|
Home > Archive > alt.certification.cisco > July 2002 > I want to ask a question about tacacs-server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
I want to ask a question about tacacs-server
|
|
| salmonfish 2002-07-26, 8:25 am |
| I set tacacs-server's IP address .
"tacacs-server host 192.168.229.76 single-connection"
(use single-connection parameter,because cisco say ,this is can establish
perpetuity TCP link to aaa server ,so improve the capability. )
I try it ,it's true. but i have tow remote access route (cisco as5300)
when i set it in one's configurate .another route 's isdn link is fail .
i don't konw why .
can you tell me ?
| |
| David H Klein 2002-07-26, 3:25 pm |
| Only use the "single-connection" parameter if your network is less than 30
devices. Any more, and you will have constant TACACS lookup failures. Most NT
servers running ACS can't handle more than 32 constant connections.
"Single connection" works best if you have a few remote access devices,
AS5300 or VPN3030, for Radius connections.
salmonfish wrote:
> I set tacacs-server's IP address .
> "tacacs-server host 192.168.229.76 single-connection"
> (use single-connection parameter,because cisco say ,this is can establish
> perpetuity TCP link to aaa server ,so improve the capability. )
>
> I try it ,it's true. but i have tow remote access route (cisco as5300)
> when i set it in one's configurate .another route 's isdn link is fail .
> i don't konw why .
> can you tell me ?
| |
| salmonfish 2002-07-27, 9:25 am |
| thank you.
I have six E1 link ,about 200 users .
The first as5300 route use two E1 link .
The second as5300 route use four E1 link .
But only 40 constant connections at same time .
Why Only use the "single-connection" parameter if your network is less than
30 devices?
"David H Klein" <davidhk1@home.com> 写入消息新闻
:3D41B91A.7358F8C1@home.com...
> Only use the "single-connection" parameter if your network is less than 30
> devices. Any more, and you will have constant TACACS lookup failures. Most
NT
> servers running ACS can't handle more than 32 constant connections.
>
> "Single connection" works best if you have a few remote access devices,
> AS5300 or VPN3030, for Radius connections.
>
> salmonfish wrote:
>
> > I set tacacs-server's IP address .
> > "tacacs-server host 192.168.229.76 single-connection"
> > (use single-connection parameter,because cisco say ,this is can
establish
> > perpetuity TCP link to aaa server ,so improve the capability. )
> >
> > I try it ,it's true. but i have tow remote access route (cisco as5300)
> > when i set it in one's configurate .another route 's isdn link is fail .
> > i don't konw why .
> > can you tell me ?
>
| |
| David H Klein 2002-07-27, 12:25 pm |
| The server can only handle 32 silmutaneous connections.
After that, for the 33rd "constant connection" to operate, it must knock off one
of the existing connections. Therefore the router or switch that was "knocked
off" will time out until it pushes another router or switch off.
The "single-connection" recommendation is unnecessary. Tacacs works much better
without it.
-David
salmonfish wrote:
> thank you.
> I have six E1 link ,about 200 users .
> The first as5300 route use two E1 link .
> The second as5300 route use four E1 link .
> But only 40 constant connections at same time .
> Why Only use the "single-connection" parameter if your network is less than
> 30 devices?
>
> "David H Klein" <davidhk1@home.com> 写入消息新闻
> :3D41B91A.7358F8C1@home.com...
> > Only use the "single-connection" parameter if your network is less than 30
> > devices. Any more, and you will have constant TACACS lookup failures. Most
> NT
> > servers running ACS can't handle more than 32 constant connections.
> >
> > "Single connection" works best if you have a few remote access devices,
> > AS5300 or VPN3030, for Radius connections.
> >
> > salmonfish wrote:
> >
> > > I set tacacs-server's IP address .
> > > "tacacs-server host 192.168.229.76 single-connection"
> > > (use single-connection parameter,because cisco say ,this is can
> establish
> > > perpetuity TCP link to aaa server ,so improve the capability. )
> > >
> > > I try it ,it's true. but i have tow remote access route (cisco as5300)
> > > when i set it in one's configurate .another route 's isdn link is fail .
> > > i don't konw why .
> > > can you tell me ?
> >
| |
| salmonfish 2002-07-27, 8:25 pm |
| Thanks
"David H Klein" <davidhk1@home.com> 写入消息新闻
:3D42E050.BF10F696@home.com...
> The server can only handle 32 silmutaneous connections.
>
> After that, for the 33rd "constant connection" to operate, it must knock
off one
> of the existing connections. Therefore the router or switch that was
"knocked
> off" will time out until it pushes another router or switch off.
>
> The "single-connection" recommendation is unnecessary. Tacacs works much
better
> without it.
>
> -David
>
> salmonfish wrote:
>
> > thank you.
> > I have six E1 link ,about 200 users .
> > The first as5300 route use two E1 link .
> > The second as5300 route use four E1 link .
> > But only 40 constant connections at same time .
> > Why Only use the "single-connection" parameter if your network is less
than
> > 30 devices?
> >
> > "David H Klein" <davidhk1@home.com> 写入消息新闻
> > :3D41B91A.7358F8C1@home.com...
> > > Only use the "single-connection" parameter if your network is less
than 30[co
lor=darkred]
> > > devices. Any more, and you will have constant TACACS lookup failures.[/color]
Most
> > NT
> > > servers running ACS can't handle more than 32 constant connections.
> > >
> > > "Single connection" works best if you have a few remote access
devices,
> > > AS5300 or VPN3030, for Radius connections.
> > >
> > > salmonfish wrote:
> > >
> > > > I set tacacs-server's IP address .
> > > > "tacacs-server host 192.168.229.76 single-connection"
> > > > (use single-connection parameter,because cisco say ,this is can
> > establish
> > > > perpetuity TCP link to aaa server ,so improve the capability. )
> > > >
> > > > I try it ,it's true. but i have tow remote access route (cisco
as5300)
> > > > when i set it in one's configurate .another route 's isdn link is
fail . [colo
r=darkred]
> > > > i don't konw why .
> > > > can you tell me ?
> > >
>[/color]
|
|
|
|
|