Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.
Config mode
No more than 5 TACACS servers can be configured.
DefaultPort = 49 DefaultTimeout = 5 DefaultRetries = 3 Protocol = "CHAP"
Use the no form of the command to remove the configuration.
| Message | Reason |
|---|---|
| Error: Only valid ipv4 unicast address | IP address is ill-formed or not a valid IPv4 unicast address. |
| Error: Plain-key length restriction: if entered in plain text between 1 and 40 | Plainkey length must be 1 through 40 characters. |
| Error: Encrypted-key length restriction : if length is < 128 throws error | Encrypted key length must be less than 128 characters. |
The following example configures a TACACS+ server with an encrypted key.
device# configure terminal device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BW device# show running-config tacacs-server tacacs-server host 10.2.3.5 key zgR4B-sop6rYJdrp5zmg3zDKx_N-LKQF8ubf4OWuYGo
device# configure terminal device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# plain-key testKey
The following example shows information about configured TACAC+ servers.
device# show running tacacs-server
tacacs-server host 1.2.3.4
encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGoo
tacacs-server host 10.20.73.134
encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BWw
tacacs-server host 10.24.15.200
encrypted-key aimBmdAKcaduyaPNfE68IiWGEYOMywtFxVv8Ftu5bqc
The following example removes the encrypted key from the server.
device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# no encrypted-key