tacacs-server key

Syntax

tacas-server key {plaintext <GLOBAL-PASSKEY> | ciphertext <GLOBAL-PASSKEY>}

no tacacs-server key

Description

Creates or modifies a TACACS+ global passkey. The TACACS+ global passkey is used as a shared-secret for encrypting the communication between all TACACS+ servers and the switch. The TACACS+ global passkey is required for authentication unless local passkeys have been set. By default, the TACACS+ global passkey is empty. If the administrator has not set this key, the switch will not be able to perform TACACS+ authentication. The switch will instead rely on the authentication mechanism configured with aaa authentication login default.

The no form of the command removes the global passkey.

Command context

config

Parameters

plaintext <GLOBAL-PASSKEY>
Specifies the TACACS+ global passkey in plaintext format with a length of 1 to 31 characters. As per RFC 2865, shared-secret can be a mix of alphanumeric and special characters.
ciphertext <GLOBAL-PASSKEY>

Specifies the TACACS+ global passkey in encrypted format.

Authority

Administrators

Examples

Adding the global passkey:

switch(config)# tacacs-server key plaintext mypasskey123

Removing the global passkey:

switch(config)# no tacacs-server key