Specifications
3-374
Cisco Wide Area Application Services Command Reference
OL-11817-01
Chapter 3 CLI Commands
(config) tacacs
(config) tacacs
To configure TACACS+ server parameters on a WAAS device, use the tacacs command in global
configuration mode. To disable individual options, use the no form of this command.
tacacs {host {hostname | ip-address} [primary] | key keyword | password ascii | retransmit retries
| timeout seconds}
Syntax Description
Defaults keyword: none (empty string)
timeout seconds: 5
retries: 2
password: The default password type is PAP.
Command Modes global configuration
Device Modes application-accelerator
central-manager
Usage Guidelines One primary and two backup TACACS+ servers can be configured on a WAAS device; authentication is
attempted on the primary server first, then on the others in the order in which they were configured. The
primary server is the first server configured unless another is explicitly specified as primary with the
tacacs host hostname primary command.
TACACS+ uses the standard port (port 49) for communication, based on the specified service. Using the
tacacs command, configure the TACACS+ key, number of retransmits, server hostname or IP address,
and timeout.
To enable user authentication with a TACACS+ server, use the authentication global configuration
command. (See the
“(config) authentication” command.)
host Specifies a server address.
hostname Hostname of the TACACS+ server.
ip-address IP address of the TACACS+ server.
primary (Optional) Sets the server as the primary server.
key Sets the security word.
keyword Keyword. An empty string is the default.
password ascii Specifies ASCII as the TACACS+ password type.
retransmit Sets the number of times that requests are retransmitted to a server.
retries Number of retry attempts allowed (1–3). The default is 2 retry attempts.
timeout Sets the number of seconds to wait before a request to a server is timed out.
seconds Timeout in seconds (1–20). The default is 5 seconds.