Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.
Config mode
No more than 5 TACACS servers can be configured.
DefaultPort = 49 DefaultTimeout = 5 DefaultRetries = 3 Protocol = "CHAP"
Use the [no] form of the command to remove the configuration.
The following example configures a TACACS+ server with an encrypted key.
device# configure terminal device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BW device# show running-config tacacs-server tacacs-server host 10.2.3.5 key zgR4B-sop6rYJdrp5zmg3zDKx_N-LKQF8ubf4OWuYGo
device# configure terminal device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# plain-key testKey
The following example shows information about configured TACAC+ servers.
device# show running tacacs-server
tacacs-server host 1.2.3.4
encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGoo
tacacs-server host 10.20.73.134
encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BWw
tacacs-server host 10.24.15.200
encrypted-key aimBmdAKcaduyaPNfE68IiWGEYOMywtFxVv8Ftu5bqc
The following example removes the encrypted key from the server.
device(config)# tacacs-server host 10.24.15.201 device(config-tacacs-config)# no encrypted-keyThe following examples show error messages.
Invalid IP address:
Error: not a valid unicast address
Plain key length is more than 40:
Error: Plain-key length restriction
Encrypted key length is more than 128:
Error: encrypted-key length restriction