Cisco Cisco Secure Access Control System 5.2 Technical Manual

Introduction
 Prerequisites
      Requirements
      Components Used
      Conventions
 Configuration
      Configure ACS 5.x for Authentication and Authorization
      Configure the Cisco IOS device for Authentication and Authorization
 Verify
 Related Information

This document provides an example of configuring TACACS+ Authentication and Command Authorization
based on AD group membership of a user with Cisco Secure Access Control System (ACS) 5.x and later.
ACS uses Microsoft Active Directory (AD) as an external identity store to store resources such as users,
machines, groups, and attributes.

Ensure that you meet these requirements before you attempt this configuration:

ACS 5.x is fully integrated to the desired AD Domain. If the ACS is not integrated with the desired
AD Domain, refer to ACS 5.x and later: Integration with Microsoft Active Directory Configuration
Example for more information in order to perform the integration task.

• 

The information in this document is based on these software and hardware versions:

Cisco Secure ACS 5.3

• 

Cisco IOS

®

 Software Release 12.2(44)SE6.

Note: This configuration can be done on all the Cisco IOS devices.

• 

Microsoft Windows Server 2003 Domain

• 

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.