Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
1
Replies

switching the IP of the tacacs server -

Go to solution
James Simpson
Level 1
Level 1

‎07-23-2014 07:49 AM - edited ‎02-21-2020 05:14 AM

 

 

Hi All

 

I looking to reloacte a tacacs+ server from the inside to the DMZ and therefore the server will be on a new ip range.

I will be looking to role out these command using cat tools as I have a lot of switches

the config on switches is below

 

existing tacacs :

tacacs-server host 10.11.11.40 key 9090897979800090908

 

Now im moving the server to a new ip of 10.99.1.40

If I put the command

 

tacacs-server host 10.99.1.40 key 9090897979800090908

the config looks like this:

tacacs-server host 10.11.11.40 key 9090897979800090908

tacacs-server host 10.99.1.40 key 9090897979800090908

 

I need to confirm that when I switch the server over to it new IP that the switches will look for the new ip of 10.99.1.40, and then all I would have to do after is remove the old line : no  tacacs-server host 10.11.11.40 key 9090897979800090908

Or will this now work and will I have to configure a group which is at the bottom of the page of the link below

 

 

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scftplus.html

 

 

 

Many thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-25-2014 06:01 AM

The method explained in the linked document is the newer one. On IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-25-2014 06:01 AM

The method explained in the linked document is the newer one. On IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card