Optional global encryption key

Syntax

key <key-string>
    

Specifies the optional, global "encryption key" that is also assigned in the TACACS+ servers that the switch accesses for authentication. This option is subordinate to any "per-server" encryption keys you assign, and applies only to accessing TACACS+ servers for which you have not given the switch a "per-server" key.

You can configure a TACACS+ encryption key that includes a tilde (~) as part of the key, for example, "aruba~switch". It is not backward compatible; the "~" character is lost if you use a software version that does not support the "~" character

For more on the encryption key, see Encryption options in the switch and the documentation provided with your TACACS+ server application.

Configuring a global encryption key

To configure north01 as a global encryption key:

switch(config)#tacacs-server key north01

Configuring a per-server encryption key

To configure north01 as a per-server encryption key:

switch(config)#tacacs-server host 10.28.227.63 key north01

An encryption key can contain up to 100 characters, without spaces, and is case-sensitive in most TACACS+ server applications.