Configure Cisco ACS: TACACS+ Authentication
Use the following steps to configure Cisco ACS 5.x (TACACS+) to assign user groups to externally authenticated users in GigaVUE‑FM:
| 1.
|
Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles and click Create to add a new shell profile. |
| a.
|
Give the profile a name and description in the General page. |
| b.
|
Click the Custom Attributes page. |
| c.
|
Set the Attribute field to local-user-name. |
| 2.
|
Leave the Requirement and Attribute Value fields at their default value (Mandatory and Static, respectively). |
| 3.
|
Provide the list of GigaVUE‑FM specific groups in the following format: |
gigamon:groups=Super Admin Group,Admin Group
| 4.
|
Click the Add button to add this attribute to the shell profile. |
| 5.
|
Click Submit to finalize this shell profile. |
| 6.
|
Create Service Selection Rules that will assign this shell profile to desired GigaVUE users. |
Figure 1 shows the an example of a shell profile for TACACS+ in ACS 5.x with the local-user-name attribute supplied.
| Figure 8
|
Supplying local-user-name and groups in ACS 5.x for TACACS+ |