Configuring TACACS+
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
To configure TACACS+ server groups, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# aaa group server tacacs+
group-name
Step 3
switch(config-tacacs+)# server
{ipv4-address|ipv6-address|host-name}
Step 4
switch(config-tacacs+)# deadtime minutes
Step 5
switch(config-tacacs+)# exit
Step 6
switch(config)# show tacacs-server
groups
Step 7
switch(config)# copy running-config
startup-config
The following example shows how to configure a TACACS+ server group:
switch# configure terminal
switch(config)# aaa group server tacacs+ TacServer
switch(config-tacacs+)# server 10.10.2.2
switch(config-tacacs+)# deadtime 30
switch(config-tacacs+)# exit
switch(config)# show tacacs-server groups
switch(config)# copy running-config startup-config
Specifying a TACACS+ Server at Login
You can configure the switch to allow the user to specify which TACACS+ server to send the authenticate
request by enabling the directed-request option. By default, a Nexus 5000 Series switch forwards an
authentication request based on the default AAA authentication method. If you enable this option, the
user can log in as username@hostname, where hostname is the name of a configured RADIUS server.
Note
User specified logins are only supported for Telnet sessions.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
18-8
Chapter 18
Purpose
Enters configuration mode.
Creates a TACACS+ server group and enters the
TACACS+ server group configuration mode for that
group.
Configures the TACACS+ server as a member of the
TACACS+ server group.
Tip
If the specified TACACS+ server is not found,
configure it using the tacacs-server host
command and retry this command.
(Optional) Configures the monitoring dead time. The
default is 0 minutes. The range is from 0 through 1440.
Note
If the dead-time interval for a TACACS+
server group is greater than zero (0), that value
takes precedence over the global dead-time
value.
Exits configuration mode.
(Optional) Displays the TACACS+ server group
configuration.
(Optional) Copies the running configuration to the
startup configuration.
Configuring TACACS+
OL-16597-01