Cisco 3.3 User Manual

Chapter 6 User Group Management

Configuration-specific User Group Settings

6-32

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

To employ custom attributes for a particular service, you must select the
Custom attributes check box under that service, and then specify the
attribute/value in the box below the check box.

For more information about attributes, see

Appendix B, “TACACS+

Attribute-Value Pairs”

, or your AAA client documentation.

Tip

For ACLs and IP address pools, the name of the ACL or pool as defined
on the AAA client should be entered. (An ACL is a list of Cisco IOS
commands used to restrict access to or from other devices and users on
the network.)

Note

Leave the attribute value box blank if the default (as defined on the
AAA client) should be used.

Note

You can define and download an ACL. Click Interface
Configuration, click TACACS+ (Cisco IOS), and then select
Display a window for each service selected in which you can enter
customized TACACS+ attributes. A box opens under each
service/protocol in which you can define an ACL.

Step 5

To allow all services to be permitted unless specifically listed and disabled, you
can select the Default (Undefined) Services check box under the Checking this
option will PERMIT all UNKNOWN Services table.

Caution

This is an advanced feature and should only be used by administrators who
understand the security implications.

Step 6

To save the group settings you have just made, click Submit.

For more information, see

Saving Changes to User Group Settings, page 6-56

.

Step 7

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.