Chapter4 Con figuring the CSS as a Client of a TACACS+ Server
Defining a TACACS+ Server
4-10
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Defining this option overrides the tacacs-server key command. For more
information on defining a global encryption key, see the “Defining a Global
Encryption Key” section.
•primary - (Optional) Assigns the TACACS+ server precedence over the
other configured servers. You can specify only one primary server.
•frequency number - (Optional) Allows you to set the keepalive frequency for
the specified TACACS+ server. The default number variable is 5 seconds.
The range for the variable is 0 to 255. A setting of 0 disables keepalives.
Defining this option overrides the tacacs-server frequency command.
Note If you need to change a timeout period or the shared secret for a specific server,
you must delete the server and redefine it with the updated parameter.
For example, to define a primary TACACS+ server at IP address 192.168.11.1
with a default port of 49, a timeout period of 12 seconds, a clear text shared secret
of summary, and a keepalive frequency of 10 seconds, enter:
#(config) tacacs-server 192.168.11.1 12 20 “summary” primary frequency 10
To delete a TACACS+ server at IP address 192.168.11.1 with a default port of 49,
enter:
#(config) no tacacs-server 192.168.11.1 49
After configuring the TACACS+ server, enable TACACS+ authentication for
console and virtual logins (if the username and password pair is not in the local
user database) through the virtual authentication and console authentication
commands. See Chapter 1, Controlling CSS Access for information about the two
commands.