Cisco Systems CSACS3415K9 Manual De Usuario
7-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 7 Managing Network Resources
Network Devices and AAA Clients
Deleting Network Device Groups from a Hierarchy
To delete a network device group from within a hierarchy:
Step 1
Choose Network Resources > Network Device Groups.
The Network Device Groups page appears.
Step 2
Click Location, Device Type, or another previously defined network device group in which you want to
edit a network device group node.
edit a network device group node.
The Network Device Groups node hierarchy page appears.
Step 3
Select the nodes that you want to delete and click Delete.
The following message appears:
You have requested to delete a network device group. If this group is referenced from a
Policy or a Policy Element then the delete will be prohibited. If this group is referenced
from a network device definition, the network device will be modified to reference the
root node name group.
Step 4
Click OK.
Note
Root node of a group cannot be deleted from NDG hierarchy.If you try to do so, the following error
message appears:
message appears:
Selected node can be removed only with a root group.
The network device group node is removed from the configuration. The Network Device Groups
hierarchy page appears without the device group node that you deleted.
hierarchy page appears without the device group node that you deleted.
Network Devices and AAA Clients
You must define all devices in the ACS device repository that access the network. The network device
definition can be associated with a specific IP address or a subnet mask, where all IP addresses within
the subnet can access the network.
definition can be associated with a specific IP address or a subnet mask, where all IP addresses within
the subnet can access the network.
The device definition includes the association of the device to network device groups (NDGs). You also
configure whether the device uses TACACS+ or RADIUS, and if it is a Security Group Access device.
configure whether the device uses TACACS+ or RADIUS, and if it is a Security Group Access device.
Note
When you use subnet masks, the number of unique IP addresses depends on the number of IP addresses
available through the subnet mask. For example, a subnet mask of 255.255.255.0 means you have 256
unique IP addresses.
available through the subnet mask. For example, a subnet mask of 255.255.255.0 means you have 256
unique IP addresses.
You can import devices with their configurations into the network devices repository.
When ACS receives a request, it searches the network device repository for a device with a matching IP
address; then ACS compares the secret or password information against that which was retrieved from
the network device definition. If the information matches, the NDGs associated with the device are
retrieved and can be used in policy decisions.
address; then ACS compares the secret or password information against that which was retrieved from
the network device definition. If the information matches, the NDGs associated with the device are
retrieved and can be used in policy decisions.