Cisco 4700M Configuration Manual page 102
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
Setting the TACACS+ Server Parameters
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-32
You can use the tacacs-server host command to specify the TACACS+ server IP
address, encrypted key, destination port, and other options. You can define
multiple tacacs-server host commands to configure multiple TACACS+ servers.
The syntax of this command is as follows:
tacacs-server host ip_address [key shared_secret [0 shared_secret | 7
shared_secret]] [port port_number] [timeout seconds]
The arguments, keywords, and options are as follows:
ip_address —IP address for the TACACS+ server. Enter the address in
•
dotted-decimal IP notation (for example, 192.168.11.1).
key—(Optional) Enables an authentication key for communication between
•
the ACE and the daemon that runs on the TACACS+ server. The key is a text
string that must match the encryption key used on the TACACS+ server. This
key overrides the global setting of the tacacs-server key command. If you do
not specify a key, the global value is used. TACACS+ keys are always stored
in encrypted form in persistent storage. The running configuration also
displays keys in encrypted form.
shared_secret—Key used to authenticate communication between the
•
TACACS+ client and server. The shared secret must match the one configured
on the TACACS+ server. Enter the shared secret as a case-sensitive string
with no spaces and a maximum of 63 alphanumeric characters. Alternatively,
you can use spaces if you enclose the entire string in quotation marks.
0—(Optional) Configures a key specified in clear text (indicated by 0) to
•
authenticate communication between the TACACS+ client and server.
•
7—(Optional) Configures a key specified in encrypted text (indicated by 7)
to authenticate communication between the TACACS+ client and server.
port port_number—Specifies the TCP destination port for communicating
•
authentication requests to the TACACS+ server. By default, the TACACS+
authentication port is 49 (as defined in RFC 1492). If your TACACS+ server
uses a port other than 49, use the port keyword to configure the ACE for the
appropriate port prior to starting the TACACS+ service. The port_number
argument specifies the TACACS+ port number. Valid values are from 1 to
65535.
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01
Advertisement
Table of Contents
