9-20
Using Passwords and TACACS+ To Protect Against Una uthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Using Passwords and
TACACS+
Syntax:tacacs-server host <ip-addr>Adds a TACACS+ server and optionally
[key <key-string>] assigns a server-specific encryption key.
[no] tacacs-server host <ip-addr>Removes a TACACS+ server
assignment (including its server-
specific encryption key, if any).
tacacs-server key <key-string>Enters the optional global encryption key.
[no] tacacs-server key Removes th e optional global encryption
key. (Does not affect any server-specific
encryption key assignments.)
tacacs-server timeout <1 . . 255> Changes the wait period for a TACACS
server response. (Default: 5 seconds.)
Note on Encryption KeysEncryption keys configured in the switch must ex actly match the encryption
keys configured in TACACS+ servers the switch will attempt to use for
authentication.
If you configure a global encryption key, the switch uses it only with servers
for which you have not also configured a server-specific key. Thus, a global
key is more useful where the TACACS+ servers you are using all have an
identical key, and server-specific keys are necessary where different
TACACS+ servers have different keys.
If TACACS+ server “X” does not have an encryption key assigned for the
switch, then configuring either a global encryption key or a server-specific key
in the switch for server “X” will block authentication support from server “X”.