Remove the TACACS+ Server Key

Before you begin

Only admin users can perform this procedure.

About this task

Perform this procedure to remove the configured TACACS+ server key from the client.

Procedure

  1. Display the configured server IP addresses and keys. 
    device# show running-config tacacs-server 

tacacs-server host 10.2.3.5 encrypted-key "jahasjikjdoaskjuihuhiaoljsiaknkaiua="
tacacs-server host 1.2.3.4 encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo
  2. Enter the Config mode. 
    device(config)#
  3. Enter TACACS+ server configuration mode for the selected TACACS+ server. 
    device(config)# tacacs-server host ip-address
device(config-tacacs-config)#
  4. Remove the key from the server. 
    device(config)# tacacs-server host ip-address
device(config-tacacs-config)# no encrypted-key
  5. Return to the Exec mode and verify the configuration. 
    device(config-tacacs-config)# end
device# show running-config tacacs-server tacacs-server host host-address

Example

The following example removes the key from TACACS+ server on 10.2.3.5.

device# configure terminal
device(config)# tacacs-server host 10.2.3.5
device(config-tacacs-config)# no encrypted-key
device(config-tacacs-config)# end

device# show running-config tacacs-server
tacacs-server host 10.2.3.5

tacacs-server host 1.2.3.4 encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGo
9037176-00 REV AA