Examples for adding, removing, or changing the priority of a TACACS+ server

Example

Suppose the switch is configured to use TACACS+ servers at 10.28.227.10 and 10.28.227.15. 10.28.227.15 was entered first and so is listed as the first-choice server.

Example of the switch with two TACACS+ server addresses configured:
switch(config)# show tacacs
Status and Counters - TACACS Information
Timeout : 5
Encryption Key:

Server IP Addr          Opens  Closes  Aborts  Errors  Pkts  Rx  Pkts  Tx
--------------------------------------------------------------------------
10.28.277.15 1           0      0       0       0       0     0   0     0
10.28.277.10             0      0       0       0       0     0   0     0
1 First-choice TACACS+ Server

To move the "first-choice" status from the "15" server to the "10" server, use the no tacacs-server host <ip-addr> command to delete both servers, then use tacacs-server host <ip-addr> to re-enter the "10" server first, then the "15" server.

The servers would then be listed with the new "first-choice" server, that is:
switch(config)# show tacacs
Status and Counters - TACACS Information
Timeout : 5
Encryption Key:

Server IP Addr          Opens  Closes  Aborts  Errors  Pkts  Rx  Pkts  Tx
--------------------------------------------------------------------------
10.28.277.10 1           0      0       0       0       0     0   0     0
10.28.277.15             0      0       0       0       0     0   0     0
1 The "10" server is now "first-choice" TACACS+ authentication device.

To remove the 10.28.227.15 device as a TACACS+ server, use the following command:

Switch(config)# no tacacs-server host 10.28.227.15