CHAPTE R
7-1
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
7
Managing Network Resources
The Network Resources drawer defines elements within the network that issue requests to ACS or those
that ACS interacts with as part of processing a request. This includes the network devices that issue the
requests and external servers, such as a RADIUS server that is used as a RADIUS proxy.
This drawer allows you to configure:
Network device groups—Logically groups the network devices, which you can then use in policy
conditions.
Network devices—Definition of all the network devices in the ACS device repository that accesses
the ACS network.
Default network device—A default network device definition that ACS can use for RADIUS or
TACACS+ requests when it does not find the device definition for a particular IP address.
External proxy servers—RADIUS servers that can be used as a RADIUS proxy.
OCSP services—Online Certificate Status Protocol (OCSP) services are used to check the status of
x.509 digital certificates and can be used as an alternate to the certificate revocation list (CRL).
When ACS receives a request from a network device to access the network, it searches the network
device repository to find an entry with a matching IP address. ACS then compares the shared secret with
the secret retrieved from the network device definition.
If they match, the network device groups that are associated with the network device are retrieved and
can be used in policy decisions. See ACS 5.x Policy Model for more information on policy decisions.
The Network Resources drawer contains:
Network Device Groups, page 7-2
Network Devices and AAA Clients, page 7-5
Configuring a Default Network Device, page 7-17
Working with External Proxy Servers, page 7-19
Working with OCSP Services, page 7-21