AAA

AAA used for RBAC and centralized management.

A uthentication
A uthorization
A ccounting

TACACS+ mainly used for amangement and administration
RADIUS for end users

Example Configuration:

Enable AAA new model
set up methods lists for AAA
Apply the method lists for AAA


Set the default method list by using the keyword 'default'

aaa authentication login default group tacacs+ local enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+


'if-authenticated' means in the case where the router can not communicate with the TACACS server the router will authenticate the user and then the router will say the user is authorized (because he was previously authenticated) and the user login is successful.