Cisco 9800 TACACS+ Config CLI and verify – notes

Posted on Posted in 9800 Flexconnect, Cisco 9800 Wireless, Cloud 9800 High Availability SSO HA, TACACS for Cisco IOS/ Cisco 9800 Wireless Controller

AireOSto9800Prod#show configuration | s aaa
aaa new-model
aaa group server tacacs+ AAA_TACACS_SG_10.0.0.36
server name AAA_TACACS_10.0.0.36
aaa authentication login AAA_LOGIN_LIST local group AAA_TACACS_SG_10.0.0.36
aaa authentication enable default group AAA_TACACS_SG_10.0.0.36 enable
aaa authorization exec default local
aaa authorization exec AAA_AUTH_LIST local group AAA_TACACS_SG_10.0.0.36
aaa authorization commands 0 AAA_LOGIN_LIST local group AAA_TACACS_SG_10.0.0.36
aaa authorization commands 1 AAA_LOGIN_LIST local group AAA_TACACS_SG_10.0.0.36
aaa authorization commands 15 AAA_LOGIN_LIST local group AAA_TACACS_SG_10.0.0.36
aaa accounting network AAA_ACCT_LIST start-stop group tacacs+ group AAA_TACACS_SG_10.0.0.36
aaa session-id common
ip http authentication aaa login-authentication AAA_LOGIN_LIST
ip http authentication aaa exec-authorization AAA_AUTH_LIST
ip http authentication aaa command-authorization 0 AAA_AUTH_LIST
ip http authentication aaa command-authorization 1 AAA_AUTH_LIST
snmp-server enable traps aaa_server
wireless aaa policy default-aaa-policy
AireOSto9800Prod#


line vty 0 4
authorization commands 0 AAA_LOGIN_LIST
authorization commands 1 AAA_LOGIN_LIST
authorization commands 15 AAA_LOGIN_LIST
authorization exec AAA_AUTH_LIST
login authentication AAA_LOGIN_LIST

ISE Config






Test GUI




Test CLI




Test helpdesk / jradmin



test helpdesk / jradmin – CLI



If the policy is to restrictive edit command set and tacacs profile/shell



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.