Switch User Manual
Network OS Documentation Update 19
53-1002606-06
tacacs-server
2
tacacs-server
Applies attributes to the TACACS+ server.
Synopsis tacacs-server host hostname |ip-address [port portnum] [protocol chap | pap]
[key shared_secret_ key] [timeout secs] [retries num]
no tacacs-server hostname|ip-address
Operands host Identifies the TACACS+ server by host name or IP address.
hostname Specifies the domain name of the TACACS+ server. The maximum supported
length for the TACACS+ hostname is 40 characters.
ip-address Specifies the IP address of the TACACS+ server. Only IPv4 is supported.
port The authentication port.
portnum Specifies the TCP port used to connect the TACACS+ server for
authentication. The default is 49.
protocol The authentication protocol to be used.
chap| pap Specifies the authentication protocol. Options include CHAP and PAP. The
default is CHAP.
key The shared secret between the switch and the TACACS+ server.
shared_secret_key
The text string that is used as the shared secret between the switch and the
TACACS+ server to make the message exchange secure. The default is
sharedsecret. The exclamation mark (!) is supported by in the radius/tacacs+
and you can specify the password in either double quotes or the escape
character (\), for example "secret!key" or secret\!key.
timeout The time to wait for the TACACS+ server to respond.
secs Specifies the timeout value, in seconds. The default is 5 seconds.
retries The number of times the switch tries to connect to a TACACS+ server.
num Specifies the number of tries to connect to a TACACS+ server. The default is 5
attempts.
Defaults Following are the default values of the global settings:
• host—There is no default for the host.
• port—TCP port 49
• protocol—CHAP
• key—sharedsecret
• timeout—5
• retries—5
Command
Modes
Global configuration mode
Description Use this command to configure attributes on the TACACS+ server.