Cisco MDS-9124 Troubleshooting Guide - Page 335
Verifying TACACS+ Configuration Using Fabric Manager, Switches > Security > AAA > TACACS
View all Cisco MDS-9124 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 335 highlights
Chapter 17 Troubleshooting RADIUS and TACACS+ AAA Issues Send documentation comments to [email protected] Verifying TACACS+ Configuration Using Fabric Manager To verify or change the TACACS+ configuration using Fabric Manager, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Choose Switches > Security > AAA > TACACS+ and select the Servers tab. You see the TACACS+ configuration in the Information panel. Highlight the server that you need to change and click Delete Row to delete this server configuration. Click Create Row to add a new TACACS+ server. Set the KeyType and Key fields to the preshared key configured on the TACACS+ server. Set the AuthPort and AcctPort fields to the authentication and accounting ports configured on the TACACS+ server. Set the TimeOut value and click Apply to save these changes. Select the CFS tab and select commit from the Config Action drop-down menu and click Apply Changes to distribute these changes to all switches in the fabric. Verifying TACACS+ Configuration Using the CLI To verify or change the TACACS+ configuration using the CLI, follow these steps: Step 1 Use the show tacacs-server command to display configured TACACS+ parameters. switch# show tacacs-server Global TACACS+ shared secret timeout value:30 total number of servers:3 following TACACS+ servers are configured: 11.5.4.3: available on port:2 cisco.com: available on port:49 11.6.5.4: available on port:49 TACACS+ shared secret:***** Step 2 Step 3 Step 4 Step 5 Use the tacacs-server host ip-address key command to set the preshared key to match what is configured on your TACACS+ server. Use the tacacs-server host ip-address port command to set the communications port to match what is configured on your TACACS+ server. Use the tacacs-server timeout command to set the period in seconds for the switch to wait for a response from all TACACS+ servers before the switch declares a timeout failure. Use the tacacs commit command to commit any changes and distribute to all switches in the fabric. OL-9285-05 Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x 17-5