Setting options for tacacs – Cisco 3.3 User Manual

3-9

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 3 Interface Configuration

Protocol Configuration Options for TACACS+

–

Display a window for each service selected in which you can enter
customized TACACS+ attributes—If this option is selected, an area
appears on the User Setup and Group Setup pages that enables you to
enter custom TACACS+ attributes.

Cisco Secure ACS can also display a custom command field for each
service. This text field enables you to make specialized configurations to
be downloaded for a particular service for users in a particular group.

You can use this feature to send many TACACS+ commands to the access
device for the service, provided that the device supports the command,
and that the command syntax is correct. This feature is disabled by
default, but you can enable it the same way you enable attributes and
time-of-day access.

–

Display enable Default (Undefined) Service Configuration—If this
check box is selected, an area appears on the User Setup and Group Setup
pages that enables you to permit unknown TACACS+ services, such as
Cisco Discovery Protocol (CDP).

Note

This option should be used by advanced system administrators only.

Note

Customized settings at the user level take precedence over settings at the group
level.

Setting Options for TACACS+

This procedure enables you to display or hide TACACS+ administrative and
accounting options. It is unlikely that you will use every service and protocol
available for TACACS+. Displaying each would make setting up a user or group
cumbersome. To simplify setup, you can use the TACACS+ (Cisco IOS) Edit page
to customize the services and protocols that appear.