Chapter 1
Configuring TACACS+
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Command
Step 1
switch# configure terminal
Step 2
switch(config)# tacacs-server deadtime
minutes
Step 3
switch(config)# exit
Step 4
switch# show tacacs-server
Step 5
switch# copy running-config
startup-config
Manually Monitoring TACACS+ Servers or Groups
To manually issue a test message to a TACACS+ server or to a server group, perform this task:
Command
Step 1
switch# test aaa server tacacs+
{ipv4-address|ipv6-address|host-name} [vrf
vrf-name] username password
Step 1
switch# test aaa group group-name username
password
The following example shows how to manually issue a test message:
switch# test aaa server tacacs+ 10.10.1.1 user1 Ur2Gd2BH
switch# test aaa group TacGroup user2 As3He3CI
Disabling TACACS+
You can disable TACACS+.
When you disable TACACS+, all related configurations are automatically discarded.
Caution
To disable TACACS+, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# feature tacacs+
OL-16597-01
Purpose
Enters configuration mode.
Configures the global dead-time interval. The default
value is 0 minutes. The range is from 1 to 1440
minutes.
Exits configuration mode.
(Optional) Displays the TACACS+ server
configuration.
(Optional) Copies the running configuration to the
startup configuration.
Purpose
Sends a test message to a TACACS+ server to
confirm availability.
Sends a test message to a TACACS+ server group to
confirm availability.
Purpose
Enters configuration mode.
Enables TACACS+.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring TACACS+
1-13