cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3020
Views
10
Helpful
7
Replies

TACACS+ server config file example

devang_etcom
Level 7
Level 7

Hello All,

 

Can anyone share few example files of tacacs+ server?

 

Can we configure the tacacs server to allocate privilege level (5-7) with option of allowing few configuration parameters under the interface? For example privilege level 5 user should be able to run all show, clear, show tech commands and they should have authorization to shutdown and no shutdown capabilities along with duplex change. Wondering what would tacacs+ server config file would look like?

 

I don't want to give user privilege level of 15 to have full configuration control.  

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.

View solution in original post

7 Replies 7

Are you using ISE as your TACACS server?

no its different TACACS+ server/software. 

On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:

aaa new-model

aaa group server tacacs+ TACACS
 server <TACACS primary IP>
 server <TACACS secondary IP>

aaa authorization config-commands
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 1 default group TACACS local
aaa authorization commands 5 default group TACACS local
aaa authorization commands 15 default group TACACS local

I wasn't looking for router/sw config! 

balaji.bandi
Hall of Fame
Hall of Fame

Look at the below example : ( add your own commands, if you doing local, you need to do hard work to all commands)

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

devang_etcom
Level 7
Level 7

I found not exact but close by on one of the older cisco external community email discussion.

thomas
Cisco Employee
Cisco Employee

There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: