The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with T.
To set a periodic time interval where a nonreachable (nonresponsive) TACACS+ server is monitored for responsiveness, use the tacacs-server deadtime command. To disable the monitoring of the nonresponsive TACACS+ server, use the no form of this command.
tacacs-server deadtime minutes
no tacacs-server deadtime minutes
time |
Time interval in minutes. The range is from 1 to 1440. |
0 minutes
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
Setting the time interval to zero disables the timer. If the dead-time interval for an individual TACACS+ server is greater than zero (0), that value takes precedence over the value set for the server group.
When the dead-time interval is 0 minutes, TACACS+ server monitoring is not performed unless the TACACS+ server is part of a server group and the dead-time interval for the group is greater than 0 minutes.
You must use the feature tacacs+ command before you configure TACACS+.
This example shows how to configure the dead-time interval and enable periodic monitoring:
switch(config)# tacacs-server deadtime 10
This example shows how to revert to the default dead-time interval and disable periodic monitoring:
switch(config)# no tacacs-server deadtime 10
To allow users to send authentication requests to a specific TACACS+ server when logging in, use the tacacs-server directed request command. To revert to the default, use the no form of this command.
tacacs-server directed-request
no tacacs-server directed-request
This command has no arguments or keywords.
Sends the authentication request to the configured TACACS+ server groups.
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You must use the feature tacacs+ command before you configure TACACS+.
During login, the user can specify the username@vrfname:hostname, where vrfname is the VRF to use and hostname is the name of a configured TACACS+ server. The username is sent to the server name for authentication.
This example shows how to allow users to send authentication requests to a specific TACACS+ server when logging in:
switch(config)# tacacs-server directed-request
This example shows how to disallow users to send authentication requests to a specific TACACS+ server when logging in:
switch(config)# no tacacs-server directed-request
|
|
---|---|
feature tacacs+ |
Enables TACACS+. |
show tacacs-server directed request |
Displays a directed request TACACS+ server configuration. |
To configure TACACS+ server host parameters, use the tacacs-server host command. To revert to the defaults, use the no form of this command.
tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]
no tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]
Idle time: disabled.
Server monitoring: disabled.
Timeout: 1 second.
Test username: test.
Test password: test.
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You must use the feature tacacs+ command before you configure TACACS+.
When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.
This example shows how to configure TACACS+ server host parameters:
switch(config)# tacacs-server host 192.168.2.3 key HostKey
switch(config)# tacacs-server host tacacs2 key 0 abcd
switch(config)# tacacs-server host tacacs3 key 7 1234
switch(config)# tacacs-server host 192.168.2.3 test idle-time 10
switch(config)# tacacs-server host 192.168.2.3 test username tester
switch(config)# tacacs-server host 192.168.2.3 test password 2B9ka5
|
|
---|---|
feature tacacs+ |
Enables TACACS+. |
show tacacs-server |
Displays TACACS+ server information. |
To configure a global TACACS+ shared secret key, use the tacacs-server key command. To remove a configured shared secret, use the no form of this command.
tacacs-server key [0 | 7] shared-secret
no tacacs-server key [0 | 7] shared-secret
None
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You must configure the TACACS+ preshared key to authenticate the switch to the TACACS+ server. The length of the key is restricted to 65 characters and can include any printable ASCII characters (white spaces are not allowed). You can configure a global key to be used for all TACACS+ server configurations on the switch. You can override this global key assignment by using the key keyword in the tacacs-server host command.
You must use the feature tacacs+ command before you configure TACACS+.
This example shows how to display configure TACACS+ server shared keys:
switch(config)# tacacs-server key AnyWord
switch(config)# tacacs-server key 0 AnyWord
switch(config)# tacacs-server key 7 public
|
|
---|---|
feature tacacs+ |
Enables TACACS+. |
show tacacs-server |
Displays TACACS+ server information. |
To specify the time between retransmissions to the TACACS+ servers, use the tacacs-server timeout command. To revert to the default, use the no form of this command.
tacacs-server timeout seconds
no tacacs-server timeout seconds
seconds |
Seconds between retransmissions to the TACACS+ server. The valid range is 1 to 60 seconds. |
1 second
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
You must use the feature tacacs+ command before you configure TACACS+.
This example shows how to configure the TACACS+ server timeout value:
switch(config)# tacacs-server timeout 3
This example shows how to revert to the default TACACS+ server timeout value:
switch(config)# no tacacs-server timeout 3
|
|
---|---|
feature tacacs+ |
Enables TACACS+. |
show tacacs-server |
Displays TACACS+ server information. |
To create a Telnet session using IPv4 on a Cisco Nexus 5000 Series switch, use the telnet command.
telnet {ipv4-address | hostname} [port-number] [vrf {vrf-name | default | management}]
Port 23 is the default port.
EXEC mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
To create a Telnet session with IPv6 addressing, use the telnet6 command.
This example shows how to start a Telnet session using IPv4:
switch# telnet 192.168.1.1 vrf management
switch#
|
|
---|---|
clear line |
Clears Telnet sessions. |
telnet server enable |
Enables the Telnet server. |
telnet6 |
Creates a Telnet session using IPv6 addressing. |
To enable the Telnet server, use the telnet server enable command. To disable the Telnet server, use the no form of this command.
telnet server enable
no telnet server enable
This command has no arguments or keywords.
Enable
Global configuration mode
|
|
4.0(0)N1(1a) |
This command was introduced. |
This example shows how to enable the Telnet server:
switch(config)# telnet server enable
This example shows how to disable the Telnet server:
switch(config)# no telnet server enable
|
|
---|---|
show telnet server |
Displays the Telnet server status. |
To create a Telnet session using IPv6 on the Cisco NX-OS switch, use the telnet6 command.
telnet6 {ipv6-address | hostname} [port-number] [vrf {vrf-name | default | management}]
Port 23 is the default port. The default VRF is used.
EXEC mode
|
|
4.0(1a)N1(1) |
This command was introduced. |
To use this command, you must enable the Telnet server using the telnet server enable command.
To create a Telnet session with IPv4 addressing, use the telnet command.
This example shows how to start a Telnet session using an IPv6 address:
switch# telnet6 2001:0DB8:0:0:E000::F vrf management
switch#
|
|
---|---|
clear line |
Clears Telnet sessions. |
telnet |
Creates a Telnet session using IPv4 addressing. |
telnet server enable |
Enables the Telnet server. |