tacacs-server host

To configure TACACS+ server host parameters, use the tacacs-server host command. To revert to the defaults, use the no form of this command.

tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]

no tacacs-server host {hostname | ipv4-address | ipv6-address} [key [0 | 7] shared-secret] [port port-number] [test {idle-time time | password password | username name}] [timeout seconds]

Syntax Description

hostname

TACACS+ server Domain Name Server (DNS) name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters.

ipv4-address

TACACS+ server IPv4 address in the A.B.C.D format.

ipv6-address

TACACS+ server IPv6 address in the X:X:X::X format.

key

(Optional) Configures the TACACS+ server's shared secret key.

0

(Optional) Configures a preshared key specified in clear text (indicated by 0) to authenticate communication between the TACACS+ client and server. This is the default.

7

(Optional) Configures a preshared key specified in encrypted text (indicated by 7) to authenticate communication between the TACACS+ client and server.

shared-secret

Preshared key to authenticate communication between the TACACS+ client and server. The preshared key is alphanumeric, case sensitive, and has a maximum of 63 characters.

port port-number

(Optional) Configures a TACACS+ server port for authentication. The range is from 1 to 65535.

test

(Optional) Configures parameters to send test packets to the TACACS+ server.

idle-time time

(Optional) Specifies the time interval (in minutes) for monitoring the server. The time range is 1 to 1440 minutes.

password password

(Optional) Specifies a user password in the test packets. The password is alphanumeric, case sensitive, and has a maximum of 32 characters.

username name

(Optional) Specifies a user name in the test packets. The username is alphanumeric, case sensitive, and has a maximum of 32 characters.

timeout seconds

(Optional) Configures a TACACS+ server timeout period (in seconds) between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds.


Command Default

Idle time: disabled.

Server monitoring: disabled.

Timeout: 1 second.

Test username: test.

Test password: test.

Command Modes

Global configuration mode

Command History

Release
Modification

4.0(0)N1(1a)

This command was introduced.


Usage Guidelines

You must use the feature tacacs+ command before you configure TACACS+.

When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.

Examples

This example shows how to configure TACACS+ server host parameters:

switch(config)# tacacs-server host 192.168.2.3 key HostKey 
switch(config)# tacacs-server host tacacs2 key 0 abcd 
switch(config)# tacacs-server host tacacs3 key 7 1234 
switch(config)# tacacs-server host 192.168.2.3 test idle-time 10 
switch(config)# tacacs-server host 192.168.2.3 test username tester 
switch(config)# tacacs-server host 192.168.2.3 test password 2B9ka5 

Related Commands

Command
Description

feature tacacs+

Enables TACACS+.

show tacacs-server

Displays TACACS+ server information.