From: Tim (ccie2be@nyc.rr.com)
Date: Tue Nov 21 2006 - 13:33:31 ART
Hey Guys,
I know the different AAA services can be split over multiple servers, for
example, having Authentication on one server and Authorization on another
server if Tacacs+ is being used.
But, I have a couple Q's about how this works.
I know that before the Authorization function can be done, Authentication
must have already been done. So, assuming the Authen function is on one
server and the Author function is on another, how does the Authorization
function know that Authen was successful when that takes place on a
different server?
Also, are there any rules of thumb or Best Practices as to when these
services should be configured on separate servers? My assumption is that
this will depend on how many users there are or how much strain is being
placed on the ACS but I have no idea at point that might be.
Does anyone have any benchmarks or other ways to determine when splitting
AAA functions across multiple servers might make sense?
Thanks, Tim
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART