New-Style TACACS+ Configuration

Posted on in networking

cover image for article

For troubleshooting tips regarding the error message %TAC+: no address for get_server see: Troubleshooting "%TAC+: no address for get_server" on Cisco Devices.

While working with Cisco Catalyst IOS image 12.2(58)SE1, I noticed that configuration for TACACS+ had changed. My first clue that there was a problem was the following:

switch(config)#tacacs-server host 192.168.9.25
This cli will be deprecated soon. Use new server cli

Ominous.

It seems that part of the reason for the change is so that you can now specify an IPv4 and IPv6 address for each TACACS+ server.

Listed below is the old school TACACS+ configuration I was using.

tacacs-server host 192.168.9.25
tacacs-server key rycserdOb
!
aaa group server tacacs+ TAC_PLUS
 server 192.168.9.25

This now becomes:

tacacs server AUTH
 address ipv4 192.168.9.25
 key rycserdOb
!
aaa group server tacacs+ TAC_PLUS
 server name AUTH

My Bookshelf

Reading Now

Other Stuff