Cisco Systems XR manual Tacacs-server host, SR-82

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

tacacs-server host

tacacs-server host

To specify a TACACS+ host server, use the tacacs-server host command in global configuration mode. To delete the specified name or address, use the no form of this command.

tacacs-server host host-name[port port-number] [timeout seconds] [key [0 7] auth-key]single-connection

no tacacs-server host host-name [port port-number]

port port-number(Optional) Specifies a server port number. This option overrides the default, which is port 49. Valid port numbers range from 1 to 65535.

timeout seconds (Optional) Specifies a timeout value that sets the length of time the authentication, authorization, and accounting (AAA) server waits to receive a response from the TACACS+ server. This option overrides the global timeout value set with the tacacs-server timeout command for this server only. The valid timeout range is from 1 to 1000 seconds. Default is 5.

key [0 7] auth-key(Optional) Specifies an authentication and encryption key shared between the

AAAserver and the TACACS+ server. The TACACS+ packets are encrypted using this key. This key must match the key used by the TACACS+ daemon. Specifying this key overrides the key set by the tacacs-server key command for this server only.

(Optional) Entering 0 specifies that an unencrypted (clear-text) key follows.

(Optional) Entering 7 specifies that an encrypted key follows.

The auth-keyargument specifies the unencrypted key to be used between the AAA server and the TACACS+ server.

single-connection(Optional) Multiplexes all TACACS+ requests to this server over a single TCP connection. By default, a separate connection is used for each session.

Cisco IOS XR System Security Command Reference

SR-82