Adding a TACACS+ server to the client server list

Prior to adding the TACACS+ server with a domain name or a host name, you must configure the Domain Name System (DNS) server on the device. Without the DNS server, the TACACS+ server name resolution fails, which causes the add operation to fail. To configure the DNS server, use the ip dns command.

Note

When a list of servers is configured, failover from one server to another server happens only when a TACACS+ server fails to respond; it does not happen when user authentication fails.

The following procedure adds a TACACS+ server host in IPv6 format.

From privileged EXEC mode, enter global configuration mode.
```
device# configure terminal
Entering configuration mode terminal
```
Enter tacacs-server and specify the server IP address.
```
device(config)# tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010 use-vrf mgmt-vrf
```
Upon execution of the command, you are placed into the TACACS server configuration submode where you can specify additional parameters.

Specify the additional parameters.

device(config)# tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010
device(config-host-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)# protocol chap key "new#hercules*secret"
device(config-host-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)# exit

This example specifies the authentication protocol (CHAP).

Return to privileged EXEC mode.

device(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010/mgmt-vrf)# end

Verify the configuration.

device# show running-config tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010
tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010 use-vrf mgmt-vrf
 key "nPbWil58uf/UJ4UoTUEzGmx/+m8/9fJbHe1uGUH/gM8=\n" encryption-level 7
!