To configure a group in a TACACS+ authentication server:
1. On the server, add raccess service to the user configuration.
2. Define which group(s) the user belongs to in the raccess service following this syntax:
group_name = <Group1>[,<Group2,...,GroupN>];
For example:
In the console server, configure a new authorization group TACACS_1 , and configure the
access rights for this group. In the TACACS+ server, configure the user regina with the
following attribute: raccess = group_name=TACACS_1;
Then, configure the user special with the following attribute: raccess = group_name=admin;
During the authentication phase, the console server will receive the attribute raccess from the
TACACS+ server. The user regina belongs to the authorization group TACACS_1 and the user
special belongs to the authorization group admin.
To configure a group in a RADIUS authentication server:
Define which group(s) the user belongs to in the attribute FRAMED_FILTER_ID with the
following syntax:
[:group_name=]<acs6000_group1>[,<acs6000_group2>];
NOTE: Thegroupnamesshouldbeseparated byacommaandendwithasemi-colon.
NOTE: TheACS6000 consoleserver acceptsmultipleFRAMED_FILTER_ID attributes.
For example:
In the console server, configure new authorization groups RADIUS_1 and RADIUS_2, and
configure the access rights for these groups. In the Radius server, configure the user regina with
the following attribute:
FramedFilterID = group_name=RADIUS_1,RADIUS_2;
-or-
FramedFilterID = RADIUS_1,RADIUS_2;
-or-
FramedFilterID = RADIUS_1;
FramedFilterID += RADIUS_2;
Then, configure the user special with the following attribute:
FramedFilterID = group_name=admin;
Chapter 3: Accessing the Console Server via the Web Manager 61