10-14-2020 01:33 PM
Hello All,
Can anyone share few example files of tacacs+ server?
Can we configure the tacacs server to allocate privilege level (5-7) with option of allowing few configuration parameters under the interface? For example privilege level 5 user should be able to run all show, clear, show tech commands and they should have authorization to shutdown and no shutdown capabilities along with duplex change. Wondering what would tacacs+ server config file would look like?
I don't want to give user privilege level of 15 to have full configuration control.
Solved! Go to Solution.
11-07-2020 09:26 PM
There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.
10-14-2020 02:15 PM
Are you using ISE as your TACACS server?
10-14-2020 02:30 PM
no its different TACACS+ server/software.
10-14-2020 03:31 PM - edited 10-14-2020 03:31 PM
On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:
aaa new-model
aaa group server tacacs+ TACACS
server <TACACS primary IP>
server <TACACS secondary IP>
aaa authorization config-commands
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 1 default group TACACS local
aaa authorization commands 5 default group TACACS local
aaa authorization commands 15 default group TACACS local
11-01-2020 04:08 PM
I wasn't looking for router/sw config!
10-14-2020 02:40 PM
Look at the below example : ( add your own commands, if you doing local, you need to do hard work to all commands)
11-01-2020 04:09 PM
I found not exact but close by on one of the older cisco external community email discussion.
11-07-2020 09:26 PM
There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide