Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentEngine 611
581582583584585586587588589590
3-538
Cisco Wide Area Application Services Command Reference
OL-16451-01
Chapter 3 CLI Commands
(config) tacacs
string is the default. All leading spaces are ignored; spaces within and at the end of the key string are not
ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves
are part of the key.
The tacacs timeout is the number of seconds that the WAAS device waits before declaring a timeout on
a request to a particular TACACS+ server. The range is from 1 to 20 seconds, with 5 seconds as the
default. The number of times that the WAAS device repeats a retry-timeout cycle before trying the next
TACACS+ server is specified by the tacacs retransmit command. The default is two retry attempts.
Three unsuccessful login attempts are permitted. TACACS+ logins may appear to take more time than
local logins depending on the number of TACACS+ servers and the configured timeout and retry values.
Use the tacacs password ascii command to specify the TACACS+ password type as ASCII. The default
password type is PAP (Password Authentication Protocol).When the no tacacs password ascii
command is used to disable the ASCII password type, the password type is once again reset to PAP.
Examples The following example shows how to configure the key used in encrypting packets:
WAE(config)# tacacs key human789
The following example shows how to configure the host named spearhead as the primary TACACS+
server:
WAE(config)# tacacs host spearhead primary
The following example shows how to set the timeout interval for the TACACS+ server:
WAE(config)# tacacs timeout 10
The following example shows how to set the number of times that authentication requests are retried
(retransmitted) after a timeout:
WAE(config)# tacacs retransmit 5
The following example shows the password type to be PAP by default:
WAE# show tacacs
Login Authentication for Console/Telnet Session: enabled (secondary)
Configuration Authentication for Console/Telnet Session: enabled (secondary)
TACACS+ Configuration:
---------------------
TACACS+ Authentication is off
Key = *****
Timeout = 5
Retransmit = 2
Password type: pap
Server Status
---------------------------- ------
10.107.192.148 primary
10.107.192.168
10.77.140.77
You can configure the password type to be ASCII using the tacacs password ascii command. You can
then verify the changes using the show tacacs command.
WAE(config)# tacacs password ascii
WAE(config)# exit
WAE# show tacacs
Login Authentication for Console/Telnet Session: enabled (secondary)
Configuration Authentication for Console/Telnet Session: enabled (secondary)