Switch User Manual
Chapter 4 Configuring the CSS as a Client of a TACACS+ Server
Defining a TACACS+ Server
4-10
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Defining this option overrides the tacacs-server key command. For more 
information on defining a global encryption key, see the “Defining a Global 
Encryption Key” section.
• primary - (Optional) Assigns the TACACS+ server precedence over the 
other configured servers. You can specify only one primary server.
• frequency number - (Optional) Allows you to set the keepalive frequency for 
the specified TACACS+ server. The default number variable is 5 seconds. 
The range for the variable is 0 to 255. A setting of 0 disables keepalives. 
Defining this option overrides the tacacs-server frequency command.
Note If you need to change a timeout period or the shared secret for a specific server, 
you must delete the server and redefine it with the updated parameter.
For example, to define a primary TACACS+ server at IP address 192.168.11.1 
with a default port of 49, a timeout period of 12 seconds, a clear text shared secret 
of summary, and a keepalive frequency of 10 seconds, enter:
#(config) tacacs-server 192.168.11.1 12 20 “summary” primary frequency 10
To delete a TACACS+ server at IP address 192.168.11.1 with a default port of 49, 
enter:
#(config) no tacacs-server 192.168.11.1 49
After configuring the TACACS+ server, enable TACACS+ authentication for 
console and virtual logins (if the username and password pair is not in the local 
user database) through the virtual authentication and console authentication 
commands. See Chapter 1, Controlling CSS Access for information about the two 
commands.










