Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

switching the IP of the tacacs server -

 

 

Hi All

 

I looking to reloacte a tacacs+ server from the inside to the DMZ and therefore the server will be on a new ip range.

I will be looking to role out these command using cat tools as I have a lot of switches

the config on switches is below

 

existing tacacs :

tacacs-server host 10.11.11.40 key 9090897979800090908

 

Now im moving the server to a new ip of 10.99.1.40

If I put the command

 

tacacs-server host 10.99.1.40 key 9090897979800090908

the config looks like this:

tacacs-server host 10.11.11.40 key 9090897979800090908

tacacs-server host 10.99.1.40 key 9090897979800090908

 

I need to confirm that when I switch the server over to it new IP that the switches will look for the new ip of 10.99.1.40, and then all I would have to do after is remove the old line : no  tacacs-server host 10.11.11.40 key 9090897979800090908

Or will this now work and will I have to configure a group which is at the bottom of the page of the link below

 

 

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scftplus.html

 

 

 

Many thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

The method explained in the

The method explained in the linked document is the newer one. On IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)

1 REPLY
Hall of Fame Super Silver

The method explained in the

The method explained in the linked document is the newer one. On IOS 15.x the earlier method (which still works) will generate a message in the cli parser that it is being deprecated and Cisco recommends moving to the new method.

That said, either method should work. The newer method should be good any any switches or routers with IOS 12.0+.

When there are two servers configured, IOS will try them in order and, if a reply isn't received in three tries (each in the case of multiple servers), it will fall over to the next configured aaa method (or fail aaa if no second method is defined)

40
Views
0
Helpful
1
Replies