Configure Users & Add AAA Clients to TACACS Server

If you want to know how to install Cisco ACS server on VMware Workstation to practice this please click here. TACACS server version I use is 5.7 & the AAA client is a Cisco Router..

Steps:-

1. Create a user in Cisco ACS

2. Configure Shell Profiles for Commands Authorization
3. Configure Command Sets for Commands Authorization

4. Binding the Users with Shell Profiles & Command Sets
5. Add the device in Cisco ACS

Let's begin..

1. Create a user in Cisco ACS

Go to Users and Identity Stores > Users and fill the mandatory items.
(click on the images to view in full size)

2. Configure Shell Profiles for Commands Authorization

Go to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles. Create new, give a name and change the Common Tasks like the following..
I have given the highest privilege level of 15..

3. Configure Command Sets for Commands Authorization

Create a Command Set from Policy Elements > Authorization and Permissions > Device Administration > Command Sets

4. Binding the Users with Shell Profiles & Command Sets

Go to Access Polices >  Default Device Admin > Authorization and click customize

Hit OK and Click on create new..

Give the previously created username and Shell Profile and hit OK and save changes.

5. Add the device in Cisco ACS

Go to Network Resources >  Network Devices and AAA Clients and fill the mandatory items.

If you want to know how to configure a AAA client like a Cisco router for SSH access for TACACS users click here.