Specifications
4-7
Cisco Global Site Selector Administration Guide
OL-5480-01
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server
Configuring a TACACS+ Server for Use with the GSS
2. Configure the following selections:
• AAA Client Hostname—Enter the name you want assigned to the GSS.
• AAA Client IP Address—Enter the IP address of the GSS Ethernet
interface that will be used for communicating with the TACACS+ server.
• Key—Enter the shared secret that the GSS and Cisco Secure ACS use to
authenticate transactions. For correct operation, you must specify the
identical shared secret on both the Cisco Secure ACS and the GSS. The
key is case-sensitive.
• Authenticate Using—Select TACACS+ (Cisco IOS).
Note The TACACS+ (Cisco IOS) drop-down item is the general title for the
Cisco TACACS+ authentication function. The TACACS+ (Cisco IOS)
selection activates the TACACS+ option when using Cisco Systems
access servers, routers, and firewalls that support the TACACS+
authentication protocol. This includes support with a GSS device as well.
Configuring Authorization Settings on the TACACS+ Server
Use the TACACS+ server to limit user access to a subset of CLI commands on a
GSS device. For the Cisco Secure ACS, define the CLI command sets for user
groups, then assign users to those groups. You can also determine a user’s primary
GSSM GUI privilege level when configuring user command authorization
settings.
Note For the Cisco Secure ACS, you may also define command privileges for
individual users instead of an entire group. The setup process is the same for users
or for groups.