Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

271

272

273

274

275

276

277

278

279

280

Send feedback to nx5000-docfeedback@cisco.com

18-12

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 18 Configuring TACACS+

Configuring TACACS+

Configuring the Dead-Time Interval

You can configure the dead-time interval for all TACACS+ servers. The dead-time interval specifies the

time that the Nexus 5000 Series switch waits, after declaring a TACACS+ server is dead, before sending

out a test packet to determine if the server is now alive.

Note When the dead-timer interval is 0 minutes, TACACS+ servers are not marked as dead even if they are

not responding. You can configure the dead-timer per group (see the “Configuring TACACS+ Server

Groups” section on page 18-7).

To configure the dead-time interval for all TACACS+ servers, perform this task:

Manually Monitoring TACACS+ Servers or Groups

To manually issue a test message to a TACACS+ server or to a server group, perform this task:

The following example shows how to manually issue a test message:

switch# test aaa server tacacs+ 10.10.1.1 user1 Ur2Gd2BH

switch# test aaa group TacGroup user2 As3He3CI

Disabling TACACS+

You can disable TACACS+.

Caution When you disable TACACS+, all related configurations are automatically discarded.

Command Purpose

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# tacacs-server deadtime

minutes

Configures the global dead-time interval. The default

value is 0 minutes. The range is from 1 to 1440

minutes.

Step 3

switch(config)# exit

Exits configuration mode.

Step 4

switch# show tacacs-server

(Optional) Displays the TACACS+ server

configuration.

Step 5

switch# copy running-config

startup-config

(Optional) Copies the running configuration to the

startup configuration.

Command Purpose

Step 1

switch# test aaa server tacacs+

{ipv4-address|ipv6-address|host-name} [vrf

vrf-name] username password

Sends a test message to a TACACS+ server to

confirm availability.

Step 2

switch# test aaa group group-name username

password

Sends a test message to a TACACS+ server group to

confirm availability.