Chapter 4 Configuring the CSS as a Client of a TACACS+ Server
Defining a TACACS+ Server
Note For general guidelines on the recommended setup of a TACACS+ server (the Cisco Secure Access Control Server in this example), see the “TACACS+ Configuration Quick Start” section.
To apply a TACACS+ global attribute, such as the timeout period, keepalive frequency, or shared secret, to a TACACS+ server, you must configure the global attribute before you configure the server. To apply a modified global attribute to a configured CSS TACACS+ server, remove the server and reconfigure it.
Use the
The syntax for this global configuration command is:
The variables and options for this command are as follows:
•ip_address - The IP address of the TACACS+ server. Enter the IP address in
•port - The TCP port of TACACS+ server. The default port is 49. You can enter a port number from 1 to 65535.
•timeout - (Optional) The amount of time to wait for a response from the server. Enter a number from 1 to 255. The default is 5 seconds. Defining this option overrides the
•“cleartext_key”des_key - (Optional) The shared secret between the CSS and the server. You must define an encryption key to encrypt TACACS+ packet transactions between the CSS and the TACACS+ server. If you do not define an encryption key, packets are not encrypted.
The shared secret value is identical to the one on the TACACS+ server. The shared secret key can be either clear text entered in quotes or the
|
| Cisco Content Services Switch Security Configuration Guide |
|
|
|
|
| ||
|
|
|
| |
|
|
|
