Chapter 34
Configuring RADIUS and TACACS+
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To set the global timeout value for TACACS+ servers, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# tacacs-server
timeout 30
switch(config)# no tacacs-server
timeout 30
About TACACS+ Servers
By default, the TACACS+ feature is disabled in all switches in the Cisco MDS 9000 Family. Fabric
Manager or Device Manager enables the TACACS+ feature automatically when you configure a
TACACS+ server.
If a secret key is not configured for a configured server, a warning message is issued if a global key is
not configured. If a server key is not configured, the global key (if configured) is used for that server.
Note
Prior to Cisco MDS SAN-OS Release 2.1(2), you can use the dollar sign ($) in the key but the key must
be enclosed in double quotes, for example "k$". The percent sign (%) is not allowed. In Cisco MDS
SAN-OS Release 2.1(2) and later, you can use the dollar sign ($) without double quotes and the percent
sign (%) in global secret keys.
You can configure global values for the secret key for all TACACS+ servers.
Note
If secret keys are configured for individual servers, those keys override the globally configured key.
Configuring TACACS+ Server Monitoring Parameters
You can configure parameters for monitoring TACACS+ servers.
This section includes the following topics:
•
•
•
Configuring the TACACS+ Test Idle Timer
The test idle timer specifies the interval during which a TACACS+ server receives no requests before the
MDS switch sends out a test packet.
The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, periodic TACACS+
Note
server monitoring is not performed.
OL-18084-01, Cisco MDS NX-OS Release 4.x
Configuring the TACACS+ Test Idle Timer, page 34-21
Configuring Test Username, page 34-22
Configuring the Dead Timer, page 34-22
Purpose
Enters configuration mode.
Configures the global timeout period in seconds for the switch
to wait for a response from all TACACS+ servers before the
switch declares a timeout failure. The time ranges from 1 to
1440 seconds.
Deletes the configured timeout period and reverts to the
factory default of 5 seconds.
Cisco MDS 9000 Family CLI Configuration Guide
Configuring TACACS+
34-21