Specifications
4-5
Cisco Global Site Selector Administration Guide
OL-5480-01
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server
Configuring a TACACS+ Server for Use with the GSS
Configuring a TACACS+ Server for Use with the GSS
This section provides background on how to set up a TACACS+ server, such as
the Cisco Secure Access Control Server (ACS). It is intended as a guide to help
ensure proper communication with a TACACS+ server and a GSS operating as a
TACACS+ client. For details on configuring the Cisco Secure ACS, or another
TACACS+ server, consult the documentation provided with the software.
The following topics summarize the recommended Cisco Secure Access Control
Server (ACS) TACACS+ user authentication, authorization, and accounting
settings.
• Configuring Authentication Settings on the TACACS+ Server
• Configuring Authorization Settings on the TACACS+ Server
• Configuring Accounting Settings on the TACACS+ Server
Note For the GSS to properly perform user authentication using a TACACS+ server, the
username and password must be identical on both the GSS CLI and the TACACS+
server.
6. Enable the TACACS+ authorization service to permit or restrict user access
to specific GSS CLI commands, as defined by the TACACS+ server.
gssm1.example.com(config)# aaa authorization commands
7. Enable the TACACS+ accounting service to allow the GSS administrator to
monitor the use of specific CLI commands and GUI pages by each GSS
user.
gssm1.example.com(config)# aaa accounting commands
Table 4-1 TACACS+ Configuration Quick Start (continued)
Task and Command Example