TACACS+ Authentication
Configuring TACACS+ on the Switch
TableName | Default | Range |
none | n/a |
This command specifies the IP address of a device running a TACACS+ server application. Optionally, it can also specify the unique,
You can enter up to three IP addresses; one
Use show tacacs to view the current IP address list.
If the
(See figure
The priority
1.When there are no TACACS+ servers configured, entering a server IP address makes that server the
2.When there is one TACACS+ serves already configured, entering another server IP address makes that server the
3.When there are two TACACS+ servers already configured, entering another server IP address makes that server the
•The above position assignments are fixed. Thus, if you remove one server and replace it with another, the new server assumes the priority position that the removed server had. For example, suppose you configured three servers, A, B, and C, configured in order:
•If you removed server B and then entered server X, the TACACS+ server order of priority would be:
•If there are two or more vacant slots in the TACACS+ server priority list and you enter a new IP address, the new address will take the vacant slot with the highest priority. Thus, if A, B, and C are configured as above and you (1) remove A and B, and (2) enter X and Y (in that order), then the new TACACS+ server priority list would be X, Y, and C.
•The easiest way to change the order of the TACACS+ servers in the priority list is to remove all server addresses in the list and then
To add a new address to the list when there are already three addresses present, you must first remove one of the currently listed addresses.
See also “General Authentication Process Using a TACACS+ Server” on page