[nsp] TACACS

Hans Spaans cisco-nsp at lists.hansspaans.nl
Thu Sep 11 23:59:50 EDT 2003


On Wed, Sep 10, 2003 at 05:43:26PM -0700, Mark D. Nagel wrote:
> Kevin Kincaid wrote:
> 
> >not to shoot myself in the foot or here, but we're successfully running
> >Cisco ACS 3.1 on W2k.  It has held steady for the past 12-18 months.
> >
> >I qualify by also saying I have had many feature gripes (well, lack of
> >features) and have spoken to Cisco about it on a couple occasions.
> > 
> >
> You must not be doing authorization control and using automated 
> procedures to download configuration files periodically.  We were doing 
> this with 3.1 for about 80 devices and ACS would stop authorizing any 
> command after just under 1 week.  Had to restart the CSTacacs service 
> when that happened.  Took TAC a long time to track that one down, but 
> they finally produced a patch.  Supposedly was integrated into 3.2, but 
> not sure.

How do you mean that? We're doing about 2600+ (still changing devices
to use tacacs+) with 3.1 and Ciscoworks. The only thing we where
hitting where some limitations in 3.0 and a replication bug in 3.1. The
pre-releases of 3.1.2 where working fine in the testlab and didn't had
the replication bug anymore. We're now testing 3.2 and that one looks
to handle replication better then 3.1.

Hopefully you can tell me more, because the only thing 3.1 sometimes
has is that it replicates a buggy database but we weren't able to
reproduce that one.

-- 
Hans


More information about the cisco-nsp mailing list