Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring Switch Authentication Features (Rev. 03)
Terminal Access Controller Access Control System Plus ()
© 2008 Foundry Networks, Inc.
Page 40 of 70
To set a list of up to five servers, repeat the command with the proper arguments for each server.
By default, the TCP port of the server is 49.
Command Syntax
device-name
(config)#
tacacs-server host
A.B.C.D
[
<port>
]
device-name
(config)#
no tacacs-server host A.B.C.D
Argument Description
A.B.C.D
IP address of the server.
port
(Optional). Specifies the TCP port number of the server. The port can
be set in the range of <1024-65535>.
Example
device-name
(config)#
tacacs-server host 192.168.0.5
Setting the Secret Key
The
tacacs-server key
command, in Global Configuration mode, specifies the encryption key for
encrypting and decrypting all traffic between the NAS and the server. The
no
form of
the command disables the shared secret key.
The user must configure the same key on the server for encryption to be successful.
Command Syntax
device-name
(config)#
tacacs-server key STRING
device-name
(config)#
no tacacs-server key
Argument Description
STRING
Shared secret key string (the same for NAS and server).
Example
device-name
(config)#
tacacs-server key NASSERVER
NOTE
The key configuration is not mandatory. When the secret key is not configured, the
unencrypted packets will be transmitted.
Unencrypted packets are intended for testing, and are not recommended for
normal use.
Setting the Server Timeout
The
tacacs-server timeout
command, in Global Configuration mode, sets a time in seconds the
NAS waits for a response from the daemon before it times out and declares an error. The
no
form
of the command restores this timeout to its default value.
By default, the timeout value is 15 seconds.