Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 and cisco ACE module

Hello,

I would like to configure tacacs+ aaa on cisco application control engine catalyst 6500 module. In the ACE configuration guide there is notice that one should configure additional parameters to be returned from the tacacs server (shell:<contextname>=<role> <domain1> <domain2>...<domainN>) to get virtual context authorization on Cisco ACE. My question is: where exactly should i put these parameters in ACS 5.1? Is there some document describing ACE + ACS 5.1 tacacs configuration ?

thanks

WM

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACS 5.1 and cisco ACE module

Here is the doc.

Message was edited by: jkatyal

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Re: ACS 5.1 and cisco ACE module

Hello WM,

Unlike with ACS 4, you do not need to define a customer service under which you would create custom attributes for ACE. Now you would only have to define the custom attributes under the shell profile for your ACE devices:

Policy Elements > Authorization and Permissions > Device  Administration > Shell Profiles (edit/create relevant profile) > Custom Attributes (tab)

... here is where you can manually enter the ACE attributes.

In order to verify/understand ACE attributes, you may visit below listed link;

Defining Private Attributes for Virtualization Support in a TACACS+ Server
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/aaa.html#wp1519045

I believe that the specific syuntax that you would need is to use "Admin" as the attribute name.  You would then set the requirement to "Optional". And finally, the value would be "Admin default-domain".


I have also attached a doc for the same.


Regds,

JK

Do rate helpul posts-

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: ACS 5.1 and cisco ACE module

Here is the doc.

Message was edited by: jkatyal

~BR Jatin Katyal **Do rate helpful posts**
1522
Views
10
Helpful
2
Replies
CreatePlease login to create content