Jump to content
Sadikhov IT Certification forums
Sign in to follow this  

switching the IP of the tacacs server

Recommended Posts

Hi All


I looking to reloacte a tacacs+ server from the inside to the DMZ and therefore the server will be on a new ip range.

I will be looking to role out these command using cat tools as I have a lot of switches

the config on switches is below


existing tacacs :

tacacs-server host key 9090897979800090908


Now im moving the server to a new ip of

If I put the command


tacacs-server host key 9090897979800090908

the config looks like this:

tacacs-server host key 9090897979800090908

tacacs-server host key 9090897979800090908


I need to confirm that when I switch the server over to it new IP that the switches will look for the new ip of, and then all I would have to do after is remove the old line : no tacacs-server host key 9090897979800090908

Or will this now work and will I have to configure a group which is at the bottom of the page of the link below







Many thanks

Share this post

Link to post
Share on other sites

The method explained in the linked document is the newer one. One IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this