05-06-2010 11:58 PM - edited 03-10-2019 05:07 PM
Hello,
I would like to configure tacacs+ aaa on cisco application control engine catalyst 6500 module. In the ACE configuration guide there is notice that one should configure additional parameters to be returned from the tacacs server (shell:<contextname>=<role> <domain1> <domain2>...<domainN>) to get virtual context authorization on Cisco ACE. My question is: where exactly should i put these parameters in ACS 5.1? Is there some document describing ACE + ACS 5.1 tacacs configuration ?
thanks
WM
Solved! Go to Solution.
05-16-2010 03:12 AM
05-16-2010 02:31 AM
Hello WM,
Unlike with ACS 4, you do not need to define a customer service under which you would create custom attributes for ACE. Now you would only have to define the custom attributes under the shell profile for your ACE devices:
Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles (edit/create relevant profile) > Custom Attributes (tab)
... here is where you can manually enter the ACE attributes.
In order to verify/understand ACE attributes, you may visit below listed link;
Defining Private Attributes for Virtualization Support in a TACACS+ Server
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/aaa.html#wp1519045
I believe that the specific syuntax that you would need is to use "Admin" as the attribute name. You would then set the requirement to "Optional". And finally, the value would be "Admin default-domain".
I have also attached a doc for the same.
Regds,
JK
Do rate helpul posts-
05-16-2010 03:12 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide