Table of Contents
Advertisement
Default Configuration
The default is an empty string.
Command Mode
Global Configuration mode
User Guidelines
The tacacs-server key command accepts any printable characters for the key
except a question mark. Enclose the string in double quotes to include spaces
within the key. The surrounding quotes are not used as part of the name. The
CLI does not filter illegal characters and may accept entries up to the first
illegal character or reject the entry entirely.
If no encryption parameter is present, the key string is interpreted as an un-
encrypted shared secret.
Keys are always displayed in their encrypted form in the running
configuration.
In an Access-Request, encrypted passwords are sent using the RSA Message
Digest algorithm (MD5).
The encryption algorithm is the same across switches. Encrypted passwords
may be copied from one switch and pasted into another switch.
Command History
Updated in version 6.3.0.1 firmware.
Example
The following example sets the authentication encryption key.
console(config)#tacacs-server key "This is a key string"
console(config)#tacacs-server key 0 "This is a key string"
tacacs-server source-interface
Use the tacacs-server source-interface command to select the interface from
which to use the IP address in the source IP address field of transmitted
TACACS packets. Use the no form of the command to revert to the default
IP address.
949
Security Commands
Advertisement
Table of Contents
