Cisco Systems Servers Benutzerhandbuch
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-20
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Network Device Groups
With a network device group (NDG), you can view and administer a collection of
AAA clients and AAA servers as a single logical group. To simplify
administration, you can assign each group a convenient name that can be used to
refer to all devices within that group. This creates two levels of network devices
within Cisco Secure ACS—discrete devices such as an individual router, access
server, AAA server, or PIX Firewall, and NDGs, which are named collection of
AAA clients and AAA servers.
AAA clients and AAA servers as a single logical group. To simplify
administration, you can assign each group a convenient name that can be used to
refer to all devices within that group. This creates two levels of network devices
within Cisco Secure ACS—discrete devices such as an individual router, access
server, AAA server, or PIX Firewall, and NDGs, which are named collection of
AAA clients and AAA servers.
A network device can belong to only one NDG at a time.
Using NDGs enables an organization with a large number of AAA clients spread
across a large geographical area to logically organize its environment within
Cisco Secure ACS to reflect the physical setup. For example, all routers in Europe
could belong to a group named Europe; all routers in the United States could
belong to a US group; and so on. This would be especially convenient if each
region’s AAA clients were administered along the same divisions. Alternatively,
the environment could be organized by some other attribute such as divisions,
departments, business functions, and so on.
across a large geographical area to logically organize its environment within
Cisco Secure ACS to reflect the physical setup. For example, all routers in Europe
could belong to a group named Europe; all routers in the United States could
belong to a US group; and so on. This would be especially convenient if each
region’s AAA clients were administered along the same divisions. Alternatively,
the environment could be organized by some other attribute such as divisions,
departments, business functions, and so on.
You can assign a group of users to an NDG. For more information on NDGs, see
the
the
Other Administration-Related Features
In addition to the administration-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
following features are provided by Cisco Secure ACS:
•
Ability to define different privileges per administrator (see the
)
•
Ability to log administrator activities (see the
•
Ability to view a list of logged-in users (see the
•
CSMonitor service, providing monitoring, notification, logging, and limited
automated failure response (see the
automated failure response (see the
)