Configure Cisco ACS: TACACS+ Authentication
Use the following steps to configure Cisco ACS 5.x (TACACS+) to assign user groups to externally authenticated users in GigaVUE‑FM:
|
1.
|
Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles and click Create to add a new shell profile. |
|
a.
|
Give the profile a name and description in the General page. |
|
b.
|
Click the Custom Attributes page. |
|
c.
|
Set the Attribute field to local-user-name. |
|
2.
|
Leave the Requirement and Attribute Value fields at their default value (Mandatory and Static, respectively). |
|
3.
|
Provide the list of GigaVUE‑FM specific groups in the following format: |
gigamon:groups=Super Admin Group,Admin Group
|
4.
|
Click the Add button to add this attribute to the shell profile. |
|
5.
|
Click Submit to finalize this shell profile. |
|
6.
|
Create Service Selection Rules that will assign this shell profile to desired GigaVUE users. |
Figure 1 shows the an example of a shell profile for TACACS+ in ACS 5.x with the local-user-name attribute supplied.
|
Figure 8
|
Supplying local-user-name and groups in ACS 5.x for TACACS+ |