tacacs-server host

[no] tacacs-server host {<ip-address> | <hostname>} [auth-port <port>] [auth-type <type>] [timeout <seconds>] retransmit <retries> | [key {<string> | key 0 | key 7}]

<ip-address>	TACACS+ server IP address.
<hostname>	TACACS+ server hostname.
auth-port <port>	Specifies the authorization port number. The default value is 49.
auth-type <type>	Specifies the authorization type to use with this TACACS+ server: ascii, pap.
timeout <seconds>	Sets the time-out for retransmitting a request to any TACACS+ server. The range is from 1 to 60. The default value is 3.
retransmit <number>	Specifies the number of times the client attempts to authenticate with any TACACS+ server. The default value is 1. The range is from 0 to 5. To disable retransmissions set it to 0.
key {<string> \| key 0 \| key 7}	Specifies the shared secret text string used to communicate with this TACACS+ server. • 0 - Shared secret to use with this RADIUS server. • 7 - TACACS+ key with an encrypted string.

The same IP address can be used in more than one tacacs-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the hostname option (if present).

If no tacacs-server host <ip-address> is specified, all TACACS+ configurations for this host are deleted. The no tacacs-server host <ip-address> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all TACACS+ servers with the specified IP address.