Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1243
Views
0
Helpful
3
Replies

ACS Initial configuration - Best Practices

bberry
Level 1
Level 1

‎04-09-2012 06:56 AM - edited ‎03-10-2019 06:59 PM

Hey,

Are there any best practices guide lines for setting up the device types and stuff on the ACS? I know this is probably something that is up to the actual user but was wondering is there were any guidelines or recommendations to make things easier in the long run. We only set up a couple items when we did the demo but now that we have one in production I would like to get everything set for the long run.

For example I figure to make location definitions based upon actual facilities so I will have a Memphis, Port Huron, etc. but not sure how to set device types. Do I created say switch, router, appliance, etc. and then sub-categories such as 2950, 2960, etc. or 2811, 2911, 2921, etc.? I figure there is a reason they created the location and device fields to place objects into but just not sure how granular I need to get.

Example:

            Memphis location

            3 story building

            Closets on both west and east wings of all floors

            Each closet has a distribution switch (Catalyst 3650)

            Each closet has several access switches (Catalyst 2950t or Catalyst 295024 or Catalyst 2960-24TT)

Do I create Memphis location with sub location for computer room as well as each floor and / or wing?

Do I create switch device type with sub type for each switch type?

Thanks in advance ...

Brent

Labels:
0 Helpful
3 Replies 3

Eduardo Aliaga
Level 4
Level 4

‎04-09-2012 09:11 AM

That's really up to your deployment. The main benefit of specifying "device types", "location" , etc, is to include that information in the "policy rules".

For example, allow user to authenticate using 802.1x only against switches 2960-24 T from third floor of Memphis location and deny the same user if authenticating against any other switch.

It also serves to create a database of detailed information about your network devices, but I see it as a secondary benefit, since you can use other software for that.

Please rate if it helps. Kind regards.

0 Helpful

bberry
Level 1
Level 1
In response to Eduardo Aliaga

‎04-09-2012 11:41 AM

That is kind of what I figured but I do have one odd thing. I created my cities under all locations. Then under Memphis I created 1st floor. When I add the device I can select simply Memphis and the field looks correct (All Locations:Memphis). However, if I select 1st floor I do not get what I expect. I get All Locations:{two other locations}:Memphis:1st Floor. I am expecting to NOT have the other cities listed before Memphis. I am running 5-3-0-40 with both patches applied. I am going to go try this with another location and see if the same thing happend.

Brent

0 Helpful

bberry
Level 1
Level 1
In response to Eduardo Aliaga

‎04-09-2012 11:49 AM

I figured out something odd. It only shows incorect when I create the device record. Once created it looks as expected.

Brent

0 Helpful
Top