Version Description
7.7.1.0 Authentication key length increased to 42 characters.
7.6.1.0 Introduced on the S-Series.
7.5.1.0 Introduced on the C-Series.
pre-6.2.1.1 Introduced on the E-Series.
Usage
Information
To list multiple TACACS+ servers to be used by the aaa authentication login
command, configure this command multiple times.
If you are not configuring the switch as a TACACS+ server, you do not need to
configure the port, timeout and key optional parameters. If you do not
configure a key, the key assigned in the tacacs-server key command is used.
You can use duplicate host names or IP addresses among TACACS groups.
However, you cannot use duplicate host names or IP addresses within the same
TACACS group.
If a VRF is not configured on the TACACS group, then servers configured in the
group are considered to be on the default VRF. TACACS servers that are configured
in the CONFIGURATION mode are also considered to be on the default VRF.
For AAA servers to use a group of TACACS servers, you must explicitly configure
the group using the aaa tacacs group group-name command. The order in
which the TACACS servers are tried depends on the order in which they are
configured.
Example
Dell(conf)#tacacs-server group group1
Dell(conf-tacacs-group)#tacacs-server host 1.1.1.1 key secret
Dell(conf-tacacs-group)#no tacacs-server host 1.1.1.1
Related
Commands
aaa authentication login — specifies the login authentication method.
tacacs-server key — configures a TACACS+ key for the TACACS server.
tacacs-server key
Configure a key for communication between a TACACS+ server and a client.
Syntax
tacacs-server key [encryption-type] key
To delete a key, use the no tacacs-server key key command.
Parameters
encryption-
type
(OPTIONAL) Enter either zero (0) or 7 as the encryption type
for the key entered. The options are:
• 0 is the default and means the key is not encrypted and
stored as clear text.
• 7 means that the key is encrypted and hidden.
Security
1405
