to be mistakenly seen as an attacker, thus causing it to be added to the ACL.

Table of Contents