Configuring TACACS+ Global Preshared Keys
You can configure preshared keys at the global level for all servers used by the Cisco Nexus device. A preshared
key is a shared secret text string between the Cisco Nexus device and the TACACS+ server hosts.
Before you configure preshared keys, you should do the following:
•
Enable TACACS+.
•
Obtain the preshared key values for the remote TACACS+ servers.
Procedure
PurposeCommand or Action
Enters global configuration mode.switch# configure terminal
Step 1
Specifies a TACACS+ key for all TACACS+ server. You can
specify that the key-value is in clear text format (0), is type-6
tacacs-server key [0 | 6 | 7]
key-value
Step 2
encrypted (6), or is type-7 encrypted (7). The Cisco NX-OS
Example:
switch(config)# tacacs-server
key 0 QsEfThUkO
software encrypts a clear text key before saving it to the
running configuration. The default format is clear text. The
maximum length is 63 characters.
Example:
switch(config)# tacacs-server
key 7 "fewhg”
By default, no secret key is configured.
If you already configured a shared secret using the
generate type7_encrypted_secret command, enter
it in quotation marks, as shown in the second example.
Note
Exits configuration mode.switch(config)# exit
Step 3
(Optional)
Displays the TACACS+ server configuration.
switch# show tacacs-server
Step 4
The preshared keys are saved in encrypted form in
the running configuration. Use the show
running-config command to display the encrypted
preshared keys.
Note
(Optional)
Copies the running configuration to the startup configuration.
switch# copy running-config
startup-config
Step 5
The following example shows how to configure global preshared keys:
switch# configure terminal
switch(config)# tacacs-server key 0 QsEfThUkO
switch(config)# exit
switch# show tacacs-server
switch# copy running-config startup-config
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
50
Configuring TACACS+
TACACS+ Server Configuration Process
To Next Page
Loading...
