Administrator Guide

Security Commands 964

key

Use the key command in TACACS Configuration mode to specify the

authentication and encryption key for all TACACS communications between

the device and the TACACS server. This key must match the key used on the

TACACS daemon.

Syntax

key [0|7] key-string

no key

• 0—The key string that follows is the unencrypted shared secret. The

length is 1–128 characters.

• 7—The key string that follows is the encrypted shared secret. The length is

256 characters.

• key-string — Specifies the key string in encrypted or unencrypted form. It

may be up to 128 characters in length in unencrypted format and 256

characters in length in encrypted format.

Default Configuration

If left unspecified, the key-string parameter defaults to the global value.

Command Mode

TACACS Configuration mode

User Guidelines

The key command accepts any printable characters for the key except a

question mark. Enclose the string in double quotes to include spaces within

the key. The surrounding quotes are not used as part of the name. The CLI

does not filter illegal characters and may accept entries up to the first illegal

character or reject the entry entirely.

If no encryption parameter is present, the key string is interpreted as an un-

encrypted shared secret.

show tacacs tacacs-server timeout

–

timeout