Cisco secure access control system password#
The enable password is valid for all privileged levels.Use the enable password configured on the ACS server.HostName> add rba role TACP-0 domain-type System readwrite-features tacacs_enable.Refer to the Gaia Administration Guide ( R77.X, R80.10). To be able to login to Gaia OS with TACACS+ user, configure the role TACP-0, and for every privileged level "X" that will be used with tacacs_enable, define the rule TACP-"X".
The rule will be: if the authenticated user is in the Identity group (e.g., "CheckPointRW"), then the result will be the shell profile created in the previous step.
Go to ' Access Policies' > ' Access Service' > ' Default Device Admin' > ' Authorization' > create new rule. In ' Commands and Tasks', set the maximum privileged level as " 15". Go to ' Policy Elements' > ' Authorization and Permissions' > ' Device Administration' > ' Shell Profiles'.Īdd a shell profile to assign to the authenticated TACACS+ users.
Cisco secure access control system how to#
This article shows how to configure the Cisco ACS server to work with Gaia OS (this information was documented based on the Check Point lab). The most popular TACACS+ server is the Cisco ACS server. In Gaia OS, it is possible to authenticate with non-local users that are configured on TACACS+ or RADIUS servers. This document was created based on Check Point lab and specific Cisco ACS version. Please refer to Cisco ACS documentation for information about other topics. Note: This document does not replace the Cisco ACS formal documentation.
0 kommentar(er)
