思科:

aaa new-model
aaa group server tacacs+ tacacs-group(指定3A服务器组)
 server name ise1
 server name ise2
aaa authentication login conlogin local(串口用本地密码验证)
(下面设置3A模板,模板名用默认default,绑定tacacs-group组)
aaa authentication login default group tacacs-group local
aaa authentication enable default group tacacs-group enable
aaa authorization config-commands
aaa authorization exec default group tacacs-group local
aaa authorization commands 15 default group tacacs-group local
aaa accounting exec default start-stop group tacacs-group
aaa accounting commands 15 default start-stop group tacacs-group
ip tacacs source-interface Loopback 0(3A认证源接口)
tacacs-server timeout 1(3A服务器连接超时时间)
tacacs server ise1(设置3A服务器地址和密钥)
 address ipv4 192.168.11.122
 key free
tacacs server ise2
 address ipv4 192.168.11.123
 key free
line con 0
 exec-timeout 15 0
 privilege level 15
 logging synchronous
 login authentication conlogin(串口用本地认证)
line vty 0 4
 exec-timeout 15 0
 logging synchronous
 transport preferred ssh
 transport input ssh
 (因为3A配置的是default group,所以vty不用指定认证模板)

华三:

domain default enable abc(3A配置在哪个domain下,就启用这个domain)
hwtacacs scheme abc-aaa(hwtacacs模板)
 primary authentication 192.168.11.122
 secondary authentication 192.168.11.123
 primary authorization 192.168.11.122
 secondary authorization 192.168.11.123
 primary accounting 192.168.11.122
 secondary accounting 192.168.11.123
 nas-ip 1.1.1.1(3A源地址)
 key authentication free
 key authorization free
 key accounting free
 user-name-format without-domain(认证请求时不带域名)
domain abc(domain绑定hwtacacs模板)
 authentication login hwtacacs-scheme abc-aaa local
 authorization login hwtacacs-scheme abc-aaa local
 accounting login hwtacacs-scheme abc-aaa local
 accounting optional
user-interface con 0(串口配置本地密码认证)
 authentication-mode password
 set authentication password simple 123456
user-interface vty 0 15
 authentication-mode scheme
 command accounting
 command authorization (如果3A登录后不能进入sys模式,就删除此行)

华为:

hwtacacs enable
hwtacacs-server template abc-aaa(hwtacacs模板)
 hwtacacs-server authentication 192.168.11.122
 hwtacacs-server authentication 192.168.11.123 secondary
 hwtacacs-server authorizaiton 192.168.11.122
 hwtacacs-server authorization 192.168.11.123 secondary
 hwtacacs-server accounting 192.168.11.122
 hwtacacs-server accounting 192.168.11.123 secondary
 hwtacacs-server source-ip 1.1.1.13(3A源地址)
 hwtacacs-server shared-key simple free
 undo hwtacacs-server user-name domain-included(认证请求时不带域名)
aaa(3A模板绑定hwtacacs模板)
 authentication-scheme abc-aaa
  authentication-mode hwtacacs local
 authorization-scheme abc-aaa
  authorization-mode hwtacacs local
  authorization-cmd 15 hwtacacs local
 accounting-scheme abc-aaa
  accounting-mode hwtacacs
 domain abc(如果设备有domain default_admin,就配置在这下面)
  service-type internetaccess ssl-\*\*\* l2tp ike administrator-access dot1x(USG系列需要配置)
  authentication-scheme abc-aaa
  authorization-scheme abc-aaa
  accounting-scheme abc-aaa
  hwtacacs-server abc-aaa
 recording-scheme abc-aaa
  recording-mode hwtacacs abc-aaa
 cmd recording-scheme abc-aaa
user-interface con 0(串口配置本地密码认证)
 authentication-mode password
 set authentication password simple 123456
user-interface vty 0 14
 authentication-mode aaa

锐捷:

aaa new-model()
(下面设置3A模板,绑定tacacs-group组)
aaa accounting exec vtyacc start-stop group tacacs-group
aaa accounting commands 15 vtyacc start-stop group tacacs-group
aaa authorization exec vtyauthor group tacacs-group local
aaa authorization commands 15 vtyauthor group tacacs-group local
aaa authentication login vtyauth group tacacs-group local
aaa group server tacacs+ tacacs-group(3A服务器组地址)
 server 192.168.11.122
 server 192.168.11.123
ip tacacs source-interface Loopback 0(3A认证源接口)
tacacs-server host 192.168.11.122
tacacs-server host 192.168.11.123
tacacs-server key 0 free
line con 0(串口用本地密码认证)
 password 0 123456
line vty 0 15(vty调用3A模板)
 accounting exec vtyacc
 accounting commands 15 vtyacc
 authorization exec vtyauthor
 authorization commands 15 vtyauthor
 login authentication vtyauth