Use this command to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. The key-string parameter has a range of 0 - 128 characters and specifies the authentication and encryption key for all TACACS communications between the switch and the TACACS+ server. This key must match the key used on the TACACS+ daemon.
Text-based configuration supports the TACACS server‘s secrets in encrypted and non-encrypted format. When you save the configuration, these secret keys are stored in encrypted format only. If you want to enter the key in encrypted format, enter the key along with the encrypted keyword. In the show running-config command‘s display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format.
The ! (exclamation point) character cannot be used as the first character in a TACACS+ server password, unless the password is entered inside quotation marks from the CLI. We recommend using quotation marks whenever you create passwords and keys that contain the ! character – for example, #tacacs-server key <"!234567">.
Format | tacacs-server key [key-string | encrypted key-string] |
Mode | Global Config |