Cisco Support Community
Community Member

Configuring TACACS+ for IOS and CATOS devices

I am trying to configure TACACS+ on my Cisco Devices. I have my ACS server up and running and I want my devices when someone tries to login to the devices I want them to authenticate with the ACS server but I can not get it work let alone the authorization and accounting commands. Can someone help me with this? Thanks.

Community Member

Re: Configuring TACACS+ for IOS and CATOS devices

What I am tryin to accomplish is to have the ACS (2.6)server use the Windows NT database and if the devices can not contact the server to fall back to user names and accounts on the device.


Re: Configuring TACACS+ for IOS and CATOS devices

Compare this basic config with yours.

aaa new-model

aaa authentication login default group tacacs+ local

aaa accounting exec default start-stop group tacacs+ local

username admin password admin

ip tacacs source-interface loopback0

tacacs-server host key XYZ

The "local" entry at the end of the line indicates the fallback mechanism. This can be changed to the enable password, line password or none. Be carefull with "none" though, if it is configured to none and your tacacs server is down, you are locked out of the router.

This should work. If not , send your config or exlain in more detail.

CreatePlease to create content