TACACS-Server Command Question

dtom · ‎05-09-2013

What is the diffrence between the following commands?

tacacs-server host 10.10.10.10 single-connection key test01

- and -

tacacs-server host 10.10.10.10 single-connection

tacacs-server key test01

Jatin Katyal · ‎05-09-2013

Specifying the encryption key with the tacacs-server host command overrides the default key set by the global configuration tacacs-server key command for this server only.

Jatin Katyal

- Do rate helpful posts -

~Jatin

minkumar · ‎05-09-2013

Not much, Just two different ways of defining the tacacs server with single connect feature using shared secret key

Regards

Minakshi

kussriva · ‎05-09-2013

Hi,

In the first method you are defining the shared secret key per tacacs server. However using the second method, you can go ahead and define multiple tacacs servers and use the same key. This is just a method to prevent redundancy and typo. e.g:

tacacs-server host 1.1.1.1 single-connection

tacacs-server host 12.12.12.12 single-connection

tacacs-server key test101

in this example both the tacacs servers would use the key test101.

However if we configure the tacacs servers as:

tacacs-server host 1.1.1.1 single-connection key test

tacacs-server host 12.12.12.12 single-connection

tacacs-server key test101

the tacacs server 12.12.12.12 would use the key test101 however the tacacs server 1.1.1.1 would use the key test, as explicitly defined key would take precendence over the global key.

So just two different methods to define the tacacs server

Regards,

Kush

Cisco PDI Helpdesk