Examples for adding, removing, or changing the priority of a TACACS+ server
Example
Suppose the switch is configured to use TACACS+ servers at 10.28.227.10 and 10.28.227.15. 10.28.227.15 was entered first and so is listed as the first-choice server.
Example of the switch with two TACACS+ server addresses configured:
switch(config)# show tacacs Status and Counters - TACACS Information Timeout : 5 Encryption Key: Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx -------------------------------------------------------------------------- 10.28.277.15 1 0 0 0 0 0 0 0 0 10.28.277.10 0 0 0 0 0 0 0 01 First-choice TACACS+ Server
To move the "first-choice" status from the "15" server to the "10" server, use the no tacacs-server host <ip-addr>
command to delete both servers, then use
tacacs-server host <ip-addr>
to re-enter the "10" server first, then the "15" server.
The servers would then be listed with the new "first-choice" server, that is:
switch(config)# show tacacs Status and Counters - TACACS Information Timeout : 5 Encryption Key: Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx -------------------------------------------------------------------------- 10.28.277.10 1 0 0 0 0 0 0 0 0 10.28.277.15 0 0 0 0 0 0 0 01 The "10" server is now "first-choice" TACACS+ authentication device.
To remove the 10.28.227.15 device as a TACACS+ server, use the following command:
Switch(config)# no tacacs-server host 10.28.227.15