TACACS (AAA) Configuration in Cisco (IOS-XR, IOS-XE, IOS, NX-OS)

Configuring Cisco to authenticate (also including authorization and accounting) to Tacacs+ server
10.10.10.10 – Tacacs+ AAA server
20.20.20.2 –  Loopback IP

Cisco:

IOS:

aaa authentication login VTY group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 10.10.10.10 single-connection
tacacs-server key 7 1234567890
ip tacacs source-interface Loopback0

IOS-XE:
aaa authentication login VTY group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs server TACACS-SERVER
address ipv4 10.10.10.10
key 7 1234567890

ip tacacs source-interface Loopback0

NEXUS OS
aaa authentication login default group tacacs
aaa authentication login console group tacacs
aaa authorization config-commands default group tacacs local
aaa authorization commands default group tacacs local
aaa accounting default group tacacs

tacacs+ distribute
ip tacacs source-interface mgmt0
tacacs-server host 10.10.10.10 key 7 “tacacs_pass”
aaa group server tacacs+ tacacs
server 10.10.10.10

IOS-XR
aaa accounting exec VTY start-stop group tacacs+
aaa accounting commands VTY start-stop group tacacs+
aaa authorization exec VTY group tacacs+ none
aaa authorization commands VTY group tacacs+ none
aaa authentication login VTY group tacacs+ line local

tacacs source-interface Loopback0 vrf default
tacacs-server host 10.10.10.10 port 49
key 7 1234567890123456789

Refer to this link for Tacacs configuration for Juniper –> TACACS (AAA) Configuration in Juniper

4 Comments

Leave a Reply