* Step 2: Ensure that System Identity User is a local User with all the roles
-Server >Security >Single-Server Management >Local User Setup
* Step 3: Define a group for CW Admin Users in ACS
-Go to GROUP SETUP
-Rename an available Group to something suitable such as CWAdmins
-Sessions available to user = unlimited
* Step 4: Add the CW system identity user (and other Admin users in CW) to ACS
-Go to USER SETUP
-Create Users for Ciscoworks including the System Identity User in ACS
-Assign all these Admin users to the Group created in Step 3
* Step 5: Add a network device group with Ciscoworks as a Client
-Go to NETWORK CONFIGURATION
-IP address or range with wildcard masks
-Authenticate using: TACACS+ (Cisco IOS)
Note: (If NDG options are not visible, you can enable Network Device Groups in ACS under INTERFACE CONFIGURATION > ADVANCED)
* Step 6: Change CW AAA Mode to ACS TYPE (and register CW applications with ACS)
-Common Services > Server > Security > AAA Mode Setup
-Select ACS type
-Fill in IP address/Hostname of ACS server
-Fill in the ACS admin login information and the shared key
Note: "ACS admin login" must be a user with full admin rights to ACS (i.e. one configured under Administration Control in ACS with ALL options checked)
-Put a check mark in "Register all installed applications with ACS" **
-Click on apply
-Restart CW Daemon Manager for above changes to take effect.
**WARNING: Make sure that AFTER the first successful registration to any specific ACS server, you always keep this box UNCHECKED if switching between ACS and non-ACS modes on LMS server.
Failure to do so will erase all custom roles (SUPERUSER) and you will need to do Step 7-8 on ACS again.
* Step 7: Add "SUPERUSER" role for each module of Ciscoworks in ACS
-Go to SHARED PROFILE COMPONENTS
-Select a CW module (such as Common Services)
-Name it CWSuperUser or something similar
-Select everything under the available functionality for that module
--REPEAT above procedure for Ciscoview, RME, Campus, DFM and any other Ciscoworks modules such as IPM, etc.
* Step 8: Assign the "SUPERUSER" role to the Admins Group (created in Step 3)
-Go to GROUP SETUP
- Select cwhp, rme, campus, dfm and any other CW components a select the "SUPERUSER" role (created in step 7)
IMPORTANT: Once ACS mode is enabled on Ciscoworks, ALL devices MUST be added to the same ACS server as clients for them to be manageable in Ciscoworks. While the devices must be known (i.e. configured as clients) in the same ACS server, they do not have to use that ACS for their own AAA configuration, nor do those devices need to be configured for AAA themselves.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.