Setting up the raccess service with Cisco ACS 4.2 and TACACS+

The steps below show how to setup the raccess service in Cisco ACS 4.2.

You need to setup a new service called raccess in the TACACS+ (Cisco) page, no protocol needed.

Then setup your groups with proper privilege levels in the desired Group page. You can give admin rights to the group with the custom attribute "groupname=admin".
Alternatively you can give restricted group access by creating a group on the Opengear and specifying the serial ports allowed access. Then you can specify that group in the custom attributes box as follows. In my example I created a group on the Opengear named demo and gave that group access to the even numbered serial ports only. So my custom attributes are as follows: "groupname=users,demo,".  That trailing comma is necessary when specifying multiple groups as well as the users group so that my user can login to the Opengear.