3.119.1. Key Previous topic Parent topic Child topic Next topic

This parameter specifies the default shared secret to be used to decrypt TACACS+ messages. When a new connection from a TACACS+ client is received, <ServerTACACSPLUS> tries to find a key to use for decrypting that connection. It first looks for a matching Client and then for a key until it finds one that has been defined:
  • If a matching Client is found: EncryptedTACACSPLUSKey parameter is preferred over TACACSPLUSKey parameter
  • EncryptedKey
  • This Key parameter
  • If a matching Client is found: EncryptedSecret parameter is preferred over Secret parameter
Note
EncryptedTACACSPLUSKey and EncryptedSecret are currently experimental and will be documented later.
Tip
If all your TACACS+ devices use the same key, use this Key parameter. If some or all of your TACACS+ devices use different keys, define a Client and TACACSPLUSKey for each differing one and set this Key as the default for the rest. If some TACACS+ clients are also RADIUS clients, define a Client clause for each one, specifying the RADIUS secret in Secret, and the TACACS+ key in TACACSPLUSKey.
Key mysecret