To configure a group in a TACACS+ authentication server:
1. On the server, add raccess service to the user configuration.
2. Define which group(s) the user belongs to in the raccess service following this syntax:
group_name = <Group1>[,<Group2,...,GroupN>];
For example:
In the virtual console server, configure a new authorization group TACACS_1 , and
configure the access rights for this group. In the TACACS+ server, configure the user
regina with the following attribute:
raccess = group_name=TACACS_1
Then, configure the user special with the following attribute:
raccess = group_name=admin
During the authentication phase, the virtual console server will receive the attribute
raccess from the TACACS+ server. The user regina belongs to the authorization group
TACACS_1 and the user special belongs to the authorization group admin.
To configure a group in a RADIUS authentication server:
Define which group(s) the user belongs to in the attribute FRAMED_FILTER_ID with the
following syntax:
[:group_name=]<acs6000_group1>[,<acs6000_group2>];
NOTE: The group namesshouldbe separated byacomma andendwitha semi-colon.
NOTE: The virtualconsoleserver acceptsmultipleFRAMED_FILTER_ID attributes.
For example:
In the virtual console server, configure new authorization groups RADIUS_1 and RADIUS_2,
and configure the access rights for these groups. In the Radius server, configure the user regina
with the following attribute:
FramedFilterID : FramedFilterID = group_name=RADIUS_1,RADIUS_2;
-or-
FramedFilterID = RADIUS_1,RADIUS_2;
-or-
FramedFilterID = RADIUS_1;
FramedFilterID += RADIUS_2;
Then, configure the user special with the following attribute:
FramedFilterID as group_name=admin
Chapter 3: Accessing a Virtual Console Server via the Web Manager 45