4.10.3.2 AAA TACACS+ Configuration

The TACACS+ Server Configuration page allows you to configure up to five TACACS+ servers.

Figure 4-56. TACACS Server Configuration

The TACACS+ Server Configuration page has the following parameters:

  • Global Configuration
    • Timeout: Timeout is the number of seconds in the range 1–1000, to wait for a reply from a TACACS+ server before it is dead
    • Deadtime: Deadtime, which can be set to a number between 0–1440 minutes, is the period during which the switch does not send new requests to a server that has failed to respond to a previous request. This stops the switch from continually trying to contact a server that it has already been determined as dead. Setting the Deadtime to a value greater than 0 (zero) enables this feature, but only if more than one server has been configured.
    • Change Secret Key: Specify whether to change the secret key or not. When Yes is selected for the option, you can change the secret key up to 63 characters long, shared between the TACACS+ server and the switch.
  • Server Configuration
    • Delete: To delete a TACACS+ server entry, check this box. The entry is deleted during the next save.
    • Hostname: The IPv4/IPv6 address or hostname of the TACACS+ server
    • Port: The TCP port to use on the TACACS+ server for authentication
    • Timeout: This optional setting overrides the global timeout value
    • Change Secret Key: Specify whether to change the secret key or not. When the checkbox is checked, you can change the setting overrides the global key.