Utilisation Tacacs +

aaa authentication login "AuthSrv" tacacs local
aaa authentication enable "AuthSrvEna" tacacs line enable
aaa authorization exec "dfltExecAuthList" tacacs local none
aaa authorization commands "dfltCmdAuthList" tacacs none

tacacs-server host [IP.DU.SERVEUR.TACACS]
timeout 15
key 7 "La Clef Tacas"
exit


line console
exec-timeout 15
login authentication AuthSrv
exit

line ssh
exec-timeout 15
login authentication AuthSrv
enable authentication AuthSrvEna
exit

SI on positionne uniquement la ligne authorization sans le fallback (donc sans le none)

aaa authorization commands "dfltCmdAuthList" tacacs

Il faut rajouter le bloc “commands” ci dessus.

aaa authorization exec "dfltExecAuthList" tacacs local
aaa authorization commands "MyAuth" none
line ssh
authorization commands MyAuth

line console
authorization commands MyAuth