I am new to the Cisco WAAS world and exploring existing deployment. We have 40+ WAAS devices (WAE, Network module) in our network managed by Central Manager. We have number of policies configured on the WAAS especially for pass-thru. Due to the CM and group config all policies get applied on all devices even though they are not relevent for the traffic. I would like to know best practices for policy configuration/managment. Is it better to have all policies applied on all devices or per device policy?
Typically - the best practice would be to have all your devices added to a single device group, and you maintain your application policies within that device group. this is the least complicated, and avoids the risk of ending up with mis-matched policies resulting in behavior other than what you're expecting.
You can create custom device groups and custom application policies for each group...but assuming you're all under the realm of a single enterprise or business unit, or whatever...there is not a compelling reason to complicate your install like this.
if you do have some compelling reason - maybe regional differences, or perhaps different entities within a corporate realm - you might have reasons to split things out into different groups...but this is not typically the case.
Example screen shot: I am the administrator of a "managed waas" product for my customer base...and since each group corresponds to a different corporate entity - I have to do this for various application policy reasons.
If you can - keep it simple - use the all devices group, and maybe time zone groups if you span multiple time zones.
Feel free to private message me if you want more detail.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...