cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
0
Helpful
1
Replies

TACACS enable commands for one user or group

praveennoc
Level 1
Level 1

Hello,

How can i enble authentication to user or one group from TACACS

Can you pleae help us with commands and proceudre

Device :3560 router

thnaks ,

P

1 Reply 1

daniel.dib
Level 7
Level 7

These are the basic steps:

! Create enable password

enable secret myenablepassword

! Create fallback user for local auth

username fallback privilege 15 secret fallbackpassword

! Enable AAA

aaa new-model

! Configure TACACS server

tacacs-server host 1.2.3.4 key tacacskey

! Enable authentication via TACACS, fallback to local auth if TACACS not available

aaa authentication login default group tacacs+ local

! Check enable password via TACACS and local if TACACS not available

aaa authentication enable default group tacacs+ enable

! Enable authorization of exec shell, fall back to local if TACACS fails

aaa authorization exec default group tacacs+ local

! Authorize global commands

aaa authorization config-commands

! Authorize privilege level 1 commands

aaa authorization commands 1 default group tacacs+ local

! Authorize privilege level 15 commands

aaa authorization commands 15 default group tacacs+ local

Then you can enable accounting or create custom method list as well.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
Review Cisco Networking for a $25 gift card