https://blog.it-learn.io/tags/ios-xe/Recent content in Ios-Xe on it-learn.io | IT, Networking & Cybersecurity BlogHugoen-usTue, 12 May 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-05-13-tacacs-lockout-ios-xe-aaa-lessons/Tue, 12 May 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-05-13-tacacs-lockout-ios-xe-aaa-lessons/<p>A short engineering story about the kind of failure that humbles you, and the diagnostic process that turns a humiliation into a useful artifact.</p> <p>In the <a href="https://blog.it-learn.io/posts/2026-05-12-cisco-ise-automation-ansible-claude-deployment/">previous post</a> I walked through building a Cisco ISE 3.4 deployment as code in one evening. End-to-end working: AD-integrated wireless 802.1X, MAB for IoT, TACACS+ for device admin. Smoke tests green. Repo public. Felt good.</p> <p>A few sessions later I went back to tighten the screws — replace the broad <code>PermitAllCommands</code> TACACS shell with <strong>per-command authorization</strong>, the proper way: Helpdesk gets <code>show / ping / traceroute</code>, NetworkOps gets safe troubleshooting verbs, Admins get everything. The kind of thing audit teams ask for.</p>