Chapter 46 commands for tacacs, 1 tacacs-server authentication host, 2 tacacs-server key – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

46-1

Chapter 46 Commands for TACACS+

46.1 tacacs-server authentication host

Command: tacacs-server authentication host <ip-address> [port <port-number>] [timeout

<seconds>] [key <string>] [primary]

no tacacs-server authentication host <ip-address>

Function: Configure the IP address, listening port number, the value of timeout timer and the key string

of the TACACS+ server; the no form of this command deletes TACACS+ authentication server.

Parameter: <ip-address> is the IP address of the server;<port-number> is the listening port number of

the server, the valid range is 0~65535, amongst 0 indicates it will not be an authentication server;

<seconds> is the value of TACACS+ authentication timeout timer, shown in seconds and the valid range

is 1~60; key <string> is the key string, containing maximum 16 characters; primary indicates it’s a

primary server.

Command Mode: Global Mode

Default: No TACACS+ authentication configured on the system by default.

Usage Guide: This command is for specifying the IP address, port number, timeout timer value and the

key string of the TACACS+ server used on authenticating with the switch. The parameter port is for

define an authentication port number which must be in accordance with the authentication port number of

specified TACACS+ server which is 49 by default. The parameters key and timeout is used to configure

the self-key and self-timeout, if the switch is not configure the timeout<seconds> and key<string>, it will

use the global value and key by command tacacs-server timeout<seconds> and tacacs-server key

<string>. This command can configure several TACACS+ servers communicate with the switch. The

configuration sequence will be used as authentication server sequence. And in case primary is

configured on one TACACS+ server, the server will be the primary server.

Example: Configure the TACACS+ authentication server address to 192.168.1.2, and use the global

configured key.

Switch(config)#tacacs-server authentication host 192.168.1.2

46.2 tacacs-server key

Command: tacacs-server key <string>

no tacacs-server key

Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command

deletes the TACACS+ server key.

Parameter: <string> is the character string of the TACACS+ server key, containing maximum 16

characters.

Command Mode: Global Mode

Usage Guide: The key is used on encrypted packet communication between the switch and the

TACACS+ server. The configured key must be in accordance with the one on the TACACS+ server or

else no correct TACACS+ authentication will be performed. It is recommended to configure the

authentication server key to ensure the data security.