tacacs-server

Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.

Syntax

tacacs-server host ip address { plain-key | encrypted-key }

no tacacs-server host ip address no key

Parameters

host: Specifies the IPv4 or IPv6 address of the TACACS+ server.
plain-key: Specifies a secret string shared with the TACACS+ server in plain-text format. Supports 1 through 40 characters.
encrypted-key: Specifies a secret string shared with the TACACS+ server in encrypted format. Supports 1 through 128 characters.

Modes

Config mode

Usage Guidelines

A maximum of five TACACS servers are supported.

The following list shows non-configurable default settings:

DefaultPort = 49
DefaultTimeout = 5
DefaultRetries = 3
Protocol = "CHAP"

Use the no form of the command to remove the configuration.

Examples

The following example configures a TACACS+ server with an encrypted key.

device# configure terminal
device(config)# tacacs-server host 10.24.15.201
device(config-tacacs-config)# encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BW
device# show running-config tacacs-server
tacacs-server host 10.2.3.5
   key zgR4B-sop6rYJdrp5zmg3zDKx_N-LKQF8ubf4OWuYGo

The following example shows the tacacs-server host being set as well as a plain-key.

device# configure terminal
device(config)# tacacs-server host 10.24.15.201
device(config-tacacs-config)# plain-key testKey

The following example shows information about configured TACAC+ servers.

device# show running tacacs-server 
tacacs-server host 1.2.3.4 
   encrypted-key JMeYDVdBN4Vb-wx35d7HnXIE8BL9KLUcEcePFwMNGoo 
tacacs-server host 10.20.73.134 
   encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BWw 
tacacs-server host 10.24.15.200 
   encrypted-key  aimBmdAKcaduyaPNfE68IiWGEYOMywtFxVv8Ftu5bqc

The following example removes the encrypted key from the server.

device(config)# tacacs-server host 10.24.15.201 
device(config-tacacs-config)# no encrypted-key