To configure TACACS+ server host parameters, use the tacacs-server host command. To revert to the defaults, use the no form of this command.
tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]
no tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]
|
hostname |
TACACS+ server Domain Name Server (DNS) name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters. |
|
ipv4-address |
TACACS+ server IPv4 address in the A.B.C.D format. |
|
ipv6-address |
TACACS+ server IPv6 address in the X:X:X::X format. |
|
key |
(Optional) Configures the TACACS+ server's shared secret key. |
|
0 |
(Optional) Configures a preshared key specified in clear text (indicated by 0) to authenticate communication between the TACACS+ client and server. This is the default. |
|
7 |
(Optional) Configures a preshared key specified in encrypted text (indicated by 7) to authenticate communication between the TACACS+ client and server. |
|
shared-secret |
Preshared key to authenticate communication between the TACACS+ client and server. The preshared key is alphanumeric, case sensitive, and has a maximum of 63 characters. |
|
port port-number |
(Optional) Configures a TACACS+ server port for authentication. The range is from 1 to 65535. |
|
test |
(Optional) Configures parameters to send test packets to the TACACS+ server. |
|
idle-time time |
(Optional) Specifies the time interval (in minutes) for monitoring the server. The time range is 1 to 1440 minutes. |
|
password password |
(Optional) Specifies a user password in the test packets. The password is alphanumeric, case sensitive, and has a maximum of 32 characters. |
|
username name |
(Optional) Specifies a user name in the test packets. The username is alphanumeric, case sensitive, and has a maximum of 32 characters. |
|
timeout seconds |
(Optional) Configures a TACACS+ server timeout period (in seconds) between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds. |
Idle time: disabled.
Server monitoring: disabled.
Timeout: 1 second.
Test username: test.
Test password: test.
Global configuration mode
|
Release |
Modification |
|
4.0(0)N1(1a) |
This command was introduced. |
You must use the feature tacacs+ command before you configure TACACS+.
When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.
This example shows how to configure TACACS+ server host parameters:
switch(config)# tacacs-server host 192.168.2.3 key HostKey
switch(config)# tacacs-server host tacacs2 key 0 abcd
switch(config)# tacacs-server host tacacs3 key 7 1234
switch(config)# tacacs-server host 192.168.2.3 test idle-time 10
switch(config)# tacacs-server host 192.168.2.3 test username tester
switch(config)# tacacs-server host 192.168.2.3 test password 2B9ka5
|
Command |
Description |
|---|---|
|
feature tacacs+ |
Enables TACACS+. |
|
show tacacs-server |
Displays TACACS+ server information. |