Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4304
Views
10
Helpful
7
Replies

TACACS+ server config file example

Go to solution
devang_etcom
Level 7
Level 7

‎10-14-2020 01:33 PM

Hello All,

 

Can anyone share few example files of tacacs+ server?

 

Can we configure the tacacs server to allocate privilege level (5-7) with option of allowing few configuration parameters under the interface? For example privilege level 5 user should be able to run all show, clear, show tech commands and they should have authorization to shutdown and no shutdown capabilities along with duplex change. Wondering what would tacacs+ server config file would look like?

 

I don't want to give user privilege level of 15 to have full configuration control.  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-07-2020 09:26 PM

There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Aref Alsouqi
VIP
VIP

‎10-14-2020 02:15 PM

Are you using ISE as your TACACS server?

Go to solution
devang_etcom
Level 7
Level 7
In response to Aref Alsouqi

‎10-14-2020 02:30 PM

no its different TACACS+ server/software. 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to devang_etcom

‎10-14-2020 03:31 PM - edited ‎10-14-2020 03:31 PM

On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:

aaa new-model

aaa group server tacacs+ TACACS
 server <TACACS primary IP>
 server <TACACS secondary IP>

aaa authorization config-commands
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 1 default group TACACS local
aaa authorization commands 5 default group TACACS local
aaa authorization commands 15 default group TACACS local

Go to solution
devang_etcom
Level 7
Level 7
In response to Aref Alsouqi

‎11-01-2020 04:08 PM

I wasn't looking for router/sw config! 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-14-2020 02:40 PM

Look at the below example : ( add your own commands, if you doing local, you need to do hard work to all commands)

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
devang_etcom
Level 7
Level 7

‎11-01-2020 04:09 PM

I found not exact but close by on one of the older cisco external community email discussion.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-07-2020 09:26 PM

There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.

0 Helpful
Customers Also Viewed These Support Documents