Users Guide
Version Description
9.8(0.0P5) Introduced on the S4048-ON.
9.8(0.0P2) Introduced on the S3048-ON.
9.7(0.0) Introduced on the S6000–ON.
9.2(1.0) Introduced on the Z9500.
9.0.2.0 Introduced on the S6000.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.4.1.0 Added support for IPv6.
8.3.7.0 Introduced on the S4810.
7.7.1.0 Authentication key length increased to 42 characters.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
pre-6.2.1.1 Introduced on the E-Series.
Usage Information
To list multiple TACACS+ servers to be used by the aaa authentication login command, congure this
command multiple times.
If you are not conguring the switch as a TACACS+ server, you do not need to congure the port, timeout and
key optional parameters. If you do not congure a key, the key assigned in the tacacs-server key command
is used.
You can use duplicate host names or IP addresses among TACACS groups. However, you cannot use duplicate host
names or IP addresses within the same TACACS group.
If a VRF is not congured on the TACACS group, then servers congured in the group are considered to be on the
default VRF. TACACS servers that are congured in the CONFIGURATION mode are also considered to be on the
default VRF.
For AAA servers to use a group of TACACS servers, you must explicitly congure the group using the aaa
tacacs group
group-name command. The order in which the TACACS servers are tried depends on the
order in which they are congured.
Example
Dell(conf)# tacacs-server group group1
Dell(conf-tacacs-group)# tacacs-server host 1.1.1.1 key secr-et
Dell(conf-tacacs-group)# no tacacs-server host 1.1.1.1
Dell(conf-tacacs-group)#
Related Commands
• aaa authentication login — species the login authentication method.
• tacacs-server key — congures a TACACS+ key for the TACACS server.
tacacs-server key
Congure a key for communication between a TACACS+ server and a client.
Syntax
tacacs-server key [encryption-type] key
1330 Security