Chapter 6 Setting Up and Managing User Groups
Configuration-specific User Group Settings
6-30
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Step 4
To configure services and protocols in the Settings table to be
authorized for the group, follow these steps:
a.
Select one or more service/protocol check boxes (for example, PPP IP or
ARAP).
b.
Under each service/protocol that you selected in Step a, select attributes and
then type in the corresponding values, as applicable, to further define
authorization for that service/protocol.
To employ custom attributes for a particular service, you must select the
Custom attributes check box under that service, and then specify the
attribute/value in the box below the check box.
For more information about attributes, see
Appendix B, “
Attribute-Value Pairs,”
or your AAA client documentation.
Tip
For ACLs and IP address pools, the name of the ACL or pool as defined
on the AAA client should be entered. (An ACL is a list of Cisco IOS
commands used to restrict access to or from other devices and users on
the network.)
Note
Leave the attribute value box blank if the default (as defined on the
AAA client) should be used.
Note
You can define and download an ACL. Click Interface
Configuration, click (Cisco IOS), and then select
Display a window for each service selected in which you can enter
customized attributes. A box opens under each
service/protocol in which you can define an ACL.
Step 5
To allow all services to be permitted unless specifically listed and disabled, you
can select the Default (Undefined) Services check box under the Checking this
option will PERMIT all UNKNOWN Services table.
Warning
This is an advanced feature and should only be used by administrators who
understand the security implications.