HP StorageWorks Enterprise File Services WAN Accelerator 2.1.7 Deployment Guide (407118 - 003, June 2006)

106 9 - RADIUS AND TACACS+ AUTHENTICATION

Configuring TACACS+ with Cisco Secure

Access Control Server

The following section assumes you are running a Cisco Secure Access Control Server

(ACS) and you want to configure it for TACACS+.

The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute is

local-user-name. This attribute controls whether a user who is not named admin or

monitor is an administrator or monitor user (instead of using the HP EFS WAN

Accelerator default value). For the HP EFS WAN Accelerator, the users listed in the

TACACS+ server must have Password Authentication Protocol (PAP) authentication

enabled.

The following procedures configure TACACS+ with Cisco Secure ACS.

To configure TACACS+

with Cisco Secure ACS

1. Log in to Cisco Secure ACS.

2. Click Interface Configuration.

3. Click TACACS+(CiscoIOS).

4. Under New Services:

 Check the User box.

 Under Service, type rbt-exec.

 Under Protocol, type unknown.

5. Click Submit.

6. Click User Setup and locate the name of the user you want to grant administrative

access to the HP EFS WAN Accelerator.

7. At the bottom of the window, locate the TACACS+ Settings box.

8. Check the rbt-exec unknown and Custom attributes boxes.

9. In the small Custom Attributes window, type:

local-user-name=admin

10. Click Submit.

To update HP EFS

WAN Accelerator

configuration

• Add the following line to the HP EFS WAN Accelerator configuration:

aaa authorization map default-user monitor