About user group setup features and functions, Default group, Group tacacs+ settings – Cisco 3.3 User Manual

Page 192

Advertising
background image

Chapter 6 User Group Management

About User Group Setup Features and Functions

6-2

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

About User Group Setup Features and Functions

The Group Setup section of the Cisco Secure ACS HTML interface is the
centralized location for operations regarding user group configuration and
administration. For information about network device groups (NDGs), see

Network Device Group Configuration, page 4-28

.

This section contains the following topics:

Default Group, page 6-2

Group TACACS+ Settings, page 6-2

Default Group

If you have not configured group mapping for an external user database,
Cisco Secure ACS assigns users who are authenticated by the Unknown User
Policy to the Default Group the first time they log in. The privileges and
restrictions for the default group are applied to first-time users. If you have
upgraded from a previous version of Cisco Secure ACS and kept your database
information, Cisco Secure ACS retains the group mappings you configured before
upgrading.

Group TACACS+ Settings

Cisco Secure ACS enables a full range of settings for TACACS+ at the group
level. If a AAA client has been configured to use TACACS+ as the security
control protocol, you can configure standard service protocols, including PPP IP,
PPP LCP, ARAP, SLIP, and shell (exec), to be applied for the authorization of
each user who belongs to a particular group.

Note

You can also configure TACACS+ settings at the user level. User-level settings
always override group level settings.

Cisco Secure ACS also enables you to enter and configure new TACACS+
services. For information about how to configure a new TACACS+ service to
appear on the group setup page, see

Protocol Configuration Options for

TACACS+, page 3-7

.

Advertising