Standardized AAA model and tacacs+ config. DO NOT RUN ON ROUTERS AND SWITCHES AT THE SAME TIME. Devices must have script run on them separately.
This AAA model will allow command line 15 access for all ACS authenticated administrators, ergo no more enable passwords. This action is fully justified by the very STIGs the model addresses.