Users Guide
Version Description
9.7(0.0) Introduced on the S6000–ON.
9.0.2.0 Introduced on the S6000.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.4.1.0 Added support for IPv6.
8.3.7.0 Introduced on the S4810.
7.7.1.0 Authentication key length increased to 42 characters.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
pre-6.2.1.1 Introduced on the E-Series.
Usage Information
To list multiple TACACS+ servers to be used by the aaa authentication login command, congure
this command multiple times.
If you are not conguring the switch as a TACACS+ server, you do not need to congure the port,
timeout and key optional parameters. If you do not congure a key, the key assigned in the tacacs-
server key command is used.
You can use duplicate host names or IP addresses among TACACS groups. However, you cannot use
duplicate host names or IP addresses within the same TACACS group.
If a VRF is not congured on the TACACS group, then servers congured in the group are considered to be
on the default VRF. TACACS servers that are congured in the CONFIGURATION mode are also considered
to be on the default VRF.
For AAA servers to use a group of TACACS servers, you must explicitly congure the group using the aaa
tacacs group group-name command. The order in which the TACACS servers are tried depends on
the order in which they are congured.
Example
Dell(conf)#tacacs-server group group1
Dell(conf-tacacs-group)#tacacs-server host 1.1.1.1 key secret
Dell(conf-tacacs-group)#no tacacs-server host 1.1.1.1
Related Commands
aaa authentication login — species the login authentication method.
tacacs-server key — congures a TACACS+ key for the TACACS server.
tacacs-server key
Congure a key for communication between a TACACS+ server and a client.
Syntax
tacacs-server key [encryption-type] key
To delete a key, use the no tacacs-server key key command.
Parameters
encryption-type (OPTIONAL) Enter either zero (0) or 7 as the encryption type for the key entered.
The options are:
1556
Security