explanation to "tacacs-server directed-request"

m4rtinm4rtin Member Posts: 170
According to Cisco documentation "tacacs-server directed-request" command causes the router to split each username into two parts, separated by the @ symbol. The first part is the actual username used for authentication; the second part is the name of the TACACS server to send the request to. Disabling this feature causes the TACACS servers to be queried in order; the entire username string is used for authentication. As I understand, if TACACS+ asks for username and if one enters:
Username: [email protected]
Password: 

R1#

..then TACACS+ server at 10.10.10.1 is queried instead of first TACACS+ server specified in router configuration? In addition, 10.10.10.1 needs to be one of the servers listed in router configuration with "tacacs-server host" command? icon_rolleyes.gif
Sign In or Register to comment.