PurposeCommand or Action
switch# copy running-config startup-config
Related Topics
Enabling TACACS+ , on page 73
Configuring TACACS+ Server Groups, on page 77
Configuring Global TACACS+ Keys
You can configure secret TACACS+ keys at the global level for all servers used by the Cisco NX-OS device.
A secret key is a shared secret text string between the Cisco NX-OS device and the TACACS+ server hosts.
Before you begin
Enable TACACS+.
Obtain the secret key values for the remote TACACS+ servers.
SUMMARY STEPS
1. configure terminal
2. tacacs-server key [0 | 6 | 7] key-value
3. exit
4. (Optional) show tacacs-server
5. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Specifies a TACACS+ key for all TACACS+ server. You
can specify that the key-value is in clear text format (0), is
tacacs-server key [0 | 6 | 7] key-value
Example:
Step 2
type-6 encrypted (6), or is type-7 encrypted (7). The Cisco
switch(config)# tacacs-server key 0 QsEfThUkO
NX-OS software encrypts a clear text key before saving it
to the running configuration. The default format is clear
text. The maximum length is 63 characters.
Example:
switch(config)# tacacs-server key 7 "fewhg”
By default, no secret key is configured.
If you already configured a shared secret using
the generate type7_encrypted_secret
command, enter it in quotation marks, as shown
in the second example. For more information,
see Configuring the Shared Secret for RADIUS
or TACACS+, on page 33.
Note
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
75
Configuring TACACS+
Configuring Global TACACS+ Keys
To Next Page
Loading...
