The Blue Coat PacketShaper Configuration is pretty straight foward. After opening the Blue Coat PacketShaper using your Admin account, click on the Legacy UI link on the top right of the Home Page. Once in the legacy UI, click on the Setup tab. Choose TACACS+ client from the Choose Setup Page drop down list.
From the TACACS+ client Settings page, Select on from the Authentication drop down list to turn TACACS+ Authenitcation on. Choose Authentication method as ASCII. Enter the IP Address of the Primary Authentication Host, Port 49 and a Shared Secret. If you have a secondary ACS Server, add it as the Secondary Authentication Host. Accounting can also be enabled similar to Authentication. Click on apply changes ... to save the configuration.
The Blue Coat Packetshaper can also be configured via CLI if you have an SSH access to the device.
setup tacacs auth primary <host ip address> <shared_secret> [<port>]
setup tacacs auth on
setup tacacs acct primary <host ip address> <shared_secret> [<port>]
setup tacacs acct on
e.g.,
setup tacacs auth primary 192.168.10.100 $ecret
setup tacacs auth on
by default port 49 is used for tacacs. Use setup tacacs show to display your current configuration.
Configuration on ACS 4.2
Go to Network Configuration > Add Entry, and enter the Network Device Group Name as Bluecoat. Then Go to Network Configuration > Bluecoat > Add Entry, then enter the PacketShaper Hostname, IP Address and Shared Secret (which should be same as configured on the PacketShaper). Select TACACS+ (Cisco IOS) from the Authenticate Using drop down list and click Submit + Apply.
On Interface Configuration > TACACS+ (Cisco IOS), from the TACACS+ services window, Check both the User and Group Column checkbox for Shell (exec).
If a user needs access to Blue Coat, go to User Setup > Enter the name of user and click on Add/Edit.
or If a group of users need access to Blue Coat, got to Group Setup > Select the group from the drop down list and click Edit Settings.
Scroll down to TACACS+ Settings Section, Select the Shell (exec) checkbox. Select the Custom Attributes checkbox, then enter the following custom attributes
role*PC:touch
access*touch
replace * with =, if you want the attributes to be mandatory, else use * for optional.
