Jump to content


switching the IP of the tacacs server

tacacs+ 3750 switch security aaa radius

  • Please log in to reply
1 reply to this topic

#1 jamessimo

jamessimo

    Advanced Member

  • Members
  • PipPipPip
  • 191 posts
  • Gender:Male
  • Location:Watford

Posted 24 July 2014 - 10:34 PM

Hi All

 

I looking to reloacte a tacacs+ server from the inside to the DMZ and therefore the server will be on a new ip range.

I will be looking to role out these command using cat tools as I have a lot of switches

the config on switches is below

 

existing tacacs :

tacacs-server host 10.11.11.40 key 9090897979800090908

 

Now im moving the server to a new ip of 10.99.1.40

If I put the command

 

tacacs-server host 10.99.1.40 key 9090897979800090908

the config looks like this:

tacacs-server host 10.11.11.40 key 9090897979800090908

tacacs-server host 10.99.1.40 key 9090897979800090908

 

I need to confirm that when I switch the server over to it new IP that the switches will look for the new ip of 10.99.1.40, and then all I would have to do after is remove the old line : no tacacs-server host 10.11.11.40 key 9090897979800090908

Or will this now work and will I have to configure a group which is at the bottom of the page of the link below

 

 

http://www.cisco.com...c/scftplus.html

 

 

 

Many thanks


  • 0

#2 jamessimo

jamessimo

    Advanced Member

  • Members
  • PipPipPip
  • 191 posts
  • Gender:Male
  • Location:Watford

Posted 25 July 2014 - 06:19 PM

The method explained in the linked document is the newer one. One IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)


  • 0






Also tagged with one or more of these keywords: tacacs+, 3750, switch, security, aaa, radius

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users