It is also possible to configure the encryption key used for TACACS+ separately using the tacacs-server key command. Specifying the encryption key with the tacacs-server host command overrides the default key set by the tacacs-server key command in global configuration mode for this server only. Note that this key is not encrypted when viewing the configuration text, therefore making it more important to protect any copies of the configuration file in printed or saved format.

The following example specifies a TACACS+ server with an IP address of

NAS(config)#tacacs-server host

The following example specifies that, for AAA confirmation, the access server consults the TACACS+ server with IP address on port number 49. The timeout value for requests on this connection is 3 seconds; the encryption key is seferea :

NAS(config)#tacacs-server host port 49 timeout 3 key seferea

0 0

Post a comment