Configuring Security Features on an External AAA Server
Step 3
switch(config)# no tacacs-server host host1.cisco.com
(Optional) Deletes the specified TACACS+ server identified by the DNS name. By default, no server is
configured.
Step 4
switch(config)# tacacs-server host host1.cisco.com port 2
Configures the TCP port for all TACACS+ requests.
Step 5
switch(config)# no tacacs-server host host1.cisco.com port 2
(Optional) Reverts to the factory default of using port 49 for server access.
Step 6
switch(config)# tacacs-server host host1.cisco.com key MyKey
Configures the TACACS+ server identified by the specified domain name and assigns the secret key.
Step 7
switch(config)# tacacs-server host host1.cisco.com timeout 25
Configures the timeout period for the switch to wait for a response from the specified server before it declares
a timeout failure.
Setting the Global Secret Key
You can configure global values for the secret key for all TACACS+ servers.
Note
• If secret keys are configured for individual servers, those keys override the globally configured key.
• You can use the dollar sign ($) and the percent sign (%) in global secret keys.
To set the secret key for TACACS+ servers, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# tacacs-server key 7 3sdaA3daKUngd
Assigns the global secret key (in encrypted format) to access the TACACS+ server. This example specifies
7 to indicate the encrypted format being used. If this global key and the individual server keys are not
configured, clear text messages are sent to the TACACS+ server(s).
Step 3
switch(config)# no tacacs-server key oldPword
(Optional) Deletes the configured global secret key to access the TACACS+ server and reverts to the factory
default of allowing access to all configured servers.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Setting the Global Secret Key
71