Changing the TACACS+ Server
- Unconfigure the existing primary TACACS+ server.
Note
The command disable tacacs is not required while changing TACACS+ servers.If only a single TACACS+ server is configured, you must disable TACACS authorization (if enabled) before reconfiguring TACACS+ server:
disable tacacs-authorization
To unconfigure the existing primary TACACS+ server:
unconfigure tacacs server [primary | secondary]
Note
After this step, TACACS+ will failover to secondary server. - Configure the new primary TACACS+ server:
configure tacacs [primary | secondary] server [ipaddress | hostname] {tcp_port} client-ip ipaddress {vr vr_name}
- Configure the shared-secret password for primary TACACS+
server:
configure tacacs [primary | secondary] shared-secret {encrypted} string
Note
Only after configuring shared-secret password for primary server, TACACS+ will fallback to primary server from secondary. - Unconfigure existing secondary TACACS+ server:
unconfigure tacacs server [primary | secondary]
- Configure new secondary TACACS+ server:
configure tacacs [primary | secondary] server [ipaddress | hostname] {tcp_port} client-ip ipaddress {vr vr_name}
- Configure shared-secret password for secondary TACACS+
server:
configure tacacs [primary | secondary] shared-secret {encrypted} string