beautypg.com

Cisco 3.3 User Manual

Page 60

background image

Chapter 1 Overview

AAA Server Functions and Concepts

1-20

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

AAA client that uses TACACS+. Also, you must provide the device-management
application with a valid administrator name and password. When a management
application initially communicates with Cisco Secure ACS, these requirements
ensure the validity of the communication. For information about configuring a
AAA client, see

AAA Client Configuration, page 4-11

. For information about

administrator accounts, see

Administrator Accounts, page 12-1

.

Additionally, the administrator used by the management application must have the
Create New Device Command Set Type privilege enabled. When a management
application initially communicates with Cisco Secure ACS, it dictates to
Cisco Secure ACS the creation of a device command set type, which appears in
the Shared Profile Components section of the HTML interface. It also dictates a
custom service to be authorized by TACACS+. The custom service appears on the
TACACS+ (Cisco IOS) page in the Interface Configuration section of the HTML
interface. For information about enabling TACACS+ services, see

Protocol

Configuration Options for TACACS+, page 3-7

. For information about device

command-authorization sets for management applications, see

Command

Authorization Sets, page 5-25

.

After the management application has dictated the custom TACACS+ service and
device command-authorization set type to Cisco Secure ACS, you can configure
command-authorization sets for each role supported by the management
application and apply those sets to user groups that contain network
administrators or to individual users who are network administrators. For
information about configuring a command-authorization set, see

Adding a

Command Authorization Set, page 5-31

. For information about applying a shared

device command-authorization set to a user group, see

Configuring

Device-Management Command Authorization for a User Group, page 6-37

. For

information about applying a shared device command-authorization set to a user,
see

Configuring Device-Management Command Authorization for a User,

page 7-30

.