- Cisco Secure Access Control System 5.4 Manual

4-30

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter 4 Common Scenarios Using ACS

RADIUS and TACACS+ Proxy Requests

• TAC_PLUS_AUTHOR

• TAC_PLUS_AUTHEN

4. Receives the following packets from the remote TACACS+ server and returns them back to the NAS:

This behavior is configurable.

• TAC_PLUS_ACCT

An unresponsive external RADIUS server waits for about timeout * number of retries seconds before failover

to move to the next server.

There could be several unresponsive servers in the list before the first responsive server is reached. In

such cases, each request that is forwarded to a responsive external RADIUS server is delayed for number

of previous unresponsive servers * timeout * number of retries.

This delay can sometimes be longer than the external RADIUS server timeout between two messages in

EAP or RADIUS conversation. In such a situation, the external RADIUS server would drop the request.

You can configure the number of seconds for an unresponsive external TACACS+ server waits before

failover to move to the next server.

ACS 5.4 supports multiple network interface connectors for RADIUS (IPv4) and TACACS+ (IPv4 and

IPv6) proxies. ACS 5.4 with Virtual machine, UCS, IBM, or CAM platform contains up to four network

interfaces: Ethernet 0, Ethernet 1, Ethernet 2, and Ethernet 3. For more information, see Multiple

Network Interface Connector in the Connecting the Network Interface section of Installation and

Upgrade Guide for Cisco Secure Access Control System 5.4.