Cisco Systems 3.3 Server User Manual


 
Chapter 3 Interface Configuration
Protocol Configuration Options for TACACS+
3-8
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note If you have configured Cisco Secure ACS to interact with device
management applications for other Cisco products, such as
Management Center for Firewalls, Cisco Secure ACS may display
new TACACS+ services as dictated by these device management
applications. To ensure the proper functioning of Cisco Secure ACS,
of device management applications with which Cisco Secure ACS
interacts, and of the Cisco network devices managed by those
applications, do not change or delete automatically generated
TACACS+ service types.
Advanced Configuration Options—In this area you can add more detailed
information for even more tailored configurations.
The four items you can choose to hide or display are as follows:
Advanced TACACS+ Features—This option displays or hides the
Advanced TACACS+ Options section on the User Setup page. These
options include Privilege Level Authentication and Outbound Password
Configuration for SENDPASS and SENDAUTH clients, such as routers.
Display a Time-of-Day access grid for every TACACS+ service where
you can override the default Time-of-Day settings—If this option is
selected, a grid appears on the User Setup page that enables you to
override the TACACS+ scheduling attributes on the Group Setup page.
You can control the use of each TACACS+ service by the time of day and
day of week. For example, you can restrict Exec (Telnet) access to
business hours but permit PPP-IP access at any time.
The default setting is to control time-of-day access for all services as part
of authentication. However, you can override the default and display a
time-of-day access grid for every service. This keeps user and group
setup easy to manage, while making this feature available for the most
sophisticated environments. This feature applies only to TACACS+
because TACACS+ can separate the authentication and authorization
processes. RADIUS time-of-day access applies to all services. If
TACACS+ and RADIUS are used simultaneously, the default
time-of-day access applies to both. This provides a common method to
control access regardless of the access control protocol.