key (TACACS+)
To specify an authentication and encryption key shared between the AAA server and the TACACS+ server,
use the key (TACACS+) command in TACACS host configuration mode. To disable this feature, use the no
form of this command.
key {0 clear-text-key| 7 encrypted-key| auth-key}
no key {0 clear-text-key| 7 encrypted-key| auth-key}
Syntax Description
Specifies an unencrypted (cleartext) shared key.
0 clear-text-key
Specifies an encrypted shared key.
7 encrypted-key
Specifies the unencrypted key between the AAA server and the
TACACS+ server.
auth-key
Command Default
None
Command Modes
TACACS host configuration
Command History
ModificationRelease
This command was introduced.Release 3.6.0
Usage Guidelines
The TACACS+ packets are encrypted using the key, and it must match the key used by the TACACS+ daemon.
Specifying this key overrides the key set by the tacacs-server key command for this server only.
The key is used to encrypt the packets that are going from TACACS+, and it should match with the key
configured on the external TACACS+ server so that the packets are decrypted properly. If a mismatch occurs,
the result fails.
Task ID
OperationsTask ID
read, writeaaa
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
40 OL-24740-01
Authentication, Authorization, and Accounting Commands
key (TACACS+)
To Next Page
Loading...
Need help?
General
