4-5
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter4 Configuring the CSS as a Client of a TACACS+ Server
Configuring Global TACACS+ Attributes
4. Proceed next to Unmatched Commands, either permit or deny execution of
the privilege command:
•For a user that has SuperUser privileges on the CSS, click Permit. A
SuperUser can issue any CSS command.
•For a user that has User privileges on the CSS, click Deny. A user can
issue CSS commands that do not change the CSS configuration; for
example, show commands.
5. From the Group Setup section, Group Setup Select page, select the group for
which you want to configure TACACS+ settings.
6. On the Shell Command Authorization Set section, select Assign a Shell
Command Authorization Set for any network device.
7. Select the set from the list.
To add a user to a group, go to the User Setup section of the Cisco Secure ACS
HTML interface:
•On the User Setup Select page, specify a username.
•On the User Setup Edit page, specify the following:
–
Password Authentication - Select an applicable authentication type from
the list.
–
Password - Specify and confirm a password.
–
Group - Select the previously created TACACS+ group to which you
want to assign the user.
Configuring Global TACACS+ AttributesThe TACACS+ timeout period, encryption key, and keepalive frequency have
default values that are applied to the TACACS server. During the server
configuration, you can configure these attributes to be specific to the server or
omit them for the server to accept the default values. You can change the default
values for any of these global attributes. The following sections provide
information for:
•Setting the Global CSS TACACS+ Timeout Period
•Defining a Global Encryption Key
•Setting the Global TACACS+ Keepalive Frequency