Use the tacacs-server command to configure hosts TACACS+ server settings for user authentication.tacacs-server host <IP address> [auth-port <port>] [auth-type {ascii | pap}] [key <string>] [retransmit <0..3>] [timeout <1..15>]
host <IP address> Configures host, at specified IP address, to send TACACS+ authentication requests.Use the no form of this command to stop sending TACACS+ authentication requests to host. auth-port <port> Use the no form of this command to stop sending TACACS+ authentication requests to the authentication port. auth-type {ascii | pap} Specifies the authentication type to use with this TACACS+ server. The options are:
• ascii – ASCII authentication
• pap – PAP (Password Authentication Protocol) authentication key <string> Use the no form of this command to remove the global TACACS+ server key. retransmit <0..3> Specifies the maximum number of retries that can be made in the attempt to connect to this TACACS+ server. The range is 0 to 3.Use the no form of this command to reset the global TACACS+ server retransmit count to its default. timeout <1..15> Specifies the number of seconds to wait before the connection times out with this TACACS+ server, because of keyboard inactivity. The range is 1 to 15 seconds.Use the no form of this command to reset the global TACACS+ server timeout setting to its default.When you don’t specify a host IP, then configurations for host, key, and retransmit are global for TACACS+ servers.(config) # tacacs-server key mysecretTo specify that the TACACS+ server with the IP address of 10.10.10.10 uses PAP authentication and tries to retransmit a maximum of 9 times:To reset, to its default, the number of seconds after which the TACACS+ server times out after keyboard inactivity:(config) # no tacacs-server timeout
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |