Configuring TACACS+ requires configuring TACACS+ support on the client and server.
You must individually configure each client device to use TACACS+ servers. To configure the server IP address and key, use the tacacs-server command. You can configure a maximum of five TACACS+ servers on a device for AAA service.
The following table lists the TACACS+ server parameters.
|
Parameter |
Description |
|---|---|
|
host |
IPv4 or IPv6 address or domain name or host name of the TACACS+ server. Host name requires prior DNS configuration. The maximum supported length for the host name is 40 characters. |
|
port |
The TCP port used to connect the TACACS+ server for authentication. The port range is 1 through 65535; the default port is 49 and is not configurable. Default value is used. |
|
protocol |
The authentication protocol to be used and is not configurable. CHAP is used. |
|
key |
Specifies the configurable text string that is used as the shared secret between the device and the TACACS+ server to make the message exchange secure. The plain-text key must be between 1 and 40 characters in length and the encrypted key length must be less than or equal to 128 characters. Note: The
value of key
must match the value configured in the TACACS+ configuration file;
otherwise, the communication between the server and the device
fails.
|
|
retries |
The number of attempts permitted to connect to a TACACS+ server. The range is 0 through 100, and the default value is 5. Not configurable. Default value is used. |
|
timeout |
The maximum amount of time to wait for a server to respond. Options are from 1 through 60 seconds, and the default value is 5 seconds. Not configurable. Default value is used. |