Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.
Refer to the Parameters section for specific defaults.
Specifies a VRF though which to communicate with the TACACS+ server. See the Usage Guidelines.
Global configuration mode
If a TACACS+ server with the specified IP address or host name does not exist, it is added to the server list. If the TACACS+ server already exists, this command modifies the configuration. The key parameter does not support an empty string.
Executing the no form of the tacacs-server command attributes resets the specified attributes to their default values.
Before downgrading to a software version that does not support the encryption-level keyword, set the value of this keyword to 0. Otherwise, the firmware download will generate an error that requests this value be set to 0.
Before downgrading to a version that doesn‘t support tacacs-server source-interface, you must remove the source-ip configuration using no source-interface. Otherwise, the firmware download process generates an error requesting to reset the cipher.
By default, all management services are enabled on the management VRF ("mgmt-vrf") and the default VRF ("default-vrf").
If the encryption-level is zero (0) but the key entered is encrypted then the following error message is displayed: Error: Input key must be plain text when encryption-level selected is 0.
To configure an IPv4 TACACS+ server:
device# configure terminal device(config)# tacacs-server host 10.24.65.6 device(config-host-10.24.65.6/mgmt-vrf)# tacacs-server source-ip chassis-ip device(config-host-10.24.65.6/mgmt-vrf)# protocol chap retries 100 device(config-host-10.24.65.6/mgmt-vrf)#
To modify an existing TACACS+ server configuration:
device# configure terminal device(config)# tacacs-server host 10.24.65.6 device(config-tacacs-server-10.24.65.6/mgmt-vrf))# key "changedsec"
To delete a TACACS+ server:
device# configure terminal device(config)# no tacacs-server host 10.24.65.6
To configure an IPv6 TACACS+ server:
device# configure terminal device(config)# tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010 device(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)# protocol chap key "mysecret" device(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)# tacacs-server source-ip chassis-ip device(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)#