https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152246#M436380 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>The minimum configuration required would be:</P><P></P><P>tacacs-server host 10.1.1.1 key cisco</P><P></P><P>aaa new-model</P><P>aaa authentication login default [group] tacacs+ local</P><P></P><P>aaa authorization exec default [group] tacacs+ local &lt;--this is not needed if you just want to authenticate users and don't want to directly be dropped to the enable mode</P><P></P><P>If you don't want to add the above line and wants to do enable password authentication then you can do the following:</P><P></P><P>aaa authen enable default [group] tacacs+ enable</P><P></P><P>aaa accounting exec default start-stop group tacacs+ &lt;--You can turn on accounting for other purpose also like command autho etc.</P><P></P><P>Before you enter these, plese make sure to create the local user database as follows:</P><P></P><P>username admin privilege 15 password admin</P><P></P><P>Thanks,</P><P></P><P>Mynul</P><P></P></BODY></HTML> Wed, 11 Jun 2003 20:37:24 GMT mhoda 2003-06-11T20:37:24Z https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152245#M436379 <P>I have a6509 with dual MSFC2 and dual SUP2. I am trying to implement TACACS on both. I would like to have fail over the local password if the TACACS server access fail. I need authentication and accounting.</P><P>What commands I should use? I tested some bute I am getting many erros. Is there any configuration sample available?</P><P></P> Sun, 10 Mar 2019 14:21:26 GMT https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152245#M436379 gilson_machado 2019-03-10T14:21:26Z https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152246#M436380 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>The minimum configuration required would be:</P><P></P><P>tacacs-server host 10.1.1.1 key cisco</P><P></P><P>aaa new-model</P><P>aaa authentication login default [group] tacacs+ local</P><P></P><P>aaa authorization exec default [group] tacacs+ local &lt;--this is not needed if you just want to authenticate users and don't want to directly be dropped to the enable mode</P><P></P><P>If you don't want to add the above line and wants to do enable password authentication then you can do the following:</P><P></P><P>aaa authen enable default [group] tacacs+ enable</P><P></P><P>aaa accounting exec default start-stop group tacacs+ &lt;--You can turn on accounting for other purpose also like command autho etc.</P><P></P><P>Before you enter these, plese make sure to create the local user database as follows:</P><P></P><P>username admin privilege 15 password admin</P><P></P><P>Thanks,</P><P></P><P>Mynul</P><P></P></BODY></HTML> Wed, 11 Jun 2003 20:37:24 GMT https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152246#M436380 mhoda 2003-06-11T20:37:24Z https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152247#M436381 <HTML><HEAD></HEAD><BODY><P>Hello Mynul!</P><P>I forgot to mention that it is a CatOS (using set commands).</P><P>The group of commands that I could find is the below: </P><P></P><P>! </P><P>set authentication &nbsp;login tacacs &nbsp;enable </P><P>set authentication enbale tacacs enable </P><P>set tacacs server x.x.x.x &nbsp; </P><P>set tacacs key &nbsp;yyyy </P><P>! </P><P></P><P>But it is not working properly.</P><P>Is there anything to add to that?</P><P>Regards,</P><P>Gilson</P></BODY></HTML> Thu, 12 Jun 2003 11:37:31 GMT https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152247#M436381 gilson_machado 2003-06-12T11:37:31Z https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152248#M436382 <HTML><HEAD></HEAD><BODY><P>Hi Gilson,</P><P></P><P></P><P>In case of switches with cat os there is no concept of local username, but it falls back to the local telnet and enable password.</P><P></P><P>If you are using 7.5.x code then you add a local user otherwise.</P><P></P><P>Here are the commands you need</P><P></P><P>set authentication login local enable </P><P>set authentication login tacacs enable</P><P>set tacacs server #.#.#.# </P><P>set tacacs key your_key </P><P></P><P>Here is a good link</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/480/72.shtml" target="_blank">http://www.cisco.com/warp/public/480/72.shtml</A></P><P></P><P>Thanks</P><P>Sujit</P><P></P><P></P><P></P></BODY></HTML> Thu, 12 Jun 2003 16:00:17 GMT https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152248#M436382 sghosh 2003-06-12T16:00:17Z https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152249#M436383 <HTML><HEAD></HEAD><BODY><P>Thanks Sujit!</P><P>looks like this is the correct set of commands.</P><P></P><P>Thanks everybody for the help.</P><P>Reagrds,</P><P>Gilson</P></BODY></HTML> Thu, 12 Jun 2003 18:18:27 GMT https://community.cisco.com/t5/network-access-control/how-to-configure-tacacs-for-cat6509-sup2/m-p/152249#M436383 gilson_machado 2003-06-12T18:18:27Z