Cisco 2509 - Router - EN User Manual page 190

Configuration-specific User Group Settings
To configure services and protocols in the TACACS+ Settings table to be
Step 4
authorized for the group, follow these steps:
a.
b.
Tip
Step 5 To allow all services to be permitted unless specifically listed and disabled, you
can select the Default (Undefined) Services check box under the Checking this
option will PERMIT all UNKNOWN Services table.
This is an advanced feature and should only be used by administrators who
Warning
understand the security implications.
User Guide for Cisco Secure ACS for Windows Server
6-30
Select one or more service/protocol check boxes (for example, PPP IP or
ARAP).
Under each service/protocol that you selected in Step a, select attributes and
then type in the corresponding values, as applicable, to further define
authorization for that service/protocol.
To employ custom attributes for a particular service, you must select the
Custom attributes check box under that service, and then specify the
attribute/value in the box below the check box.
For more information about attributes, see
Attribute-Value Pairs,"
For ACLs and IP address pools, the name of the ACL or pool as defined
on the AAA client should be entered. (An ACL is a list of Cisco IOS
commands used to restrict access to or from other devices and users on
the network.)
Leave the attribute value box blank if the default (as defined on the
Note
AAA client) should be used.
Note You can define and download an ACL. Click Interface
Configuration, click TACACS+ (Cisco IOS), and then select
Display a window for each service selected in which you can enter
customized TACACS+ attributes. A box opens under each
service/protocol in which you can define an ACL.
Chapter 6 Setting Up and Managing User Groups
Appendix B, "TACACS+
or your AAA client documentation.
78-14696-01, Version 3.1