OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

Cisco Secure ACS Shell Profiles and Command sets, How to configure Shell Profiles and Command sets in ACS

External Resources


Cisco Secure ACS Shell Profiles and Command sets are the key terms related with AAA authorization. Cisco Secure ACS Shell profiles and Command Sets are combined for user authorization at shell and also to authorize commands ate different privilege levels and configuration mode.

Cisco Secure ACS Shell Profile is used for defining permissions to be granted for a shell access requests and then for TACACS+ based device administration policy. In a Shell Profile, we can define the "Default Privilege" and the "Maximum Privilege".

Cisco IOS CLI Shell privilege level can be defined in Shell Profiles and the commands for the Privilege Level can be defined in Command Sets. To create a Shell Profile with both "Default Privilege" and "Maximum Privilege" 9 and a Command Set in Cisco Secure ACS, follow these steps.

Step 01 - Connect to Cisco Secure ACS using Microsoft Internet Explorer as shown below. If you are new to AAA, TACACS+ and Cisco Secure ACS, click the following links to learn more.

1) AAA Authentication Authorization and Accounting

2) AAA RADIUS and TACACS+ - Difference between RADIUS and TACACS+

3) Cisco ACS Secure Access Control System Products

4) How to install Cisco ACS (Secure Access Control Server ) 5.4 on VMware Workstation

5) How to connect manage and configure Cisco ACS using web browser

Cisco Secure ACS Shell Profile Create

Step 02 - Enter a name and description for the new Shell Profile and then click "Common Tasks", as shwon below.

Cisco Secure ACS Shell Profile Name

Step 03 - Enter the Default and Maximum Shell Privilege as shown below, and then click "Submit".

Cisco Secure ACS Shell Profile Default Maximum Privilege

Step 04 - You can see that the Shell profile is created as shown below.

Cisco Secure ACS  Shell Profile Created

Step 05 - To create a Command Set, open "Policy Elements", "Authorization and Permissions", "Device Administration" and then "Command Sets". Click "Create".

Cisco Secure ACS Command Set Create

Step 06 - Enter the commands which are required to configure a Cisco Router or Switch interface, as shown below. Click "Submit".

Cisco Secure ACS Command Set Enter Commands

Step 07 - You can see that the new Command Set "OmniSecuSupportCS" is created as shown below.

Cisco Secure ACS Command Set Created

Step 07 - Now we need to tie up the Shell Profile and Command Set which we created in previous steps to any user for authentication. You need a user created in Cisco Secure ACS for completing this tasks. If you have any doubt in creating an internal user in Cisco Secure ACS, follow these steps to create an internal user in Cisco Secure ACS.

Cisco Secure ACS Access Policy Authorization Customize

Step 08 - Select "Customize Conditions" and "Customize Results" as shown below. After selecting the "Customize Conditions" and "Customize Results", click the "Create" button as shown in above picture.

Cisco Secure ACS Access Policy Authorization Customize Dialog

Step 09 - Select the user name (which we created before), Shell Profile and Command Set as shown below, Click "OK" to create Rule, as shown below.

Cisco Secure ACS Access Policy Authorization User shell profile command set

Step 10 - New Access Policy Authorization rule is creates as shown below.

Cisco Secure ACS Access Policy Authorization Rule

After creating the Authorization Access Policy, you must configure the Cisco Routers and Switches to use AAA Authorization and Accouting using TACACS+ protocol.

Click the following link to learn how to configure Cisco Routers and Switches with AAA Authorization and Accouting using TACACS+ protocol and Cisco Secure ACS.

 

              Jajish Thomason Google+
Related Topics
comments powered by Disqus


eXTReMe Tracker DMCA.com