5-18
TACACS+ Authentication
Configuring TACACS+ on the Switch
Note on
Encryption Keys
Encryption keys configured in the switch must exactly match the encryption
keys configured in TACACS+ servers the switch will attempt to use for
authentication.
If you configure a global encryption key, the switch uses it only with servers
for which you have not also configured a server-specific key. Thus, a global
key is more useful where the TACACS+ servers you are using all have an
identical key, and server-specific keys are necessary where different
TACACS+ servers have different keys.
Syntax: tacacs-server host < ip-addr > [key < key-string > | encrypted-key <key-
string>] | [oobm]
Adds a TACACS+ server and optionally assigns a server-
specific encryption key. If the switch is configured to
access multiple TACACS+ servers having different encryp-
tion keys, you can configure the switch to use different
encryption keys for different TACACS+ servers.
[no] tacacs-server host < ip-addr >
Removes a TACACS+ server assignment (including its
server-specific encryption key, if any).
tacacs-server [key <key-string> | encrypted-key <key-string>]
Configures an optional global encryption key
. Keys
configured in the switch must exactly match the
encryption keys configured in the TACACS+ servers that
the switch will attempt to use for authentication.
The encrypted-key parameter configures a global
encryption key, specified using a base64-encoded aes-256
encrypted string.
[no] tacacs-server key
Removes the optional global encryption key. (Does not
affect any server-specific encryption key assignments.)
tacacs-server encrypted-key <key-string>
Encryption key to use with a TACACS+ server, specified
using a base64-encoded aes-256 encrypted string.
tacacs-server timeout < 1-255 >
Changes the wait period for a TACACS server response.
(Default: 5 seconds.)
To Next Page
Loading...
Need help?
General