C613-50100-01 REV C Command Reference for x930 Series 2353
AlliedWare Plus™ Operating System - Version 5.4.6-1.x
TACACS+ COMMANDS
TACACS
-SERVER HOST
tacacs-server host
Overview Use this command to specify a remote TACACS+ server host for authentication,
authorization and accounting, and to set the shared secret key to use with the
TACACS+ server. The parameters specified with this command override the
corresponding global parameters for TACACS+ servers.
Use the no variant of this command to remove the specified server host as a
TACACS+ authentication and authorization server.
Syntax
tacacs-server host {<host-name>|<ip-address>} [key
[8]<key-string>]
no tacacs-server host {<host-name>|<ip-address>}
Default No TACACS+ server is configured by default.
Mode Global Configuration
Usage A TACACS+ server host cannot be configured multiple times like a RADIUS server.
As many as four TACACS+ servers can be configured and consulted for login
authentication, enable password authentication and accounting. The first server
configured is regarded as the primary server and if the primary server fails then the
backup servers are consulted in turn. A backup server is consulted if the primary
server fails, not if a login authentication attempt is rejected. The reasons a server
would fail are:
• it is not network reachable
• it is not currently TACACS+ capable
Parameter Description
<host-name> Server host name. The DNS name of the TACACS+ server host.
<ip-address> The IP address of the TACACS+ server host, in dotted decimal
notation A.B.C.D.
key Set shared secret key with TACACS+ servers.
8 Specifies that you are entering a password as a string that has
already been encrypted instead of entering a plain text password.
The running config displays the new password as an encrypted
string even if password encryption is turned off.
<key-string> Shared key string applied, a value in the range 1 to 64 characters.
Specifies the shared secret authentication or encryption key for all
TACACS+ communications between this device and the TACACS+
server. This key must match the encryption used on the TACACS+
server. This setting overrides the global setting of the
tacacs-server key command. If no key value is specified, the global
value is used.
To Next Page
Loading...
Need help?
General
