
Chapter 4 Configuring the CSS as a Client of a TACACS+ Server
Defining a TACACS+ Server
Defining this option overrides the
•primary - (Optional) Assigns the TACACS+ server precedence over the other configured servers. You can specify only one primary server.
•frequency number - (Optional) Allows you to set the keepalive frequency for the specified TACACS+ server. The default number variable is 5 seconds. The range for the variable is 0 to 255. A setting of 0 disables keepalives. Defining this option overrides the
Note If you need to change a timeout period or the shared secret for a specific server, you must delete the server and redefine it with the updated parameter.
For example, to define a primary TACACS+ server at IP address 192.168.11.1 with a default port of 49, a timeout period of 12 seconds, a clear text shared secret of summary, and a keepalive frequency of 10 seconds, enter:
#(config)
To delete a TACACS+ server at IP address 192.168.11.1 with a default port of 49, enter:
#(config) no tacacs-server 192.168.11.1 49
After configuring the TACACS+ server, enable TACACS+ authentication for console and virtual logins (if the username and password pair is not in the local user database) through the virtual authentication and console authentication commands. See Chapter 1, Controlling CSS Access for information about the two commands.
| Cisco Content Services Switch Security Configuration Guide |
|