PurposeCommand or Action
Specifies a secret key for a specific TACACS+ server. You
can specify that the key-value is in clear text format (0), is
tacacs-server host {ipv4-address | ipv6-address |
host-name} key [0 | 6 | 7] key-value
Step 2
type-6 encrypted (6), or is type-7 encrypted (7). The Cisco
Example:
NX-OS software encrypts a clear text key before saving it
switch(config)# tacacs-server host 10.10.1.1 key
0 PlIjUhYg
to the running configuration. The default format is clear
text. The maximum length is 63 characters.
Example:
This secret key is used instead of the global secret key.
switch(config)# tacacs-server host 10.10.1.1 key
7 "fewhg”
If you already configured a shared secret using
the generate type7_encrypted_secret
command, enter it in quotation marks, as shown
in the second example. For more information,
see Configuring the Shared Secret for RADIUS
or TACACS+, on page 33.
Note
Exits configuration mode.exit
Example:
Step 3
switch(config)# exit
switch#
Displays the TACACS+ server configuration.(Optional) show tacacs-server
Step 4
Example:
The secret keys are saved in encrypted form in
the running configuration. Use the show
running-config command to display the
encrypted secret keys.
Note
switch# show tacacs-server
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 5
switch# copy running-config startup-config
Related Topics
About AES Password Encryption and Master Encryption Keys, on page 413
Configuring TACACS+ Server Groups
You can specify one or more remote AAA servers to authenticate users using server groups. All members of
a group must belong to the TACACS+ protocol. The servers are tried in the same order in which you configure
them.
You can configure these server groups at any time but they only take effect when you apply them to an AAA
service.
Before you begin
Enable TACACS+.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
77
Configuring TACACS+
Configuring TACACS+ Server Groups
To Next Page
Loading...
