Specifications
Access Service Security 4-7
Communicating Between the Access Server and the Security Server
Communicating with a TACACS+ Server
To enable communication between the TACACS+ security (database) server and the access server,
enter the commands listed in Table 4-3.
For more information about these commands, refer to the Security Command Reference, available
online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
Table 4-3 Enabling Communication with a TACACS+ Server
Step Command Description
1 5300> enable
Password: <password>
5300#
Enter enable mode.
Enter the password.
You have entered enable mode when the
prompt changes to
5300#.
2 5300# configure terminal
Enter configuration commands, one per line. End
with CNTL/Z.
5300(config)#
Enter global configuration mode. You
have entered global configuration mode
when the prompt changes to
5300(config)#.
3 5300(config)# tacacs-server host alcatraz
Enter the IP address or host name of the
remote TACACS+ server host. The host
is typically a UNIX system running
TACACS+ software. In this example, the
host name is alcatraz.
4 5300(config)# tacacs-server key abra2cad
Enter a shared secret text string to be
used between the access server and the
TACACS+ server. The access server and
TACACS+ server use the shared secret
text string to encrypt passwords and
exchange responses. In this example, the
shared secret text string is abra2cad.
5 5300(config)# Ctrl-Z
5300#
%SYS-5-CONFIG_I: Configured from console by
console
5300#
Return to enable mode.
This message is normal and does not
indicate an error.
6 5300# copy running-config startup-config
Save the configuration changes to
NVRAM so that they are not lost during
resets, power cycles, or power outages.