Command:

tacacs-server host

Mode:

Router(config)#


Syntax:

tacacs-server host hostname [single-connection ] [port integer] [timeout integer] [key string]

no tacacs-server host hostname

 


Syntax Description:

hostname  Name or IP address of the host.
single-connection (Optional) Specify that the router maintain a single open connection for confirmation from a AAA/TACACS+ server (CiscoSecure Release 1.0.1 or later). This command contains no autodetect and fails if the specified host is not running a CiscoSecure daemon.
port (Optional) Specify a server port number. This option overrides the default, which is port 49.
integer (Optional) Port number of the server. Valid port numbers range from 1 to 65535.
timeout (Optional) Specify a timeout value. This overrides the global timeout value set with the tacacs-server timeout command for this server only.
integer (Optional) Integer value, in seconds, of the timeout interval.
key (Optional) Specify an authentication and encryption key. This must match the key used by the TACACS+ daemon. Specifying this key overrides the key set by the global command tacacs-server key for this server only.
string (Optional) Character string specifying authentication and encryption key.


Command Description:

To specify a TACACS host, use the tacacs-server host global configuration command. Use the no form of this command to delete the specified name or address.

Usage Guidelines

Multiple tacacs-server host commands can be used to specify additional hosts. The Cisco IOS software searches for hosts in the order in which they are specified. Use the single-connection, port, timeout, and key options only when running a AAA/TACACS+ server.

Because some of the parameters of the tacacs-server host command override global settings made by the tacacs-server timeout and tacacs-server key commands, this command can be used to enhance security on a network by uniquely configuring individual TACACS+ connections.


Examples:

The following example specifies a TACACS host named Sea_Change:

Router(config)#tacacs-server host Sea_Change

The following example specifies that, for AAA confirmation, the router consult the CiscoSecure TACACS+ host named Sea_Cure on port number 51. The timeout value for requests on this connection is three seconds; the encryption key is a_secret.

Router(config)#tacacs-server host Sea_Cure single-connection port 51 timeout 3 key a_secret


Misconceptions:

 

None


Related commands:

 

tacacs-server key

 


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)