Configuring Default TACACS+ Parameters

The TACACS+ page enables configuring TACACS+ servers.

Only users who have privilege level 15 on the TACACS+ server can administer the switch.

To configure TACACS+ server parameters:

  1. Click Security > TACACS+. The TACACS+ page displays.
  2. Enter the default Key String used for communicating with all TACACS+ servers. The switch can be configured to use this key or to use a key entered for an specific server (entered in the Add TACACS+ Server page).

If you do not enter a key string in this field, the server key entered in the Add TACACS+ Server page must match the encryption key used by the TACACS+ server.

If you enter both a key string here and a key string for an individual TACACS+ server, the key string configured for the individual TACACS+ server takes precedence.

  1. In the Timeout for Reply field, enter the amount of time that passes before the connection between the switch and the TACACS+ server times out. If a value is not entered in the Add TACACS+ Server page for a specific server, the value is taken from this field.
  2. Click Apply. The TACACS+ settings are added to the Running Configuration file.
  3. To add a TACACS+ server, click Add. The Add TACACS+ Server page displays.
  4. Enter the parameters.
    • Server Definition--Select whether to specify the TACACS+ server by IP address or name.
    • Server IP Address/Name--Enter the IP address or domain name of the server.
    • Priority--Enter the order in which this TACACS+ server is used. Zero is the highest priority TACACS+ server and is the first server used. If it cannot establish a session with the high priority server, the switch will try the next highest priority server.
    • Key String--Enter the authentication and encryption key for the TACACS+ server. The key must match the encryption key configured on the TACACS+ server. Select Use Default to use the key string defined under the TACACS+ Default Parameters.
    • Timeout for Reply--Enter the amount of time that passes before the connection between the switch and the TACACS+ server times out. Select Use Default to use the default value displayed on the page.
    • Authentication IP Port--Enter the port number through which the TACACS+ session occurs.
    • Single Connection--Select to enable a single open connection between the switch and the TACACS+ server.
  5. Click Apply. The TACACS+ server is added to the Running Configuration file of the switch.