Dell Command Line Reference Guide for the S4048–ON System 9.14.2.5

PDF

tacacs-server host

Specify a TACACS+ host.

Syntax
tacacs-server host {hostname | ipv4-address | ipv6-address} [port number] [timeout seconds] [key key]
Parameters
hostname
Enter the name of the TACACS+ server host.
ipv4-address | ipv6-address
Enter the IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) of the TACACS+ server host.
port number
(OPTIONAL) Enter the keyword port then a number as the port to be used by the TACACS+ server. The range is from zero (0) to 65535. The default is 49.
timeout seconds
(OPTIONAL) Enter the keyword timeout then the number of seconds the switch waits for a reply from the TACACS+ server. The range is from 0 to 1000. The default is 10 seconds.
key key

(OPTIONAL) Enter the keyword key then a string up to 42 characters long as the authentication key. This authentication key must match the key specified in the tacacs-server key for the TACACS+ daemon.

Defaults
Not configured.
Command Modes
CONFIGURATION
Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC Networking OS Command Line Reference Guide.

Version
Description
9.10(0.1)
Introduced on the S6010-ON and S4048T-ON.
9.10(0.0)
Introduced on the S3148.
9.10(0.0)
Introduced on the S6100-ON.
9.8(2.0)
Introduced on the S3100 series.
9.8(1.0)
Introduced on the Z9100-ON.
9.8(0.0P5)
Introduced on the S4048-ON.
9.8(0.0P2)
Introduced on the S3048-ON.
9.7(0.0)
Introduced on the S6000–ON.
9.2(1.0)
Introduced on the Z9500.
9.0.2.0
Introduced on the S6000.
8.3.19.0
Introduced on the S4820T.
8.3.11.1
Introduced on the Z9000.
8.4.1.0
Added support for IPv6.
8.3.7.0
Introduced on the S4810.
7.7.1.0
Authentication key length increased to 42 characters.
7.6.1.0
Introduced on the S-Series.
7.5.1.0
Introduced on the C-Series.
pre-6.2.1.1
Introduced on the E-Series.
Usage Information

To list multiple TACACS+ servers to be used by the aaa authentication login command, configure this command multiple times.

If you are not configuring the switch as a TACACS+ server, you do not need to configure the port, timeout and key optional parameters. If you do not configure a key, the key assigned in the tacacs-server key command is used.

You can use duplicate host names or IP addresses among TACACS groups. However, you cannot use duplicate host names or IP addresses within the same TACACS group.

If a VRF is not configured on the TACACS group, then servers configured in the group are considered to be on the default VRF. TACACS servers that are configured in the CONFIGURATION mode are also considered to be on the default VRF.

For AAA servers to use a group of TACACS servers, you must explicitly configure the group using the aaa tacacs group group-name command. The order in which the TACACS servers are tried depends on the order in which they are configured.

Example
DellEMC(conf)# tacacs-server group group1 
DellEMC(conf-tacacs-group)# tacacs-server host 1.1.1.1 key secr-et 
DellEMC(conf-tacacs-group)# no tacacs-server host 1.1.1.1
DellEMC(conf-tacacs-group)#
Related Commands

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\