tacacs-server

Parameters

host hostname

Specifies the IP address or domain name of the TACACS+ server. IPv4 and IPv6 addresses are supported.

use-vrf

Specifies a VRF though which to communicate with the TACACS+ server. See the Usage Guidelines.

mgmt-vrf

Specifies the management VRF.

default-vrf

Specifies the default-vrf.

vrf-name

Specifies a VRF name.

source-interface ip-address

Specifies the source interface for the TACACS host.

port portnum

Specifies the TCP port for authentication. Valid values range from 0 through 65535. The default is 49.

protocol { chap | pap}

Specifies the authentication protocol. Options include CHAP and PAP. The default is CHAP.

key shared-secret

Specifies the text string that is used as the shared secret between the device and the TACACS+ server to make the message exchange secure. The key must be between 1 and 40 characters in length.

The default key is sharedsecret. The exclamation mark (!) is supported in RADIUS and TACACS+ servers. You can specify the password in either double quotes or the escape character (\), for example "secret!key" or secret\!key. The only other valid characters are alphanumeric characters (a-z and 0-9) and underscores. No other special characters are allowed.

encryption-level value_level

Designates the encryption level for the shared secret key operation. This operand supports JITC certification and compliance. The valid values are 0 and 7, with 0 being clear text and 7 being the most heavily encrypted. The default value is 7.

timeout secs

Specifies the time to wait for the TACACS+ server to respond. The default is 5 seconds.

retries num

Specifies the number of attempts allowed to connect to a TACACS+ server. The default is 5 attempts.