Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACE, AAA, ANM and RBAC

Good Day Experts,

I have a requirement to implement AAA and RBAC with ACE and ANM and need some advice.

1.We would like to have the users utilise thier AD account as thier user ID for access to the ACE modules and ANM, so Authentication is done by AD.

2. Can we use the ANM to centrally manage the RBAC, not only for access for users utilising ANM but users requiring CLI access to the ACE modules as well?

3. If the above (2) is possible, is it required to have the ACE modules and the ANM both configured to authenticate to the ACS TACACS+ server or would it be a better option to have the ANM server Authenticate directly to AD?

4. Would there be the requirement to have the ACE modules and the ANM server in their own Device Groups on ACS?

5. For (4) above, would this not be an issue Re: the same username in multiple device groups on the ACS server?

6. How would we be able to achieve this? Can we have the ACE modules authenicate to the ANM server and the ANM server authenticate to ACS?

7. We are also trying to prevent the issue of a user being autenticated and being granted Network-Monitor access as some of these users may already exist in ACS for access to existing Network devices (we will obviously apply the relevent AV-Pairs for the ACE for the users requiring access, but what about the rest?).

Any assistance would be greatly appreciated.

Thanks

Paul

4 REPLIES
New Member

Re: ACE, AAA, ANM and RBAC

Hi,

Anyone have any ideas on the Best Practice implementations for this?

Thanks.

New Member

Re: ACE, AAA, ANM and RBAC

Please email request to ask-anm@cisco.com, and I will send back to you a set of pre-release documents related to ACE/ANM/AAA/RBAC. Those same will be posting to Cisco.com in the next 90 days.

Cheers,

David K.

New Member

Re: ACE, AAA, ANM and RBAC

Hi David,

Thank you for the response.

Greatly appreciated. Hope they will address my concerns.

Paul.

New Member

Re: ACE, AAA, ANM and RBAC

Hi,

Just wanted to check back and see if anyone had any input or feedback?

Thanks.

335
Views
0
Helpful
4
Replies
CreatePlease to create content