© Copyright Lenovo 2017
Table 154.
TACACS+ Server Configuration Options (continued)
Command Syntax and Usage
tacacsserver secondaryhost {<hostname>|<IP address>} key
<1‐32 characters>
Sets the secondary TACACS+ server address and the shared secret between the
switch and the TACACS+ server(s).
Command mode: Global configuration
tacacsserver secondaryhost [dataport|mgtport]
Defines the secondary interface port to use to send TACACS+ server requests.
Select the port to use for data transfer.
Command mode: Global configuration
no tacacsserver secondaryhost [key]
Deletes the secondary TACACS+ server. The key option only removes the
shared secret between the switch and the TACACS+ server.
Command mode: Global configuration
[no] tacacsserver securebackdoor
Enables or disables TACACS+ secure back door access through Telnet,
SSH/SCP or HTTP/HTTPS only when the TACACS+ servers are not
responding.
This feature is recommended to permit access to the switch when the
TACACS+ servers become unresponsive. If no back door is enabled, the only
way to gain access when TACACS+ servers are unresponsive is to use the back
door via the console port.
The default is disabled.
Command mode: Global configuration
tacacsserver timeout <4‐15>
Sets the amount of time, in seconds, before a TACACS+ server authentication
attempt is considered to have failed. The default is 5 seconds.
Command mode: Global configuration
tacacsserver usermapping <0‐15> {user|oper|admin}
Maps a TACACS+ authorization level to a switch user level. Enter a TACACS+
authorization level (0‐15), followed by the corresponding switch user level.
Command mode: Global configuration
no tacacsserver usermapping <0‐15>
Removes a TACACS+ authorization level.
Command mode: Global configuration
ip tacacs sourceinterface loopback <1‐5>
Sets the TACACS+ source loopback interface.
Command mode: Global configuration
Chapter 4: Configuration Commands
361