.. _example_system_aaa_authentication_authorization_tacacs:

######
Tacacs
######


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

This scenario shows how to set up TACACS+ authentication and
per-command authorization. A TACACS+ server configured to deny
the ``show date`` command and allow everything else is added to
a TACACS+ group which is added to an AAA list. This list is used
to perform user authentication and authorization of CLI commands.

************************************
Local Login And Custom Authorization
************************************

Description
===========

In this scenario, login is performed through a serial
interface. The user is authenticated in the remote TACACS+ server.
Commands are also sent to this remote server in order to be
authorized/unauthorized.

Scenario
========

.. include:: tacacs/localloginandcustomauthorization

.. raw:: html

  <hr>

*************************************
Telnet Login And Custom Authorization
*************************************

Description
===========

In this scenario, login is performed through a Telnet
session. The user is authenticated in the remote TACACS+ server.
Commands are also sent to this remote server in order to be
authorized/unauthorized.

Scenario
========

.. include:: tacacs/telnetloginandcustomauthorization

.. raw:: html

  <hr>

**********************************
SSH Login And Custom Authorization
**********************************

Description
===========

In this scenario, login is performed through a SSH
session. The user is authenticated in the remote TACACS+ server.
Commands are also sent to this remote server in order to be
authorized/unauthorized.

Scenario
========

.. include:: tacacs/sshloginandcustomauthorization

.. raw:: html

  <hr>