As you can see in Figure 9-5, the Distributed System Settings check box and the Network Device Groups (NDG) check box have been selected in Interface Configuration. When they are selected, a NDG, which is a grouping of AAA servers and AAA clients, is formed. This simply allows you to group AAA clients and AAA servers into groups that might have something in common; for example, you might have a Network Device Group called Routers and another called Firewalls. Of course, you can tell by the name of the group what type of AAA devices is in the group. Figure 9-5. Selecting NDGsRefer to Figure 9-3, and you don't see any NDGs enabled. You can clearly see an entry for an AAA client named router and an entry for an AAA server. After you have enabled NDGs in Interface Configuration, this view changes in Network Configuration. Figure 9-6 shows this new view. Figure 9-6. New View of Network Configuration After Enabling NDGsWhen you create a new network device group, initially no users are assigned to it. Likewise, before you configure any NDGs, all users are members of the unassigned group. You can clearly see the Not Assigned group in Figure 9-6. To configure a new network device group, other than the Not Assigned group, follow these steps:
The new NDG that you have just created is now displayed in the Network Device Group table along with the Not Assigned group. Figure 9-7 displays the NDG labeled Perimeter Routers. Note that currently no AAA clients and no AAA servers are in this NDG. Figure 9-7. Adding a New NDGAfter you have added this new group, you have the ability to assign AAA servers and AAA clients to it as you add them to your configuration. To add a device to your newly formed NDG, perform the following in ACS:
To move an existing AAA client from the Not Assigned NDG to the one you have created, follow these steps:
When you become familiar with NDGs, they can assist you in managing your configurations and making them easier to read, troubleshoot, and keep organized. |