beautypg.com

Network device groups, Other administration-related features – Cisco 3.3 User Manual

Page 64

background image

Chapter 1 Overview

AAA Server Functions and Concepts

1-24

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

For information about configuring the HTTP port allocation feature, see

Access

Policy, page 12-11

.

Network Device Groups

With a network device group (NDG), you can view and administer a collection of
AAA clients and AAA servers as a single logical group. To simplify
administration, you can assign each group a convenient name that can be used to
refer to all devices within that group. This creates two levels of network devices
within Cisco Secure ACS—discrete devices such as an individual router, access
server, AAA server, or PIX Firewall, and NDGs, which are named collections of
AAA clients and AAA servers.

A network device can belong to only one NDG at a time.

Using NDGs enables an organization with a large number of AAA clients spread
across a large geographical area to logically organize its environment within
Cisco Secure ACS to reflect the physical setup. For example, all routers in Europe
could belong to a group named Europe; all routers in the United States could
belong to a US group; and so on. This would be especially convenient if the AAA
clients in each region were administered along the same divisions. Alternatively,
the environment could be organized by some other attribute such as divisions,
departments, business functions, and so on.

You can assign a group of users to an NDG. For more information on NDGs, see

Network Device Group Configuration, page 4-28

.

Other Administration-Related Features

In addition to the administration-related features discussed in this section, the
following features are provided by Cisco Secure ACS:

Ability to define different privileges per administrator (see

Administrator

Accounts, page 12-1

).

Ability to log administrator activities (see

Cisco Secure ACS System Logs,

page 11-13

).

Ability to view a list of logged-in users (see

Dynamic Administration

Reports, page 11-9

).