Manualshelf

mac

ManualsBrandsip ManualsNetworkingipv6
461462463464465466467468469470
Commands for TACACS+
465
Chapter 42 Commands for TACACS+
42.1 tacacs-server authentication host
Command: tacacs-server authentication host <ip-address> [port <port-number>]
[timeout <seconds>] [key {0 | 7} <string>] [primary]
no tacacs-server authentication host <ip-address>
Function: Configure the IP address, listening port number, the value of timeout timer
and the key string of the TACACS+ server; the no form of this command deletes
TACACS+ authentication server.
Parameter: <ip-address> is the IP address of the server; <port-number> is the
listening port number of the server, the valid range is 0~65535, amongst 0 indicates it will
not be an authentication server; <seconds> is the value of TACACS+ authentication
timeout timer, shown in seconds and the valid range is 1~60; <string> is the key string, If
key option is set as 0, the key is not encrypted and its range should not exceed 64
characters, if key option is set as 7, the key is encrypted and its range should not exceed
64 characters; primary indicates it’s a primary server.
Command Mode: Global Mode
Default: No TACACS+ authentication configured on the system by default.
Usage Guide: This command is for specifying the IP address, port number, timeout
timer value and the key string of the TACACS+ server used on authenticating with the
switch. The parameter port is for define an authentication port number which must be in
accordance with the authentication port number of specified TACACS+ server which is
49 by default. The parameters key and timeout is used to configure the self-key and
self-timeout, if the switch is not configure the timeout<seconds> and key<string>, it will
use the global value and key by command tacacs-server timeout<seconds> and
tacacs-server key <string>. This command can configure several TACACS+ servers
communicate with the switch. The configuration sequence will be used as authentication
server sequence. And in case primary is configured on one TACACS+ server, the server
will be the primary server.
Example: Configure the TACACS+ authentication server address to 192.168.1.2, and
use the global configured key.
Switch(config)#tacacs-server authentication host 192.168.1.2