aaa new-model
!
!TACACS+ server configuration
!
tacacs server SERVER1
address ipv4 <IPADDRESS SERVER1>
key <PASSWORD>
single-connection
timeout 3
!
tacacs server SERVER2
address ipv4 <IPADDRESS SERVER2>
key <PASSWORD>
single-connection
timeout 3
!
aaa group server tacacs+ TACACS
server name SERVER1
server name SERVER2
ip tacacs source-interface vlan <MGMT VLAN ID>
exit
!Line VTY configuration for access
!
line vty 0 4
location VTY interface
logging synchronous
history size 256
transport input ssh
exec-timeout 0 0
!
line vty 5 15
location VTY interface
logging synchronous
history size 256
transport input ssh
exec-timeout 0 0
exit
!
!TACACS+ source interface
!
ip tacacs source-interface vlan <MGMT VLAN #>
!
!TACACS+ aaa commands only for Authentication and Accounting
!
logging origin-id hostname
exit
wr mem
aaa authentication login default group TACACS local
aaa authentication enable default group TACACS enable
aaa accounting exec default start-stop group TACACS
aaa accounting commands 1 default start-stop group TACACS
aaa accounting commands 15 default start-stop group TACACS
aaa authorization config-commands
aaa authorization console
aaa authorization exec default group TACACS if-authenticated
aaa authorization commands 1 default group TACACS if-authenticated
aaa authorization commands 15 default group TACACS if-authenticated