Configuring Tacacs+ Server Groups - Cisco Nexus 5000 Series Configuration Manual

Configuring TACACS+ Server Groups

DETAILED STEPS
Command or Action
Step 1
switch# configure terminal
Step 2
switch(config)# tacacs-server host
{ipv4-address | ipv6-address | host-name}
key [0 | 7] key-value
Step 3 switch(config)# exit
Step 4 switch# show tacacs-server
Step 5 switch# copy running-config
startup-config
The following example shows how to configure the TACACS+ preshared keys:
switch# configure terminal
switch(config)# tacacs-server host 10.10.1.1 key 0 PlIjUhYg
switch(config)# exit
switch# show tacacs-server
switch# copy running-config startup-config
Configuring TACACS+ Server Groups
You can specify one or more remote AAA servers to authenticate users using server groups. All members of
a group must belong to the TACACS+ protocol. The servers are tried in the same order in which you configure
them.
You can configure these server groups at any time but they only take effect when you apply them to an AAA
service.
Before You Begin
You must use the feature tacacs+ command to enable TACACS+ before you configure TACACS+.
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
48
Purpose
Enters configuration mode.
Specifies a preshared key for a specific TACACS+ server. You can
specify a clear text ( 0 ) or encrypted ( 7 ) preshared key. The default
format is clear text. The maximum length is 63 characters.
This preshared key is used instead of the global preshared key.
Exits configuration mode.
(Optional)
Displays the TACACS+ server configuration.
The preshared keys are saved in encrypted form in the running
Note
configuration. Use the show running-config command to
display the encrypted preshared keys.
(Optional)
Copies the running configuration to the startup configuration.
Configuring TACACS+
OL-20919-01