Cisco TACACS+ Configs for ACS (Nexus, ASR_IOS-XE, IOS, ASA, Wireless)

Below are some examples pulled from a working configuration. Enjoy!

#NEXUS

tacacs-server key 7 {SHARED SECRET}
tacacs-server timeout 6
tacacs-server host 172.16.1.101
tacacs-server host 172.16.2.101

aaa group server tacacs+ TACACS
aaa authentication login default group TACACS local
aaa authorization config-commands default group TACACS local
aaa authorization commands default group TACACS local
aaa accounting default group TACACS local

ip tacacs source-interface vlan96
 aaa group server tacacs+ TACACS
 server 172.16.1.101
 server 172.16.2.101
 source-interface Vlan96

#ASR_IOS-XE

tacacs server ACS_TPA
 address ipv4 172.16.1.101
 key {SHARED SECRET}

tacacs server ACS_DR
 address ipv4 172.16.2.101
 key {SHARED SECRET}

aaa group server tacacs+ TAC_PLUS
 server name ACS_TPA
 server name ACS_DR
 ip vrf forwarding Mgmt-intf

aaa new-model
aaa authentication login default group TAC_PLUS local enable
aaa authentication enable default group TAC_PLUS enable
aaa authorization exec default group TAC_PLUS if-authenticated
aaa authorization commands 5 default group TAC_PLUS if-authenticated
aaa authorization commands 15 default group TAC_PLUS if-authenticated
aaa accounting exec default start-stop group TAC_PLUS
aaa accounting commands 5 default start-stop group TAC_PLUS
aaa accounting commands 15 default start-stop group TAC_PLUS
aaa session-id common

ip tacacs source-interface g0/0

#IOS (ROUTERS/SWITCHES)

aaa new-model
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 5 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

tacacs-server host 172.16.1.101
tacacs-server host 172.16.2.101
tacacs-server timeout 6
tacacs-server directed-request
tacacs-server key 7 {SHARED SECRET}

ip tac source vlan96

#ASA

aaa-server ACS protocol tacacs+
aaa-server ACS (inside) host 172.16.1.101 key {SHARED SECRET}
aaa-server ACS (inside) host 172.16.2.101 key {SHARED SECRET}
aaa authentication ssh console ACS LOCAL
aaa authentication enable console ACS LOCAL
aaa authentication http console ACS LOCAL
aaa authorization exec authentication-server

#WIRELESS

config tacacs acct add 1 172.16.1.101 49 ascii {SHARED SECRET}
config tacacs acct add 2 172.16.2.101 49 ascii {SHARED SECRET}
config tacacs auth add 1 172.16.1.101 49 ascii {SHARED SECRET}
config tacacs auth add 2 172.16.2.101 49 ascii {SHARED SECRET}
config tacacs athr add 1 172.16.1.101 49 ascii {SHARED SECRET}
config tacacs athr add 2 172.16.2.101 49 ascii {SHARED SECRET}
config aaa auth mgmt tacacs local

Cisco TACACS+ Configs for ACS (Nexus, ASR_IOS-XE, IOS, ASA, Wireless)

Navigating VPN Tunnel Timeouts: Strategies for Maintaining Secure and Stable Connections

What is Ansible and What Are the Format Options Like YAML

AAA (Cisco Device and ISE Specific)

The Crucial Role of Documentation and Diagrams in IT Infrastructure Projects