OS10 Enterprise Edition User Guide Release 10.4.0E(R3)


TACACS+ authentication

Configure a TACACS+ authentication server by entering the server's IP address or host name. You must also enter a text string for the key used to authenticate the OS10 switch on a TACACS+ host. The TCP port entry is optional.

TACACS+ provides greater data security by encrypting the entire protocol portion in a packet sent from the switch to an authentication server. RADIUS encrypts only passwords.

  • Configure a TACACS+ authentication server in CONFIGURATION mode. By default, a TACACS+ server uses TCP port 49 for authentication.
    tacacs-server host {
                                           hostname | 
                                           ip-address} key 
                                           authentication-key [auth-port 

Re-enter the tacacs-server host command multiple times to configure more than one TACACS+ server. If you configure multiple TACACS+ servers, OS10 attempts to connect in the order you configured them. An OS10 switch connects with the configured TACACS+ servers one at a time, until a RADIUS server responds with an accept or reject response.

Configure the global timeout used on all TACACS+ servers by using the tacacs-server timeout command. By default, OS10 times out an authentication attempt on a TACACS+ server after five seconds.
  • Enter the timeout value used to wait for an authentication response from TACACS+ servers in CONFIGURATION mode (1 to 1000 seconds; default 5).
    tacacs-server timout 

Configure TACACS+ server

OS10(config)# tacacs-server host key mysecret

View TACACS+ server configuration

OS10# show running-configuration
                                 tacacs-server host key mysecret

Delete TACACS+ server

OS10# no tacacs server host

Rate this content

Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\