Programming tacacs &radius server-keys ?

ROY THOMAS · ‎04-10-2014

I'm having an issue programming the tacacs & radius server-keys. I'm not sure if I missed a step or my use of the syntax. I appreciate any help you can provide. It's a first time for me and I'm attempting to duplicate an existing switch which states server-key 7 <removed>.

Thanks

Roy

paul driver · ‎04-10-2014

Hello

Can you post your config?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎04-10-2014

Roy

I can appreciate that the first time doing this can seem daunting. But it really is not so difficult when you get right down to it.

The first thing to understand is that in the existing config the key has already been encrypted for storage on the switch. So what you see in the running config is crypto text and not really the exact key.

You have two options in how to configure your new switch:

- you could cut and paste the server key from the existing config to the new switch. So you would be inputting the type 7 encrypted key directly to the new switch.

- you could manually configure the key on the new switch. In this case you would configure

server-key <key_value>

where <key_value> is the clear text key to use. If you do this, and assuming that you have configured service password-encryption, then the switch will take the clear text key and will encrypt it for storage on the new switch.

HTH

Rick

HTH

Rick