Chapter 18
Configuring TACACS+
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
The following example shows how to configure global preshared keys:
switch# configure terminal
switch(config)# tacacs-server key 0 QsEfThUkO
switch(config)# exit
switch# show tacacs-server
switch# copy running-config startup-config
Configuring TACACS+ Server Preshared Keys
You can configure preshared keys for a TACACS+ server. A preshared key is a shared secret text string
between the Nexus 5000 Series switch and the TACACS+ server host.
To configure the TACACS+ preshared keys, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# tacacs-server host
{ipv4-address|ipv6-address|host-name}
key [0|7] key-value
Step 3
switch(config)# exit
Step 4
switch# show tacacs-server
Step 5
switch# copy running-config
startup-config
The following example shows how to configure the TACACS+ preshared keys:
switch# configure terminal
switch(config)# tacacs-server host 10.10.1.1 key 0 PlIjUhYg
switch(config)# exit
switch# show tacacs-server
switch# copy running-config startup-config
Configuring TACACS+ Server Groups
You can specify one or more remote AAA servers to authenticate users using server groups. All members
of a group must belong to the TACACS+ protocol. The servers are tried in the same order in which you
configure them.
You can configure these server groups at any time but they only take effect when you apply them to an
AAA service. For information on AAA services, see the
OL-16597-01
Purpose
Enters configuration mode.
Specifies a preshared key for a specific TACACS+
server. You can specify a clear text (0) or encrypted (7)
preshared key. The default format is clear text. The
maximum length is 63 characters.
This preshared key is used instead of the global
preshared key.
Exits configuration mode.
(Optional) Displays the TACACS+ server
configuration.
Note
The preshared keys are saved in encrypted
form in the running configuration. Use the
show running-config command to display the
encrypted preshared keys.
(Optional) Copies the running configuration to the
startup configuration.
"Remote AAA Services" section on page
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring TACACS+
16-2.
18-7