Cisco Systems CSACS3415K9 用户手册
4-4
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 4 Common Scenarios Using ACS
Overview of Device Administration
Step 5
Configure an access service policy. See
Step 6
Configure a service selection policy. See
Step 7
Configure an authorization policy (rule table). See
Command Authorization
This topic describes the flow for an administrator to issue a command to a network device.
Note
The device administration command flow is available for the TACACS+ protocol only.
1.
An administrator issues a command to a network device.
2.
The network device sends an access request to ACS.
3.
ACS optionally uses an identity store (external Lightweight Directory Access Protocol [LDAP],
Active Directory, RADIUS Identity Server, or internal ACS identity store) to retrieve user attributes
which are included in policy processing.
Active Directory, RADIUS Identity Server, or internal ACS identity store) to retrieve user attributes
which are included in policy processing.
4.
The response indicates whether the administrator is authorized to issue the command.
To configure a command authorization policy (device administration rule table) to allow an
administrator to issue commands to a network device:
administrator to issue commands to a network device:
Step 1
Configure the TACACS+ protocol global settings and user authentication option. See
Step 2
Configure network resources. See
.
Step 3
Configure the users and identity stores. See
or
Step 4
Configure command sets according to your needs. See
Step 5
Configure an access service policy. See
Step 6
Configure a service selection policy. See
Step 7
Configure an authorization policy (rule table). See
Related Topics
•
•
•
•
•
•