Goals:
1) have AAA authenticate, authorize, log all commands the users have entered;
2) don't use the default aaa keyword to avoid unexpected behavior;
I could not find any papers dealing with the issues in a single configuration and not using default methods. I have come up with this:
aaa new-model
aaa group server tacacs+ TacGroup1
server-private 192.168.1.1 key mysharedkey
!
aaa authentication login TacAuth group TacGroup1
aaa authorization commands 0 TacPerm group TacGroup1
aaa authorization commands 1 TacPerm group TacGroup1
aaa authorization commands 15 TacPerm group TacGroup1
aaa accounting commands 0 TacAcc start-stop group TacGroup1
aaa accounting commands 1 TacAcc start-stop group TacGroup1
aaa accounting commands 15 TacAcc start-stop group TacGroup1
!
line vty 10
login authentication TacAuth
accounting commands 0 TacAcc
accounting commands 1 TacAcc
accounting commands 15 TacAcc
authorization commands 0 TacPerm
authorization commands 1 TacPerm
authorization commands 15 TacPerm
Assuming I'm not lacking somethig critical, what more do I need to get this working?
Additionally, why do I need to reference accouting/authorization levels under line vty when they are referenced in the respective methods in the global conf mode?