Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

Tacacs authentication from standby member in R80.xx

I have a Cluster HA with 3 members, i enabled the parameter fwha_forw_packet_to_not_active indicated in the sk42695.

But i saw that the traffic is blocked by the active member. In R80.10 and R80.20 i had this problem.

 

The workaround that i applied is:

* Permit the Physical IP of the FWs in the Tacacs servers for authetication

* Create a NAT exception (prevent the hide nat cluster VIP) for the FWs send the request to the tacacs Server with its own address

* Tacacs authentication working in the standbys members.

0 Replies