5-19
TACACS+ Authentication
Configuring TACACS+ on the Switch
Name Default Range
host <ip-addr> [key <key-string>]
| [oobm]
none n/a
Specifies the IP address of a device running a TACACS+ server application. Optionally, can also specify the unique, per-
server encryption key to use when each assigned server has its own, unique key. For more on the encryption key, see
“Using the Encryption Key” on page 5-26 and the documentation provided with your TACACS+ server application.
For switches that have a separate out-of-band management port, the oobm parameter specifies that the TACACS+ traffic
will go through the out-of-band management (OOBM) port.
You can enter up to three IP addresses; one first-choice and two (optional) backups (one second-choice and one third-
choice).
Use show tacacs to view the current IP address list.
If the first-choice TACACS+ server fails to respond to a request, the switch tries the second address, if any, in the show
tacacs list. If the second address also fails, then the switch tries the third address, if any.
(See figure 5-3, “Example of the Switch’s TACACS+ Configuration Listing” on 5-9.)
The priority (first-choice, second-choice, and third-choice) of a TACACS+ server in the switch’s TACACS+ configuration
depends on the order in which you enter the server IP addresses:
1.When there are no TACACS+ servers configured, entering a server IP address makes that server the first-choice
TACACS+ server.
2.When there is one TACACS+ serves already configured, entering another server IP address makes that server the
second-choice (backup) TACACS+ server.
3.When there are two TACACS+ servers already configured, entering another server IP address makes that server
the third-choice (backup) TACACS+ server.
• The above position assignments are fixed. Thus, if you remove one server and replace it with another, the new server
assumes the priority position that the removed server had. For example, suppose you configured three servers, A, B,
and C, configured in order:
First-Choice: A
Second-Choice: B
Third-Choice: C
• If you removed server B and then entered server X, the TACACS+ server order of priority would be:
First-Choice: A
Second-Choice: X
Third-Choice: C
To Next Page
Loading...
Need help?
General
