AAA – Tacacs+

AAA on IOS-XR (NCS540)

 
aaa authorization exec LOCAL local
aaa authorization exec TACACS group TACACS local

aaa authentication login LOCAL local
aaa authentication login TACACS group TACACS local

aaa accounting exec default start-stop group TACACS
aaa accounting system default start-stop group TACACS
aaa accounting commands default start-stop group TACACS

aaa group server tacacs+ TACACS
 server 10.0.0.1
 server 10.0.0.2

tacacs-server host 10.0.0.1 port 49
 key 7 xxx
!
tacacs-server host 10.0.0.2 port 49
 key 7 xxx
!
username admin
 group root-lr
 secret 10 xxx

line console
 authorization exec LOCAL
 login authentication LOCAL
 exec-timeout 12 0
!
line default
 authorization exec TACACS
 login authentication TACACS
 exec-timeout 12 0
 transport input ssh