These are the basic steps:
! Create enable password
enable secret myenablepassword
! Create fallback user for local auth
username fallback privilege 15 secret fallbackpassword
! Enable AAA
aaa new-model
! Configure TACACS server
tacacs-server host 1.2.3.4 key tacacskey
! Enable authentication via TACACS, fallback to local auth if TACACS not available
aaa authentication login default group tacacs+ local
! Check enable password via TACACS and local if TACACS not available
aaa authentication enable default group tacacs+ enable
! Enable authorization of exec shell, fall back to local if TACACS fails
aaa authorization exec default group tacacs+ local
! Authorize global commands
aaa authorization config-commands
! Authorize privilege level 1 commands
aaa authorization commands 1 default group tacacs+ local
! Authorize privilege level 15 commands
aaa authorization commands 15 default group tacacs+ local
Then you can enable accounting or create custom method list as well.
Daniel Dib
CCIE #37149
Daniel Dib
CCIE #37149
CCDE #20160011
Please rate helpful posts.