Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-4015-08
121122123124125126127128129130
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server
Identifying the TACACS+ Server Host on the GSS
4-20
Cisco Global Site Selector Administration Guide
OL-5480-01
The variables and options for this global configuration command are:
ip_or_host—The IP address or host name of the TACACS+ server you want
to access. Enter an IP address in dotted-decimal notation (for example,
192.168.11.1) or a mnemonic host name (for example,
myhost.mydomain.com).
port port—(Optional) The TCP port of the TACACS+ server. The default
port is 49. You can enter a port number from 1 to 65535.
key encryption_key—(Optional) The shared secret between the GSS and the
TACACS+ server. If you want to encrypt TACACS+ packet transactions
between the GSS and the TACACS+ server, define an encryption key. If you
do not define an encryption key, the GSS transmits packets to the TACACS+
server in clear text. The range for the encryption key is 1 to 100 alphanumeric
characters.
For example, to configure three TACACS+ servers as 192.168.1.100:8877,
192.168.1.101:49 (using the default TCP port), and 192.168.1.102:9988 with
different shared secrets, enter:
gss1.example.com(config)# tacacs-server host 192.168.1.100 port 8877
key SECRET-123
gss1.example.com(config)# tacacs-server host 192.168.1.101 key
SECRET-456
gss1.example.com(config)# tacacs-server host 192.168.1.102 port 9988
key SECRET-789
Once configured, the IP address and port of a TACACS+ server cannot easily be
changed. To change the IP address and port of a TACACS+ server, you must first
delete the configured TACACS+ server, re-enter the TACACS+ server with a new
IP address and, if necessary, specify a new port number. Use the no form of the
tacacs-server-host command to delete an existing TACACS+ server from the
running configuration.
For example, to delete the TACACS+ server at IP address 192.168.1.101 with
default TCP port 49 from the running configuration, enter:
gss1.example.com(config)# no tacacs-server host 192.168.1.101
or
gss1.example.com(config)# no tacacs-server host 192.168.1.101 port 49
If you defined an encryption key, it is not necessary to include that key to delete
the TACACS+ server.