Optional, global "encryption key"

Syntax:


key <key-string>

Specifies the optional, global "encryption key" that is also assigned in the TACACS+ servers that the switch will access for authentication. This option is subordinate to any "per-server" encryption keys you assign, and applies only to accessing TACACS+ servers for which you have not given the switch a "per-server" key. (See the host <ip-addr> [key <key-string>] entry above.)

You can configure a TACACS+ encryption key that includes a tilde (~) as part of the key, for example, "hp~switch".

For more on the encryption key, see Using the encryption key and the documentation provided with your TACACS+ server application.

Configuring a host-specific key

switch(config)# tacacs-server host 10.10.10.2 key hp~networking

Use the show running-config command to display the key information.

The running config file showing the host-specific key for TACACS+ with the “~” included

switch(config)# show running-config

Running configuration:

; J9627A Configuration Editor; Created on release #XX.15.XX

hostname "Switch"
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-24
   ip address dhcp-bootp
   exit
banner motd "good morning
tacacs-server host 10.10.10.2 key "hp~networking"
snmp-server community "public" unrestricted