Print
this page
Email this topic
Feedback
View PDF
Download EPUBChanging the TACACS+ Server
Use the following steps to change TACACS+ server configuration to avoid
service interruption with respect to authentication and authorization.
- Unconfigure the existing primary TACACS+ server.
Note
After this step, TACACS+ will failover to secondary server. - Configure the new primary TACACS+ server.
- Configure the shared-secret password for primary TACACS+ server.
Note
Only after configuring shared-secret password for primary server, TACACS+ will fallback to primary server from secondary. - Unconfigure existing secondary TACACS+ server.
- Configure new secondary TACACS+ server.
- Configure shared-secret password for secondary TACACS+ server
To unconfigure the existing TACACS+ server, use the following command:
unconfigure tacacs server [primary | secondary]
To configure a TACACS+ server, use the following command:
configure tacacs [primary | secondary] server [ipaddress | hostname] {tcp_port} client-ip ipaddress {vr vr_name}
To configure shared-secret password for TACACS+ server, use the following command.
configure tacacs [primary | secondary] shared-secret {encrypted} string
When only a single TACACS+ server is configured, it is essential to disable tacacs-authorization(if enabled) before reconfiguring TACACS+ server.
Note
Command disable tacacs is not required while changing TACACS+ servers. And it is recommended to disable tacacs-authorization (if enabled), before disabling TACACS+.