Tacacs-server – Brocade Network OS Command Reference v4.1.0 User Manual
Page 1341
Network OS Command Reference
1303
53-1003115-01
tacacs-server
2
tacacs-server
Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.
Synopsis
tacacs-server host {hostname |ip-address} [port portnum] [protocol {chap| pap}]
[key shared_secret] [encryption-level value_level] [timeout secs] [retries num]
no tacacs-server {hostname |ip-address}
Operands
host {hostname |ip-address}
Specifies the IP address or domain name of the TACACS+ server. IPv4 and
IPv6 addresses are supported.
port portnum
Specifies the authentication port. Valid values range from 0
through 65535. The default is 49.
protocol {chap | pap} Specifies the authentication protocol. Options include CHAP and PAP. The
default is CHAP.
key shared_secret
Specifies the text string that is used as the shared secret between the
switch and the TACACS+ server to make the message exchange secure.
The key must be between 8 and 40 characters in length. The default key is
sharedsecret. The exclamation mark (!) is supported both in RADIUS and
TACACS+ servers, and you can specify the password in either double quotes
or the escape character (\), for example "secret!key" or secret\!key.
encryption-level value_level
Designates the encryption level for the shared secret key operation. This
operand supports JITC certification and compliance. The range of valid
values is from 0 through 7, with 0 being clear text and 7 being the most
heavily encrypted.
timeout secs
Specifies the time to wait for the TACACS+ server to respond. The default
is 5 seconds.
retries num
Specifies the number of attempts allowed to connect to a TACACS+ server.
The default is 5 attempts.
Defaults
Refer to the Operands for specific defaults.
Command Modes
Global configuration mode
Description
Use this command to configure attributes on the TACACS+ server. If a TACACS+ server with the
specified IP address or host name does not exist, it is added to the server list. If the TACACS+
server already exists, this command modifies the configuration.
Usage Guidelines
The key parameter does not support an empty string.
Executing the no form of the tacacs-server command attributes resets the specified attributes to
their default values.
NOTE
Before downgrading to a Network OS version that does not support the encryption-level keyword,
set the value of this keyword to 0. Otherwise, the firmware download will throw an error that
requests this value be set to 0.