Operation Manual
Configuring Network Security AAA Configuration
Configuration Guide
593
Switch#copy running-config startup-config
Adding TACACS+ Server
Follow these steps to add TACACS+ server on the switch:
Step 1 configure
Enter global configuration mode.
Step 2 tacacs-server host
ip-address
[ port
port-id
] [ timeout
time
] [ key { [ 0 ]
string
| 7
encrypted-string
} ]
Add the RADIUS server and configure the related parameters as needed.
host
ip-address
:
Enter the IP address of the server running the TACACS+ protocol.
port
port-id
:
Specify the TCP destination port on the TACACS+ server for
authentication requests. The default setting is 49.
timeout
time
:
Specify the time interval that the switch waits for the server to reply
before resending. The valid values are from 1 to 9 seconds and the default setting is
5 seconds.
key { [ 0 ]
string
| 7
encrypted-string
}: Specify the shared key. 0 and 7 represent the
encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a
symmetric encrypted key with a fixed length will follow. By default, the encryption
type is 0.
string
is the shared key for the switch and the server, which contains 31
characters at most.
encrypted-string
is a symmetric encrypted key with a fixed
length, which you can copy from the conguration le of another switch. The key or
encrypted-key you congured here will be displayed in the encrypted form.
Step 3 show tacacs-server
Verify the configuration of TACACS+ server.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to add a TACACS+server on the switch. Set the IP
address of the server as 192.168.0.20, the authentication port as 49, the shared key as
123456, and the timeout as 8 seconds.
Switch#configure
Switch(config)#tacacs-server host 192.168.0.20 auth-port 49 timeout 8 key 123456
Switch(config)#show tacacs-server
Server Ip Port Timeout Shared key
192.168.0.20 49 8 123456
Switch(config)#end