Below are some examples pulled from a working configuration. Enjoy!
#NEXUS
tacacs-server key 7 {SHARED SECRET} tacacs-server timeout 6 tacacs-server host 172.16.1.101 tacacs-server host 172.16.2.101 aaa group server tacacs+ TACACS aaa authentication login default group TACACS local aaa authorization config-commands default group TACACS local aaa authorization commands default group TACACS local aaa accounting default group TACACS local ip tacacs source-interface vlan96 aaa group server tacacs+ TACACS server 172.16.1.101 server 172.16.2.101 source-interface Vlan96
#ASR_IOS-XE
tacacs server ACS_TPA address ipv4 172.16.1.101 key {SHARED SECRET} tacacs server ACS_DR address ipv4 172.16.2.101 key {SHARED SECRET} aaa group server tacacs+ TAC_PLUS server name ACS_TPA server name ACS_DR ip vrf forwarding Mgmt-intf aaa new-model aaa authentication login default group TAC_PLUS local enable aaa authentication enable default group TAC_PLUS enable aaa authorization exec default group TAC_PLUS if-authenticated aaa authorization commands 5 default group TAC_PLUS if-authenticated aaa authorization commands 15 default group TAC_PLUS if-authenticated aaa accounting exec default start-stop group TAC_PLUS aaa accounting commands 5 default start-stop group TAC_PLUS aaa accounting commands 15 default start-stop group TAC_PLUS aaa session-id common ip tacacs source-interface g0/0
#IOS (ROUTERS/SWITCHES)
aaa new-model aaa authentication login default group tacacs+ local enable aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 5 default group tacacs+ if-authenticated aaa authorization commands 15 default group tacacs+ if-authenticated aaa accounting exec default start-stop group tacacs+ aaa accounting commands 5 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa session-id common tacacs-server host 172.16.1.101 tacacs-server host 172.16.2.101 tacacs-server timeout 6 tacacs-server directed-request tacacs-server key 7 {SHARED SECRET} ip tac source vlan96
#ASA
aaa-server ACS protocol tacacs+ aaa-server ACS (inside) host 172.16.1.101 key {SHARED SECRET} aaa-server ACS (inside) host 172.16.2.101 key {SHARED SECRET} aaa authentication ssh console ACS LOCAL aaa authentication enable console ACS LOCAL aaa authentication http console ACS LOCAL aaa authorization exec authentication-server
#WIRELESS
config tacacs acct add 1 172.16.1.101 49 ascii {SHARED SECRET} config tacacs acct add 2 172.16.2.101 49 ascii {SHARED SECRET} config tacacs auth add 1 172.16.1.101 49 ascii {SHARED SECRET} config tacacs auth add 2 172.16.2.101 49 ascii {SHARED SECRET} config tacacs athr add 1 172.16.1.101 49 ascii {SHARED SECRET} config tacacs athr add 2 172.16.2.101 49 ascii {SHARED SECRET} config aaa auth mgmt tacacs local