mac
Commands for TACACS+
466
42.2 tacacs-server key
Command: tacacs-server key {0 | 7} <string>
no tacacs-server key
Function: Configure the key of TACACS+ authentication server; the “no tacacs-server
key” command deletes the TACACS+ server key.
Parameter: <string> is the key string of the TACACS+ server. If key option is set as 0,
the key is not encrypted and its range should not exceed 64 characters, if key option is
set as 7, the key is encrypted and its range should not exceed 64 characters.
Command Mode: Global Mode
Usage Guide: The key is used on encrypted packet communication between the switch
and the TACACS+ server. The configured key must be in accordance with the one on the
TACACS+ server or else no correct TACACS+ authentication will be performed. It is
recommended to configure the authentication server key to ensure the data security.
Example: Configure test as the TACACS+ server authentication key.
Switch(config)#tacacs-server key 0 test
42.3 tacacs-server nas-ipv4
Command: tacacs-server nas-ipv4 <ip-address>
no tacacs-server nas-ipv4
Function: Configure the source IP address of TACACS+ packet sent by the switch; the
“no tacacs-server nas-ipv4” command deletes the configuration.
Parameter: <ip-address> is the source IP address of TACACS+ packet, in dotted
decimal notation, it must be a valid unicast IP address.
Default: No specific source IP address for TACACS+ packet is configured, the IP
address of the interface from which the TACACS+ packets are sent is used as source IP
address of TACACS+ packet.
Command Mode: Global Mode
Usage Guide: The source IP address must belongs to one of the IP interface of the
switch, otherwise an failure message of binding IP address will be returned when the
switch send TACACS+ packet. We suggest using the IP address of loopback interface as
source IP address, it avoids that the packets from TACACS+ server are dropped when
the interface link-down.
Example: Configure the source ip address of TACACS+ packet as 192.168.2.254.
Switch#tacacs-server nas-ipv4 192.168.2.254