9-22
Using Passwords and TACACS+ To Protect Against Una uthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Using Passwords and
TACACS+
Adding, Removing, or Changing the Priority of a TACACS+ Server.
Suppose that the switch was already configured to use TACACS+ servers at
10.28.227.10 and 10.28.227.15. In this case, 10.28.227.15 was entered first, and
so is listed as the first-choice server:
Figure 9-4. Example of the Switch with Two TACACS+ Server Addresses
Configured
To move the "first-choice" status from the "15" server to the "10" server, use
the no tacacs-server host <ip-addr> command to delete both servers, then use
tacacs-server host <ip-addr> to re-enter the "10" server first, then the "15" server.
The servers would then be listed with the new "first-choice" server, that is:
Figure 9-5. Example of the Switch After Assigning a Different "First-Choice" Server
timeout <1. . 255> 5 sec 1 - 255 sec
Specifies how long the switch waits for a TACACS+ server to respond to an authen tication request. If the switch does
not detect a response within the timeout period, it initiates a new request to the next TACACS+ server in the list. If al l
TACACS+ servers in the list fail to respond within the timeout period, the switch uses either local authen tication (if
configured) or denies access (if none configured for local authentication).
Name Default Range
First-Choice TACACS+ Server
The "10" server is now the "first-choice" TACACS+ authentication device.