Cisco 3.3 User Manual
Page 60
Chapter 1 Overview
AAA Server Functions and Concepts
1-20
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
AAA client that uses TACACS+. Also, you must provide the device-management
application with a valid administrator name and password. When a management
application initially communicates with Cisco Secure ACS, these requirements
ensure the validity of the communication. For information about configuring a
AAA client, see
AAA Client Configuration, page 4-11
. For information about
administrator accounts, see
Administrator Accounts, page 12-1
.
Additionally, the administrator used by the management application must have the
Create New Device Command Set Type privilege enabled. When a management
application initially communicates with Cisco Secure ACS, it dictates to
Cisco Secure ACS the creation of a device command set type, which appears in
the Shared Profile Components section of the HTML interface. It also dictates a
custom service to be authorized by TACACS+. The custom service appears on the
TACACS+ (Cisco IOS) page in the Interface Configuration section of the HTML
interface. For information about enabling TACACS+ services, see
Configuration Options for TACACS+, page 3-7
. For information about device
command-authorization sets for management applications, see
.
After the management application has dictated the custom TACACS+ service and
device command-authorization set type to Cisco Secure ACS, you can configure
command-authorization sets for each role supported by the management
application and apply those sets to user groups that contain network
administrators or to individual users who are network administrators. For
information about configuring a command-authorization set, see
Command Authorization Set, page 5-31
. For information about applying a shared
device command-authorization set to a user group, see
Device-Management Command Authorization for a User Group, page 6-37
. For
information about applying a shared device command-authorization set to a user,
see
Configuring Device-Management Command Authorization for a User,