tacacs-server host

To configure TACACS+ server host parameters, use the tacacs-server host command. To revert to the defaults, use the no form of this command.

tacacs-server host { hostname | ipv4-address | ipv6-address } [ key [ 0 | 7 ] shared-secret ] [ port port-number ] [ test { idle-time time | password password | username name }] [ timeout seconds ]

no tacacs-server host { hostname | ipv4-address | ipv6-address } [ key [ 0 | 7 ] shared-secret ] [ port port-number ] [ test { idle-time time | password password | username name }] [ timeout seconds ]

Syntax Description

hostname
TACACS+ server Domain Name Server (DNS) name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters.
ipv4-address
TACACS+ server IPv4 address in the A . B . C . D format.
ipv6-address
TACACS+ server IPv6 address in the X : X : X :: X format.
key
(Optional) Configures the TACACS+ server's shared secret key.
0
(Optional) Configures a preshared key specified in clear text (indicated by 0) to authenticate communication between the TACACS+ client and server. This is the default.
7
(Optional) Configures a preshared key specified in encrypted text (indicated by 7) to authenticate communication between the TACACS+ client and server.
shared-secret
Preshared key to authenticate communication between the TACACS+ client and server. The preshared key is alphanumeric, case sensitive, and has a maximum of 63 characters.
port port-number
(Optional) Configures a TACACS+ server port for authentication. The range is from 1 to 65535.
test
(Optional) Configures parameters to send test packets to the TACACS+ server.
idle-time time
(Optional) Specifies the time interval (in minutes) for monitoring the server. The time range is 1 to 1440 minutes.
password password
(Optional) Specifies a user password in the test packets. The password is alphanumeric, case sensitive, and has a maximum of 32 characters.
username name
(Optional) Specifies a user name in the test packets. The username is alphanumeric, case sensitive, and has a maximum of 32 characters.
timeout seconds
(Optional) Configures a TACACS+ server timeout period (in seconds) between retransmissions to the TACACS+ server. The range is from 1 to 60 seconds.

Command Default

Idle time: disabled.
Server monitoring: disabled.
Timeout: 1 second.
Test username: test.
Test password: test.

Command Modes

Global configuration mode

Command History

Release
Modification
4.0(0)N1(1a)
This command was introduced.

Usage Guidelines

You must use the feature tacacs+ command before you configure TACACS+.

When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.

Examples

This example shows how to configure TACACS+ server host parameters:

switch(config)# tacacs-server host 192.168.2.3 key HostKey
switch(config)# tacacs-server host tacacs2 key 0 abcd
switch(config)# tacacs-server host tacacs3 key 7 1234
switch(config)# tacacs-server host 192.168.2.3 test idle-time 10
switch(config)# tacacs-server host 192.168.2.3 test username tester
switch(config)# tacacs-server host 192.168.2.3 test password 2B9ka5
 

Related Commands

Command
Description
feature tacacs+
Enables TACACS+.
show tacacs-server
Displays TACACS+ server information.