Chapter 4 Configuring the CSS as a Client of a TACACS+ Server

Defining a TACACS+ Server

Defining this option overrides the tacacs-server key command. For more information on defining a global encryption key, see the “Defining a Global Encryption Key” section.

primary - (Optional) Assigns the TACACS+ server precedence over the other configured servers. You can specify only one primary server.

frequency number - (Optional) Allows you to set the keepalive frequency for the specified TACACS+ server. The default number variable is 5 seconds. The range for the variable is 0 to 255. A setting of 0 disables keepalives. Defining this option overrides the tacacs-server frequency command.

Note If you need to change a timeout period or the shared secret for a specific server, you must delete the server and redefine it with the updated parameter.

For example, to define a primary TACACS+ server at IP address 192.168.11.1 with a default port of 49, a timeout period of 12 seconds, a clear text shared secret of summary, and a keepalive frequency of 10 seconds, enter:

#(config) tacacs-server 192.168.11.1 12 20 “summary” primary frequency 10

To delete a TACACS+ server at IP address 192.168.11.1 with a default port of 49, enter:

#(config) no tacacs-server 192.168.11.1 49

After configuring the TACACS+ server, enable TACACS+ authentication for console and virtual logins (if the username and password pair is not in the local user database) through the virtual authentication and console authentication commands. See Chapter 1, Controlling CSS Access for information about the two commands.

 

Cisco Content Services Switch Security Configuration Guide

4-10

OL-5650-02

Page 92
Image 92
Cisco Systems OL-5650-02 manual #config no tacacs-server 192.168.11.1