EasyManua.ls Logo

Cisco Nexus 9000 Series - Default TACACS+ Server Encryption Type and Secret Key; Command Authorization Support for TACACS+ Servers; TACACS+ Server Monitoring

Cisco Nexus 9000 Series
562 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Default TACACS+ Server Encryption Type and Secret Key
You must configure the TACACS+ secret key to authenticate the switch to the TACACS+ server. A secret
key is a secret text string shared between the Cisco NX-OS device and the TACACS+ server host. The length
of the key is restricted to 63 characters and can include any printable ASCII characters (white spaces are not
allowed). You can configure a global secret key for all TACACS+ server configurations on the Cisco NX-OS
device to use.
You can override the global secret key assignment by explicitly using the key option when configuring an
individual TACACS+ server.
Command Authorization Support for TACACS+ Servers
By default, command authorization is done against a local database in the Cisco NX-OS software when an
authenticated user enters a command at the command-line interface (CLI). You can also verify authorized
commands for authenticated users using TACACS+.
TACACS+ Server Monitoring
An unresponsive TACACS+ server can delay the processing of AAA requests. A Cisco NX-OS device can
periodically monitor a TACACS+ server to check whether it is responding (or alive) to save time in processing
AAA requests. The Cisco NX-OS device marks unresponsive TACACS+ servers as dead and does not send
AAA requests to any dead TACACS+ servers. A Cisco NX-OS device periodically monitors dead TACACS+
servers and brings them to the alive state once they are responding. This process verifies that a TACACS+
server is in a working state before real AAA requests are sent its way. Whenever a TACACS+ server changes
to the dead or alive state, a Simple Network Management Protocol (SNMP) trap is generated and the Cisco
NX-OS device displays an error message that a failure is taking place before it can impact performance.
Figure 3: TACACS+ Server States
This figure shows the server states for TACACS+ server monitoring.
The monitoring interval for alive servers and dead servers are different and can be configured by the user.
The TACACS+ server monitoring is performed by sending a test authentication request to the TACACS+
server.
Note
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
69
Configuring TACACS+
Default TACACS+ Server Encryption Type and Secret Key

Table of Contents

Other manuals for Cisco Nexus 9000 Series

Preview: Manual
Manual30 pages
Preview: Troubleshooting Guide
Troubleshooting Guide126 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Quick Start Configuration Guide
Quick Start Configuration Guide6 pages
Preview: Installation
Installation12 pages
Preview: Installing
Installing8 pages

Related product manuals