Chapter3 Settin g Up the CiscoSecure ACS HTML Interface
Protocol Configuration Options for TACACS+
3-8
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version. 3.0
The four items you can choose to hide or display are as follows:
Advanced TACACS+ FeaturesThis option displays or hides the
Advanced TACACS+ Options section on the User Setup page. These
options include Privilege Level Authentication and Outbound Password
Configuration for SENDPASS and SENDAUTH clients, such as routers.
Display a Time-of-Day access grid for every TACA CS+ service wher e
you can override the default Time-of-Day settingsIf this option is
selected, a grid appears on the User Setup page that enables you to
override the TACACS+ scheduling attributes on the Group Setup page.
You can control the use of each T ACACS+ service by the time of day and
day of week. For example, you can restrict Exec (Telnet) access to
business hours but permit PPP-IP access at any time.
The default setting is to control time-of-day access for all services as part
of authentication. However, you can override the default and display a
time-of-day access grid for every service. This keeps user and group
setup easy to manage, while making this feature available for the most
sophisticated environments. This feature applies only to TACACS+
because TACACS+ can separate the authentication and authorization
processes. RADIUS time-of-day access applies to all services. If both
TACACS+ and RADIUS are used simultaneously, the default
time-of-day access applies to both. This provides a common method to
control access regardless of the access control protocol.
Display a window for each service selected in which you can enter
customized TACACS+ attributesIf this option is selected, an area
appears on the User Setup and Group Setup pages that enables you to
enter custom TACACS+ attributes.
Cisco Secure ACS can also display a custom command field for each
service. This text field enables you to make specialized configurations to
be downloaded for a particular service for users in a particular group.