Learn how to remove a configured TACACS+
server key from the client.
Before you begin
You must have an admin role to perform this
task.
Procedure
-
Display the configured server
IP addresses and keys.
device# show running-config tacacs-server
tacacs-server host 10.2.3.5
encrypted-key "jahasjikjdoaskjuihuhiaoljsiaknkaiua="
tacacs-server host 1.2.3.4
encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo
-
Run the configure terminal command to access
Config mode.
The command line changes
to configuration
mode.
device(config)#
-
Enter TACACS+ server
configuration mode for the selected TACACS+ server.
device(config)# tacacs-server host ip-address
device(config-tacacs-config)#
After running the command, you
are in TACACS server configuration mode.
-
Run the
no encrypted key
command to remove the key from the
server.
device(config)# tacacs-server host ip-address
device(config-tacacs-config)# no encrypted-key
-
Return to privileged EXEC mode
with the end command.
device(config-tacacs-config)# end
-
Run the
show running-config
tacacs-server
command to verify the configuration.
device# show running-config tacacs-server
tacacs-server host host-address
Example
The following example removes the key from TACACS+ server on 10.2.3.5 and then verifies that a
key is not configured on the specified server by running the show
running-config tacacs-server command.
device# configure terminal
device(config)# tacacs-server host 10.2.3.5
device(config-tacacs-config)# no encrypted-key
device(config-tacacs-config)# end
device# show running-config tacacs-server
tacacs-server host 10.2.3.5
tacacs-server host 1.2.3.4
encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo