Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

tacacs-server host

tacacs-server host

To specify a TACACS+ host server, use the tacacs-server host command in global configuration mode. To delete the specified name or address, use the no form of this command.

tacacs-server host host-name[port port-number] [timeout seconds] [key [0 7] auth-key]single-connection

no tacacs-server host host-name [port port-number]

Syntax Description host-name

Name or IP address of the TACACS+ server.

port port-number(Optional) Specifies a server port number. This option overrides the default, which is port 49. Valid port numbers range from 1 to 65535.

timeout seconds (Optional) Specifies a timeout value that sets the length of time the authentication, authorization, and accounting (AAA) server waits to receive a response from the TACACS+ server. This option overrides the global timeout value set with the tacacs-server timeout command for this server only. The valid timeout range is from 1 to 1000 seconds. Default is 5.

key [0 7] auth-key(Optional) Specifies an authentication and encryption key shared between the

AAAserver and the TACACS+ server. The TACACS+ packets are encrypted using this key. This key must match the key used by the TACACS+ daemon. Specifying this key overrides the key set by the tacacs-server key command for this server only.

(Optional) Entering 0 specifies that an unencrypted (clear-text) key follows.

(Optional) Entering 7 specifies that an encrypted key follows.

The auth-keyargument specifies the unencrypted key to be used between the AAA server and the TACACS+ server.

single-connection(Optional) Multiplexes all TACACS+ requests to this server over a single TCP connection. By default, a separate connection is used for each session.

Defaults

Command Modes

Command History

No TACACS+ host is specified.

The port keyword, if not specified, defaults to the standard port 49.

The timeout keyword, if not specified, defaults to 5 seconds.

Global configuration

Release

Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

 

 

Release 3.0

No modification.

 

 

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

 

 

Release 3.3.0

The show run command was modified to display the default values for both

 

the port keyword and the timeout keyword, if values are not specified.

 

 

Cisco IOS XR System Security Command Reference

SR-82

Page 82
Image 82
Cisco Systems XR manual Tacacs-server host, SR-82