TACACS+ Commands

This chapter contains the following sections:

show tacacs default-config

To show the default Terminal Access Controller Access-Control System Plus (TACACS+) parameters, use the show tacacs default-config Privileged EXEC mode command.

Syntax

show tacacs default-config

Parameters

N/A

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show tacacs default-config
 Timeout|   Key
--------+---------
    20  | accounting12345

The following table describes the significant fields shown in the example:


Field	Description
Timeout	Default number of seconds that passes before the connection between the switch and the TACACS+ server times out.
Key	Default authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ server.

show tacacs

To show information for all TACACS+ servers defined on the switch, use the show tacacs Privileged EXEC mode command.

Syntax

show tacacs

Parameters

N/A

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show tacacs
Prio | Timeout |     IP Address    |  Port  |   Key
-----+---------+-----------------+--------+----------
    2 |     10   |       10.172.11.3 |     49 | acounting1234

The following table describes the significant fields shown in the example:


Field	Description
Prio	Priority of the TACACS+ server, where 0 has the highest priority.
Timeout	Number of seconds that passes before the connection between the switch and the TACACS+ server times out.
IP Address	IP address or hostname of the TACACS+ server.
Port	TCP port number of the TACACS+ server for authentication requests. The value of zero indicates that the host is not used for authentication.
Key	Key for authenticating and encrypting the TACACS+ communications between the switch and the TACACS+ server.

tacacs-server default-param

To define the default TACACS+ parameters, use the tacacs-server default-param Global Configuration mode command.

Syntax

tacacs-server default-param [key key-string] [timeout timeout]

Parameters

key key-string—(Optional) Specifies the key for authenticating and encrypting the TACACS+ communications between the switch and the TACACS+ server. This key must match the encryption used on the TACACS+ daemon. To specify an empty string, enter "". (Length: 0 to 128 characters)

timeout timeout—(Optional) Specifies the number of seconds that passes before the connection between the switch and the TACACS+ server times out. (Range: 1 to 30 seconds)

Default Configuration

N/A

Command Mode

Global Configuration mode

User Guidelines

The switch can be configured to use this default key or to use a key for an individual server. If you set a default key and a key string for an individual TACACS+ server, the key string configured for the individual TACACS+ server takes precedence.

Example

The following example sets accounting12345 as the authentication and encryption key for all TACACS+ servers:

switchxxxxxx(config)# tacacs-server default-param key accounting12345

tacacs-server host

To define a TACACS+ host, use the tacacs-server host Global Configuration mode command.

To delete a TACACS+ host, use the no form of this command.

Syntax

tacacs-server host {ip-address | hostname} [key key-string] [port port-number] [priority priority] [timeout timeout]

no tacacs-server host {ip-address | hostname}

Parameters

ip-address—IP address of the TACACS+ server.

hostname—Hostname of the TACACS+ server.

key key-string—(Optional) Specifies the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ server. This key must match the encryption used on the TACACS+ daemon. To specify an empty string, enter "".

port port-number—(Optional) Specifies the TCP port number through which the TACACS+ session occurs. If the port number is set to 0, the host is not used for authentication. (Range: 0 to 65535, default: 49)

priority priority—(Optional) Specifies the priority of the TACACS+ server, where 0 is the highest priority and will be used first. If the switch cannot establish a session with the highest priority server, the switch will try the next priority server. (Range: 0 to 65535)

timeout timeout—(Optional) Specifies the number of seconds that passes before the connection between the switch and the TACACS+ server times out. (Range: 1 to 30)

Default Configuration

No TACACS+ host is specified.

If key-string is not specified, the global value (set in the tacacs-server default-param command) is used.

If timeout is not specified, the global value (set in the tacacs-server default-param command) is used.

If a parameter was not set in one of the above commands, the default for that command is used. For example, if a timeout value was not set in the current command or in the tacacs-server default-param command, the default timeout set in the tacacs-server default-param command is used.

Command Mode

Global Configuration mode

User Guidelines

Multiple tacacs-server host commands can be used to specify multiple hosts.

Example

switchxxxxxx(config)# tacacs-server host tacassrv1 priority 20 timeout 20

Cisco 220 Series Smart Switches Command Line Interface Reference Guide

Bias-Free Language

Results

Chapter: TACACS+ Commands

TACACS+ Commands

show tacacs default-config

Syntax

Parameters

Default Configuration

Command Mode

Example

show tacacs

Syntax

Parameters

Default Configuration

Command Mode

Example

tacacs-server default-param

Syntax

Parameters

Default Configuration

Command Mode

User Guidelines

Example

tacacs-server host

Syntax

Parameters

Default Configuration

Command Mode

User Guidelines

Example

Was this Document Helpful?

Contact Cisco