07-18-2009 03:51 AM
Good Day Experts,
I have a requirement to implement AAA and RBAC with ACE and ANM and need some advice.
1.We would like to have the users utilise thier AD account as thier user ID for access to the ACE modules and ANM, so Authentication is done by AD.
2. Can we use the ANM to centrally manage the RBAC, not only for access for users utilising ANM but users requiring CLI access to the ACE modules as well?
3. If the above (2) is possible, is it required to have the ACE modules and the ANM both configured to authenticate to the ACS TACACS+ server or would it be a better option to have the ANM server Authenticate directly to AD?
4. Would there be the requirement to have the ACE modules and the ANM server in their own Device Groups on ACS?
5. For (4) above, would this not be an issue Re: the same username in multiple device groups on the ACS server?
6. How would we be able to achieve this? Can we have the ACE modules authenicate to the ANM server and the ANM server authenticate to ACS?
7. We are also trying to prevent the issue of a user being autenticated and being granted Network-Monitor access as some of these users may already exist in ACS for access to existing Network devices (we will obviously apply the relevent AV-Pairs for the ACE for the users requiring access, but what about the rest?).
Any assistance would be greatly appreciated.
Thanks
Paul
07-22-2009 03:25 PM
Hi,
Anyone have any ideas on the Best Practice implementations for this?
Thanks.
08-21-2009 02:17 PM
Please email request to ask-anm@cisco.com, and I will send back to you a set of pre-release documents related to ACE/ANM/AAA/RBAC. Those same will be posting to Cisco.com in the next 90 days.
Cheers,
David K.
08-22-2009 01:34 AM
Hi David,
Thank you for the response.
Greatly appreciated. Hope they will address my concerns.
Paul.
08-20-2009 02:20 AM
Hi,
Just wanted to check back and see if anyone had any input or feedback?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide