Remove a TACACS+ Server Key from the Client

Learn how to remove a configured TACACS+ server key from the client.

Before you begin

You must have an admin role to perform this task.

Procedure

  1. Display the configured server IP addresses and keys. 
    device# show running-config tacacs-server 
tacacs-server host 10.2.3.5
   encrypted-key "jahasjikjdoaskjuihuhiaoljsiaknkaiua="

tacacs-server host 1.2.3.4 
   encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo
  2. Run the configure terminal command to access Config mode.
    The command line changes to configuration mode.
    device(config)#
  3. Enter TACACS+ server configuration mode for the selected TACACS+ server. 
    device(config)# tacacs-server host ip-address
device(config-tacacs-config)#
    After running the command, you are in TACACS server configuration mode.
  4. Run the no encrypted key command to remove the key from the server. 
    device(config)# tacacs-server host ip-address
device(config-tacacs-config)# no encrypted-key
  5. Return to privileged EXEC mode with the end command. 
    device(config-tacacs-config)# end
  6. Run the show running-config tacacs-server command to verify the configuration. 
    device# show running-config tacacs-server 
tacacs-server host host-address

Example

The following example removes the key from TACACS+ server on 10.2.3.5 and then verifies that a key is not configured on the specified server by running the show running-config tacacs-server command.

device# configure terminal
device(config)# tacacs-server host 10.2.3.5
device(config-tacacs-config)# no encrypted-key
device(config-tacacs-config)# end

device# show running-config tacacs-server
tacacs-server host 10.2.3.5

tacacs-server host 1.2.3.4 
   encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo
9037106-00 Rev AA