Cisco Cisco ASA 5580 Adaptive Security Appliance Leaflet

deadtime minutes 

키워드-인수 쌍은 그룹의 마지막 서버를 비활성화한 시점부터 나중에 모든 서버

를 다시 활성화한 시점까지 경과한 시간(분)을 0~1440 범위에서 지정합니다. 기본은 10분입니다.
timed 

키워드는 다운 타임 30초 이후에 실패한 서버를 다시 활성화합니다.

그룹의 모든 서버에 어카운팅 메시지를 전송합니다.

예:

ciscoasa(config-aaa-server-group)# accounting-mode simultaneous

활성 서버에만 메시지를 전송하는 기본값으로 복원하려면 accounting-mode single 명령을 입

력하십시오.

다음 예는 기본 서버와 백업 서버를 하나씩 포함한 TACACS+ 그룹을 1개 추가하는 방법을 보여 

줍니다.

ciscoasa(config)# aaa-server AuthInbound protocol tacacs+

ciscoasa(config-aaa-server-group)# max-failed-attempts 2

ciscoasa(config-aaa-server-group)# reactivation-mode depletion deadtime 20

ciscoasa(config-aaa-server-group)# exit

ciscoasa(config)# aaa-server AuthInbound (inside) host 10.1.1.1

ciscoasa(config-aaa-server-host)# key TACPlusUauthKey

ciscoasa(config-aaa-server-host)# exit

ciscoasa(config)# aaa-server AuthInbound (inside) host 10.1.1.2

ciscoasa(config-aaa-server-host)# key TACPlusUauthKey2

ciscoasa(config-aaa-server-host)# exit

TACACS+ 

서버를 그룹에 추가하려면 다음 단계를 수행하십시오.

TACACS+ 

서버와 해당 서버가 속한 서버 그룹을 식별합니다.

 server_group [interface_name] host server_ip

예:

ciscoasa(config-aaa-server-group)# aaa-server servergroup1 outside host 10.10.1.1

aaa-server host 

명령을 입력하면 aaa-server 호스트 구성 모드가 시작됩니다.

ASA

가 백업 서버에 요청을 보내기 전에 기본 서버에서 응답을 기다리는 시간을 초 단위로 지정합

니다.

 hh:mm:ss

예:

ciscoasa(config-aaa-server-host)# timeout 15