ACS4.x to ACS5.1 - Migrating "Tacacs New Services"

Unanswered Question
Mar 23rd, 2010
User Badges:

.How can we migrate tacacs support for other software into acs5.1?  This  is supported in ACS4.x in the New Services section of the Interface  Configuration tab and appears in the User Group attributes at the bottom  of the tacacs section.  We actually have some custom attributes in  those entries.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jrabinow Tue, 03/23/2010 - 12:40
User Badges:
  • Cisco Employee,

ACS 5.1 has a differnt policy based approach to assigning priveleges as opposed to ACS 4.x where these were stored

in either the user/group definitions.


Won't go into all the explanations on this. You have some good materials on the "Welcome" page in the GUI


Out the box, all TACACS+ requests get handled by the "Default Device Admin" policy


You can see the authorization results by going to: "

Access Policies > Access Services > Default Device Admin > Authorization"


If you click on Defaltl to see the ersults for the default rule and then press "Create" you can now create a new set of TACACS+ attribute to be returned. Go to the "Custom Attributes" tab and you can the custom attributes.


This describes how to do it out the box. Thsi wil evolve as you build up your policies

Actions

This Discussion

Related Content