- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 01:33 PM
Hello All,
Can anyone share few example files of tacacs+ server?
Can we configure the tacacs server to allocate privilege level (5-7) with option of allowing few configuration parameters under the interface? For example privilege level 5 user should be able to run all show, clear, show tech commands and they should have authorization to shutdown and no shutdown capabilities along with duplex change. Wondering what would tacacs+ server config file would look like?
I don't want to give user privilege level of 15 to have full configuration control.
Solved! Go to Solution.
- Labels:
-
AAA
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2020 09:26 PM
There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 02:15 PM
Are you using ISE as your TACACS server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 02:30 PM
no its different TACACS+ server/software.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 03:31 PM - edited 10-14-2020 03:31 PM
On your TACACS server you need to define the shell profiles for each privilege level, and associate them with the respective privilege levels. On the network device side, the most relevant commands for authorization would be:
aaa new-model
aaa group server tacacs+ TACACS
server <TACACS primary IP>
server <TACACS secondary IP>
aaa authorization config-commands
aaa authorization exec default group TACACS local
aaa authorization commands 0 default group TACACS local
aaa authorization commands 1 default group TACACS local
aaa authorization commands 5 default group TACACS local
aaa authorization commands 15 default group TACACS local
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2020 04:08 PM
I wasn't looking for router/sw config!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 02:40 PM
Look at the below example : ( add your own commands, if you doing local, you need to do hard work to all commands)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2020 04:09 PM
I found not exact but close by on one of the older cisco external community email discussion.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2020 09:26 PM
There are MANY examples of TACACS configuration at ISE Device Administration resources for TACACS+ and RADIUS with both documents and videos.
