Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2176
Views
0
Helpful
0
Replies

Best practice for TACACS/AAA

johnlloyd_13
Level 9
Level 9

‎02-01-2021 06:47 PM - edited ‎02-01-2021 06:48 PM

hi,

just a quick question, i noticed there's a couple of ways to define TACACS/AAA in an ASR router: under global config and the other is under AAA server group. my questions are:

1. will the "server-private' and "ip tacacs source-interface" work on the new IOS-XE 16.12.x code?

2. which approach is more preferred or "best practice" in configuring TACACS/AAA?

3.will i be "locked out" if i move the TACACS source interface from global config to AAA group?

 

GLOBAL CONFIG:

 

tacacs server TAC-1
 address ipv4 10.11.6.2
 key 7 cisco123

 

ip tacacs source-interface Loopback0

 

aaa group server tacacs+ GRP-1

 server name TAC-1

 

 

AAA SERVER GROUP:

ASR(config)#aaa group server tacacs+ GRP-1

ASR(config-sg-tacacs+)#server-private 10.11.6.2 key 7 ?
LINE The HIDDEN shared key

 

ASR(config-sg-tacacs+)#ip tacacs ?
source-interface Specify interface for source address in TACACS packets


ASR(config-sg-tacacs+)#ip tacacs source-interface <INTF>

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card