tacacs-server

Administration Commands : tacacs-server

tacacs-server

Description

Use the tacacs-server command to configure hosts TACACS+ server settings for user authentication.

Syntax

tacacs-server host <IP address> [auth-port <port>] [auth-type {ascii | pap}] [key <string>] [retransmit <0..3>] [timeout <1..15>]

tacacs-server {key <string> | retransmit <0..3> | timeout <1..15>}

no tacacs-server host <IP address> [auth-port <port>]

no tacacs-server {key | retransmit | timeout}

Arguments

host <IP address>

Configures host, at specified IP address, to send TACACS+ authentication requests.

Use the no form of this command to stop sending TACACS+ authentication requests to host.

auth-port <port>

Specifies the authentication port to use with this TACACS+ server.

Use the no form of this command to stop sending TACACS+ authentication requests to the authentication port.

auth-type {ascii | pap}

Specifies the authentication type to use with this TACACS+ server. The options are:

•

ascii – ASCII authentication

•

pap – PAP (Password Authentication Protocol) authentication

key <string>

Specifies the shared secret key to use with this TACACS+ server.

Use the no form of this command to remove the global TACACS+ server key.

retransmit <0..3>

Specifies the maximum number of retries that can be made in the attempt to connect to this TACACS+ server. The range is 0 to 3.

Use the no form of this command to reset the global TACACS+ server retransmit count to its default.

timeout <1..15>

Specifies the number of seconds to wait before the connection times out with this TACACS+ server, because of keyboard inactivity. The range is 1 to 15 seconds.

Use the no form of this command to reset the global TACACS+ server timeout setting to its default.

Defaults

None.

Command Mode

Global Configuration Mode

See Also

See “show tacacs”.

Usage Guidelines

When you don’t specify a host IP, then configurations for host, key, and retransmit are global for TACACS+ servers.

Examples

To define the TACACS+ shared secret as “mysecret”:

(config) # tacacs-server key mysecret

To specify that the TACACS+ server with the IP address of 10.10.10.10 uses PAP authentication and tries to retransmit a maximum of 9 times:

(config) # (config) # tacacs-server host 10.10.10.10 auth-type pap retransmit 9

To reset, to its default, the number of seconds after which the TACACS+ server times out after keyboard inactivity:

(config) # no tacacs-server timeout

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.