Configure Cisco ACS: TACACS+ Authentication

Use the following steps to configure Cisco ACS 5.x (TACACS+) to assign user groups to externally authenticated users in GigaVUE‑FM:

1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles and click Create to add a new shell profile.
a. Give the profile a name and description in the General page.
b. Click the Custom Attributes page.
c. Set the Attribute field to local-user-name.
2. Leave the Requirement and Attribute Value fields at their default value (Mandatory and Static, respectively).
3. Provide the list of GigaVUE‑FM specific groups in the following format:

gigamon:groups=Super Admin Group,Admin Group

 

4. Click the Add button to add this attribute to the shell profile.
5. Click Submit to finalize this shell profile.
6. Create Service Selection Rules that will assign this shell profile to desired GigaVUE users.

Figure 1 shows the an example of a shell profile for TACACS+ in ACS 5.x with the local-user-name attribute supplied.

 

Figure 8 Supplying local-user-name and groups in ACS 5.x for TACACS+