Deleting a per-server encryption key

To delete a per-server encryption key in the switch, re-enter the tacacs-server host command without the key parameter. For example, if you have north01 configured as the encryption key for a TACACS+ server with an IP address of and you want to eliminate the key, you would use this command:

switch(config)# tacacs-server host

You can save the encryption key in a configuration file by entering this command:

switch(config)# tacacs-server key <keystring>

The <keystring > parameter is the encryption key in clear text.


The show tacacs command lists the global encryption key, if configured. However, to view any configured per-server encryption keys, you must use show config or show config running (if you have made TACACS+ configuration changes without executing write mem).