Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS4.x to ACS5.1 - Migrating "Tacacs New Services"

.How can we migrate tacacs support for other software into acs5.1?  This  is supported in ACS4.x in the New Services section of the Interface  Configuration tab and appears in the User Group attributes at the bottom  of the tacacs section.  We actually have some custom attributes in  those entries.

Everyone's tags (3)
1 REPLY
Cisco Employee

Re: ACS4.x to ACS5.1 - Migrating "Tacacs New Services"

ACS 5.1 has a differnt policy based approach to assigning priveleges as opposed to ACS 4.x where these were stored

in either the user/group definitions.

Won't go into all the explanations on this. You have some good materials on the "Welcome" page in the GUI

Out the box, all TACACS+ requests get handled by the "Default Device Admin" policy

You can see the authorization results by going to: "Access Policies > Access Services > Default Device Admin > Authorization"

If you click on Defaltl to see the ersults for the default rule and then press "Create" you can now create a new set of TACACS+ attribute to be returned. Go to the "Custom Attributes" tab and you can the custom attributes.

This describes how to do it out the box. Thsi wil evolve as you build up your policies

584
Views
0
Helpful
1
Replies