dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains

1 edit
reply to jvltech

Re: [Config] cisco tacacs

Router config

aaa new-model
aaa authentication fail-message #
Authentication failed.
#
aaa authentication login default line
aaa authentication login TACACS group tacacs+ line
aaa authorization config-commands
aaa authorization console
aaa authorization exec default group tacacs+
aaa authorization commands 1 default group tacacs+
aaa authorization commands 15 default group tacacs+
tacacs-server host 192.168.X.X
tacacs-server key XYZXYZXYZXYZYXYZ
line con 0
login authentication TACACS
line aux 0
login authentication TACACS
line vty 0 4
login authentication TACACS

On the Tacacs server (exemple with a tac_plus server)
key = "XYZXYZXYZXYZYXYZ"
group = admin {
default service = permit
service = exec {
priv-lvl=15
}
service = shell {
priv-lvl=15
}
}
user = admin {
login = cleartext XXXXXXXX
member = admin
}

This will put you in enable mode directly when you login as admin
It will also default to line password when the tacacs server is unreachable.