Chapter 1 Overview
AAA Server Functions and Concepts
1-24
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
For information about configuring the HTTP port allocation feature, see Access
Policy, page 12-11.
Network Device Groups
With a network device group (NDG), you can view and administer a collection of
AAA clients and AAA servers as a single logical group. To simplify
administration, you can assign each group a convenient name that can be used to
refer to all devices within that group. This creates two levels of network devices
within Cisco Secure ACS—discrete devices such as an individual router, access
server, AAA server, or PIX Firewall, and NDGs, which are named collections of
AAA clients and AAA servers.
A network device can belong to only one NDG at a time.
Using NDGs enables an organization with a large number of AAA clients spread
across a large geographical area to logically organize its environment within
Cisco Secure ACS to reflect the physical setup. For example, all routers in Europe
could belong to a group named Europe; all routers in the United States could
belong to a US group; and so on. This would be especially convenient if the AAA
clients in each region were administered along the same divisions. Alternatively,
the environment could be organized by some other attribute such as divisions,
departments, business functions, and so on.
You can assign a group of users to an NDG. For more information on NDGs, see
Network Device Group Configuration, page 4-28.
Other Administration-Related Features
In addition to the administration-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
• Ability to define different privileges per administrator (see Administrator
Accounts, page 12-1).
• Ability to log administrator activities (see Cisco Secure ACS System Logs,
page 11-13).
• Ability to view a list of logged-in users (see Dynamic Administration
Reports, page 11-9).