Cisco Cisco Prime Network Registrar 8.1 User Guide
Administrators “How to” Section
Administrator Access Control Use Cases 191
7.6.7 Configuring Cisco Prime Network Registrar IPAM for Many to One
Failover
To configure Cisco Prime Network Registrar IPAM for Many-to-One failover, perform the
following steps:
1. Define at least three DHCP servers (
Topology
>
Network Services
)
and make sure
to use the same DHCP Policy Sets, DHCP Option Sets, and DHCP Client Classes for
each server. DHCP Policy Sets, DHCP Option Sets, and DHCP Client Classes
(
System
>
Network Services Policies & Options) are created within the System
menu.
2. Within each of the Primary Server’s configuration, define the single DHCP Failover
Peer, using the My Failover Peers option. Select the
Add Failover Peer link.
3. Select the Failover “Peer Server” from the drop down list. Note that the failover server
must already be defined as a DHCP server within Cisco Prime Network Registrar
IPAM, before you can assign it to a primary as a peer.
4. Define a Block/Subnet that will hold the DHCP address scopes (
Management
Containers
>
Add Child Block). Within the Policy tab, select the Primary DHCP
Server, and Failover DHCP Server that will be used for this subnet. Also select the
DHCP Policy and DHCP Option set that will be used for this subnet.
5. Define IP Addresses, IP Address Ranges, or IP Address Pools. Note that you do not
need to select the Primary DHCP Server, Failover DHCP Server, DHCP Policy Set, or
DHCP Option Set. These can all default from the Subnet Profile that was defined in
step 3, which simplifies your management over these IP Addresses. For example, if
you want change any of the settings for all IP Addresses within this subnet; you can
simply change the subnet profile to effect the change on all IP Addresses.
6. Perform a DHCP Configuration File Generation from the
Management
>
Configuration/Deployment menu to create configuration files for each of the
primary DHCP servers and the failover DHCP server.
7.7
Administrator Access Control Use Cases
This section outlines some general Access Control use cases and how to configure either
Administrator or Administrator Role policies to handle them.
7.7.1 Use Case - Regional Administrators
Problem
The customer has administrators that should only have access to Containers and Blocks within
a specific region, say North America. Furthermore, some administrators should be able to
modify items within North America, but require Read-only access to both Europe and Asia.