Deleting a per-server encryption key
To delete a per-server encryption key in the switch, re-enter the tacacs-server host command without the key parameter. For example, if you have north01 configured as the encryption key for a TACACS+ server with an IP address of 10.28.227.104 and you want to eliminate the key, you would use this command:
switch(config)# tacacs-server host 10.28.227.104
You can save the encryption key in a configuration file by entering this command:
switch(config)# tacacs-server key <key-string>
The <key-string> parameter is the encryption key in clear text.
The show tacacs
command
lists the global encryption key, if configured. However, to view any
configured per-server encryption keys, you must use show
config
or show config running
(if you
have made TACACS+ configuration changes without executing write
mem
).
Deleting a global encryption key
To delete a global encryption key from the switch, use this command:
switch(config)# no tacacs-server key