https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167094#M563321 <P>On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:</P><P>aaa new-model</P><P>aaa group server tacacs+ TACACS<BR />&nbsp;server &lt;TACACS primary IP&gt;<BR />&nbsp;server &lt;TACACS secondary IP&gt;</P><P>aaa authorization config-commands<BR />aaa authorization exec default group TACACS local<BR />aaa authorization commands 0 default group TACACS local<BR />aaa authorization commands 1 default group TACACS local<BR />aaa authorization commands 5 default group TACACS local<BR />aaa authorization commands 15 default group TACACS local</P> Wed, 14 Oct 2020 22:31:48 GMT Aref Alsouqi 2020-10-14T22:31:48Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167023#M563317 <P>Hello All,</P><P>&nbsp;</P><P>Can anyone share few example files of tacacs+ server?</P><P>&nbsp;</P><P>Can we configure the tacacs server to allocate privilege level (5-7) with option of allowing few configuration parameters under the interface? For example privilege level 5 user should be able to run all show, clear, show tech commands and they should have authorization to shutdown and no shutdown capabilities along with duplex change. Wondering what would tacacs+ server config file would look like?</P><P>&nbsp;</P><P>I don't want to give user privilege level of 15 to have full configuration control.&nbsp;&nbsp;</P> Wed, 14 Oct 2020 20:33:25 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167023#M563317 devang_etcom 2020-10-14T20:33:25Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167045#M563318 <P>Are you using ISE as your TACACS server?</P> Wed, 14 Oct 2020 21:15:22 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167045#M563318 Aref Alsouqi 2020-10-14T21:15:22Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167055#M563319 <P>no its different TACACS+ server/software.&nbsp;</P> Wed, 14 Oct 2020 21:30:25 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167055#M563319 devang_etcom 2020-10-14T21:30:25Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167067#M563320 <P>Look at the below example : ( add your own commands, if you doing local, you need to do hard work to all commands)</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html</A></P> Wed, 14 Oct 2020 21:40:52 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167067#M563320 balaji.bandi 2020-10-14T21:40:52Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167094#M563321 <P>On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:</P><P>aaa new-model</P><P>aaa group server tacacs+ TACACS<BR />&nbsp;server &lt;TACACS primary IP&gt;<BR />&nbsp;server &lt;TACACS secondary IP&gt;</P><P>aaa authorization config-commands<BR />aaa authorization exec default group TACACS local<BR />aaa authorization commands 0 default group TACACS local<BR />aaa authorization commands 1 default group TACACS local<BR />aaa authorization commands 5 default group TACACS local<BR />aaa authorization commands 15 default group TACACS local</P> Wed, 14 Oct 2020 22:31:48 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4167094#M563321 Aref Alsouqi 2020-10-14T22:31:48Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4177085#M563599 <P>I wasn't looking for router/sw config!&nbsp;</P> Mon, 02 Nov 2020 00:08:01 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4177085#M563599 devang_etcom 2020-11-02T00:08:01Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4177086#M563600 <P>I found not exact but close by on one of the older cisco external community email discussion.</P> Mon, 02 Nov 2020 00:09:34 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4177086#M563600 devang_etcom 2020-11-02T00:09:34Z https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4180423#M563674 <P>There are MANY examples of TACACS configuration at <A href="https://community.cisco.com/t5/security-documents/ise-device-administration-tacacs/ta-p/3621655" target="_self">ISE Device Administration resources for TACACS+ and RADIUS</A> with both documents and videos.</P> Sun, 08 Nov 2020 05:26:16 GMT https://community.cisco.com/t5/network-access-control/tacacs-server-config-file-example/m-p/4180423#M563674 thomas 2020-11-08T05:26:16Z