📌 Applied to all routers and switches
aaa new-model
!
aaa group server tacacs+ ISE_GROUP
server name ISE
!
aaa authentication login SSH_LOGIN group ISE_GROUP local
aaa authorization exec SSH_EXEC group ISE_GROUP local if-authenticated
!
tacacs server ISE
address ipv4 10.100.10.2
key <Your_Secret_Key>
!
ip tacacs source-interface Loopback0
!
ip ssh source-interface Loopback0
ip ssh version 2
!
username <Username> secret <Your_Secret_Password>
!
enable secret <Your_Enable_Secrect_Password>
!
line vty 0 4
authorization exec SSH_EXEC
login authentication SSH_LOGIN
transport input ssh
!
snmp-server community ROUTER RO
snmp-server host 10.100.40.2 version 2c ROUTER
!
ntp server 10.100.30.2 prefer source Loopback0
!
clock timezone MYT 8 0- 🔐 TACACS+ (Cisco ISE) is used for centralized authentication
- 🔁 Local user acts as fallback if ISE is unreachable
- 📊 SNMP is used for monitoring (Zabbix)
- ⏱️ NTP ensures accurate logs and authentication
- 🛡️ SSH-only access is enforced (no Telnet)
- Devices without Loopback0 → adjust
source-interface - Devices not managed by ISE → use local authentication only