Configuring TACACS+ Accredit Console
Authentication in Cisco Secure ACS
To configure accredit animate affidavit application TACACS+ in Cisco Secure
ACS, you charge accredit Avant-garde TACACS+ Features, configure the accredit privileges
for the adapted users or groups, and again configure accredit affidavit on
the PIX Firewall.The afterward paragraphs call the accomplish you charge to booty to
complete the configuration.
To accredit Avant-garde TACACS+ Features, bang TACACS+ (Cisco IOS)
within the Interface Agreement window, as apparent in Figure 5.19.
Within the TACACS+ (Cisco IOS) options window, annal bottomward to the
Advanced Agreement Options area and baddest the Avant-garde TACACS+
www.syngress.com
Figure 5.19 Cisco Secure ACS Interface Agreement Window TACACS+
(Cisco IOS) Options
Authentication, Authorization, and Accounting • Affiliate 5 247
Features analysis box, as apparent in Figure 5.20. Bang the Submit button to
enable the avant-garde features.
To accommodate a alleged user the adeptness to admission the PIX firewall Privileged
mode, cross to the user’s contour via the User Bureaucracy window and annal down
to the Avant-garde TACACS+ Setting area of the window. Under the
TACACS+ Accredit Control subsection, you accept four options for allegorical the
user’s best accessible privilege.These options are articular and declared in
Table 5.2.
Table 5.2 TACACS+ Accredit Control Options
TACACS+ Accredit Control Advantage Description
Use Accumulation Akin Setting Determines the user’s maximum
privilege akin based on the corre
sponding accumulation settings.
No Accredit Advantage Provides the user with no enable
privileges. This is the absence option.
Max Advantage for any AAA Client Specifies the best advantage for the
user back accessing any AAA client
device.
www.syngress.com
Figure 5.20 Cisco Secure ACS: Enabling Avant-garde TACACS+ Features
Continued
248 Affiliate 5 • Authentication, Authorization, and Accounting
TACACS+ Accredit Control Advantage Description
Define Max Advantage on a per Specifies the best advantage for the
network accessory accumulation base user based on NDGs. Note that NDGs
must be enabled in adjustment to use this
option. See the area blue-blooded “Adding
an NAS to Cisco Secure ACS” for infor
mation on how to accredit NDGs.
NOTE
The advantage specifies the akin of admission accessible to the user and is
discussed after in this chapter.
Select the Max Advantage for any AAA Client radio button and choose
Level 15 from the agnate drop-down list, as apparent in Figure 5.21.
www.syngress.com
Table 5.2 Continued
Figure 5.21 Cisco Secure ACS TACACS+ Accredit Control Options
Authentication, Authorization, and Accounting • Affiliate 5 249
Scroll added bottomward to the TACACS+ Accredit Countersign area of the
window (see Figure 5.22), and baddest the adapted countersign arrangement for entering
Privileged mode.Table 5.3 identifies and describes the TACACS+ enable
password options.
Table 5.3 TACACS+ Accredit Countersign Options
TACACS+ Accredit Countersign Advantage Description
Use CiscoSecure PAP countersign Use the Cisco Secure countersign defined
during the basal user setup, as
described in the area blue-blooded “Adding
a User to Cisco Secure ACS.”
Use alien database countersign Use an alien database as the source
of the accredit password, and baddest the
appropriate database from the corre
sponding drop-down list.
Use abstracted countersign Specify a abstracted countersign by typing
and retyping the countersign in the corre
sponding argument boxes.
Click the Submit button to complete the Cisco Secure ACS configuration.
To configure TACACS+ accredit affidavit on the PIX Firewall, use the aaa
www.syngress.com
Figure 5.22 Cisco Secure ACS TACACS+ Accredit Countersign Options
250 Affiliate 5 • Authentication, Authorization, and Accounting
authentication accredit animate command, as declared previously. For example, to
configure TACACS+ accredit affidavit application a ahead authentic TACACS+
server accumulation alleged TACACSGroup, affair the afterward command on the PIX
firewall:
PIX1(config)# aaa affidavit accredit animate TACACSGroup