Configuring TACACS+ on a Cisco Router

TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco proprietary protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ uses port tcp 49 and provides separate authentication, authorization and accounting services.

Below shows you the general steps involved,

First of all configure you router to use TACACS+. Make sure that you do not logout of the router at the point of running the command aaa new-model. This command clears your current login settings, so if you logout you will not have the configuration in place to allow you to log back in.

(config)# aaa new-model 
(config)# tacacs-server host [tacacs ip] single-connection
(config)# tacacs-server host [tacacs ip] key [key]

On your TACACS server configure you router as a TACACS client.
Back on your router add the following commands. This only shows you a brief general guide on the configuration steps, and in a real world scenerio your config would be much more detailed.

(config)# aaa authentication login [AUTH LIST NAME] group tacacs+ local  
(config-line)# line vty 0 4
(config-line)# login authentication [AUTH LIST NAME]


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001