Filter
Top Products
Chapter 4 Configuring the CSS as a Client of a TACACS+ Server
Defining a TACACS+ Server
4-8
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
When it sends a keepalive to the TACACS+ server, the CSS attempts to use a
persistent connection with the server. If the server is not configured for
persistence, the CSS opens a new connection each time it sends a keepalive.
To set the global TACACS+ keepalive frequency, use the tacacs-server
frequency command in global configuration mode. This command has the
following syntax:
tacacs-server frequency number
The number variable defines the keepalive frequency in seconds. Enter an integer
from 0 to 255. The default is 5 seconds. A setting of 0 disables keepalives. The
CSS dynamically applies the modified keepalive frequency and immediately
restarts the keepalive with the new value.
For example, to set the global TACACS+ keepalive frequency to 50 seconds,
enter:
(config)# no tacacs-server frequency 50
Note A keepalive frequency that you configure when you specify a TACACS+ server
overrides the global keepalive frequency (see the “Defining a TACACS+ Server”
section).
To reset the global TACACS+ keepalive frequency to the default of 5 seconds,
use the no tacacs-server frequency command.
For example, enter:
(config)# no tacacs-server frequency
Defining a TACACS+ Server
The TACACS+ server contains the TACACS+ authentication, authorization, and
accounting databases. You can designate a maximum of three servers on the CSS.
However, the CSS uses only one server at a time. The CSS selects the server based
upon availability, giving preference to the configured primary server. The CSS
sends periodic TCP keepalive probes at a frequency of every five seconds to the
TACACS+ server to determine its operational state: Alive, Dying, or Dead. The
TCP keepalive frequency is not user-configurable in the CSS.