Configuration Guide 595
Configuring Network Security AAA Configuration
Step 2 tacacs-server host
ip-address
[ port
port-id
] [ timeout
time
] [ key { [ 0 ]
string
| 7
encrypted-
string
} ]
Add the RADIUS server and configure the related parameters as needed.
host
ip-address
:
Enter the IP address of the server running the TACACS+ protocol.
port
port-id
:
Specify the TCP destination port on the TACACS+ server for authentication
requests. The default setting is 49.
timeout
time
:
Specify the time interval that the switch waits for the server to reply before
resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds.
key { [ 0 ]
string
| 7
encrypted-string
}: Specify the shared key. 0 and 7 represent the
encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a
symmetric encrypted key with a xed length will follow. By default, the encryption type is 0.
string
is the shared key for the switch and the server, which contains 31 characters at most.
encrypted-string
is a symmetric encrypted key with a xed length, which you can copy from
the conguration le of another switch. The key or encrypted-key you congured here will
be displayed in the encrypted form.
Step 3 show tacacs-server
Verify the configuration of TACACS+ server.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to add a TACACS+server on the switch. Set the IP
address of the server as 192.168.0.20, the authentication port as 49, the shared key as
123456, and the timeout as 8 seconds.
Switch#configure
Switch(config)#tacacs-server host 192.168.0.20 auth-port 49 timeout 8 key 123456
Switch(config)#show tacacs-server
Server Ip Port Timeout Shared key
192.168.0.20 49 8 123456
Switch(config)#end
Switch#copy running-config startup-config
To Next Page
Loading...
