Configure tacacs in Cisco IOS

Simple template to configure tacacs on a given IOS piece of gear. A "network" entry should be added to your CiscoACS configuration for the ip address of %[tacacs_source_interface]%.

February 16, 2012

conf t

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console-in local
aaa authentication login VTY local
aaa authentication login CONSOLE local
aaa authorization config-commands
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization commands 15 VTY none
aaa authorization commands 15 CONSOLE none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip tacacs source-interface %{tacacs_source_interface}%
tacacs-server host %{tacacs_server_1}%
tacacs-server host %{tacacs_server_2}%
tacacs-server timeout 2
tacacs-server directed-request
tacacs-server key %{tacacs_key}%

copy run start