IDSM2 ONLY of management options
We get a few strands of IDSM2, which would be managed by the security group all in the 6500 s themselves are managed by the network group. How we can configure the system so that the security group gets all privileges for the IDSM2 management while not enough privileges to change change the config? Similarly, the network group has all the privileges, but for the management of the IDSM2. I don't know there are other organizations that would have faced a similar problem.
I am told that we have a proper privilege level (enable level) to the security group who manage the IDSM2. In this way, they can telnet to the switch, gain enable privileges but not enough of an existing one to modify the configuration of the switch. It would be useful if someone can provide some tips or pointers in the right direction.
There are 2 primary sets of configuration that needs to be addressed when setting up the IDSM2.
(1) the configuration of the switch. The part of the configuration of the switch, which implies the IDSM2 is:
(a) Configuration of vlan for the port command and control for the IDSM2
(b) configure the VLAN being to shared resources on monitoring IDSM2 ports
(c) configuration either span or VACL capture to send packets to the IDSM2
(d) time on the switch setting (default byt the IDSM2 synchronizes its time to switch, but the IDSM2 can also be configured to synchronize with an NTP server instead)
(e) the automatic configuration of the VACL by CNA (NetworkAccessController) - this is optional and would actually be the configuration of the switch to a process on the IDSM2 combing
a, b, c and d can often be made by the network group. These configurations are often static and does not require changes from day to day.
e is optional and would in fact directly from the IDSM2
(2) Configuring IDSM2. Configuring IDSM2 is roughly the same as on the stand-alone devices. You configure the actions of gravity etc. in IDSM2 configuration.
The network team must rarely ever change the configuration directly on the IDSM2.
In addition to the configurations, the only other things would switch commands that control the map.
-Reset, turn off etc... -they are rarely (resets can make the IDSM2 or the switch cli)
-the IDSM2 session - usually only required for first initialization of the map, after the initialization of the user can ssh directly to the cli of IDSM2 and I do not go through the switch cli (Note: sessioning at the IDSM2 requires a user name and password configured directly on the IDSM2 unrelated to user names and passwords on the switch)
-Redefinition of the IDSM2 in case of disaster recovery - standard upgrades are performed directly in the CLI IDSM2, but disaster recovery the IDSM2 should be started on a partition of maintenance by a switch cli commmand - sort of disaster recovery requires access to the switch cli.
Given the separation of configuration from day to day changes in the switch and the IDSM2 configurations that many groups elect only simply allow the network group to have access to the switch cli, and the security group has access to the cli IDSM2.
For the configuration of IDSM2 initialization and for the implementation of the specific to the IDSM2 switch configuration 2 teams simply work together for a day or two to get it all up and running.
Once the IDSM2 is running, so it is very rare that the security team needs direct access to the switch.
The other alternative is to only allow the security team access to the cli IDSM2 and then use Ganymede + on the switch to limit the available commands for the security on the switch cli team.
I think that can use authentication and authorization capabilities integrated with GANYMEDE + to achieve this. I have never done this and don't know how it would be easy Setup.
For more information on the authorization of switch control, you can refer to:
http://www.Cisco.com/univercd/CC/TD/doc/product/LAN/cat6000/sw_8_1/confg_gd/authent.htm#1021706
If you do this, the security team must then leave to what I mentioned above.
Tags: Cisco Security
Similar Questions
-
I deleted the account current user which I use through, Mycomputer manage option, know that I am in this user only, please help me restore this user...
Hello
Who is the user account you have currently connected?
Research of user in the sub folder location:
Folder C:\Documents and settings\Users
If you find in the folder the administrator account user, then you may need to create a new user account and transfer of records and documents to the new location
See the link for the procedure below: how to copy data from a corrupted to a new profile in Windows XP user profile:http://support.microsoft.com/kb/811151
-
Hello!
My printer is a HP Deskjet 5100 on Mac 10.8.5. He's stuck on shades of gray, when printing. Any program I try to print in I do not get the color management option, even when checking in the advanced options.
On photoshop, he's also stuck in grayscale.
I printed a test page with success in color. But for some reason, no program will be printed in all except grayscale.
I tried to update the drivers, but the audit of Web/driver HP site, everything is up-to-date.
Other information:
In the printer options, I can't even check my rate of cartridge. I have the following message: Information not available
In ColorSync Utility, under devices, it says the printer Mode is: "grey". When I try to assign a different color profile, do not.
I did a hard reset of the printer.
I removed completely and resynced the printer with the computer again in prefs/Print & analysis system
Any information would be amazing. I checked all the forums that I could find online,
Hello
Your printer is not compatible with Mountain Lion, that's why using Mac one driver generic PCL which is black & white drivers only:
http://support.HP.com/us-en/document/c01856359
Try a 3rd party like HPIJS driver, it seems your printer support and more likely to provide you with a better results than a generic driver.
Don't forget to install one of the 3 required uploads before adding to the queue printing:
http://www.linuxfoundation.org/collaborate/workgroups/OpenPrinting/MacOSX/HPIJS
Shlomi
-
Trying to import IE Favorites, but only shows Opera option
Following the instructions for importing Internet Explorer favorites into Firefox, select history, the history, and then import them from another browser.
Only opera shows optional. How can I get IE to display?In collaboration with LinuxMint 11 on Compaq laptop.
https://support.Mozilla.com/en-us/KB/importing+Internet+Explorer+Favorites+from+another+computer
-
Windows Vista Ultimate: CTL-ALT_Delete used to bring up a screen with several options, including "run Task Manager. All of a sudden, this "Task Manager" option is no longer visible/available. How can I get that back?
How long have you been faced with this problem?
Step 1: If the problem started recently, you can try to check and restore the system if this can help.
Reference: http://windows.microsoft.com/en-US/windows-vista/What-is-System-RestoreStep 2: Activate via Group Policy.
Strategy Group WARNING:
Important This section, method, or task contains steps that tell you how to modify theGroup Policy. However, serious problems can occur if you change theGroup Policy incorrectly. Therefore, make sure that you proceed with caution.a. click the Start button.
b. click on run, type gpedit.msc and press ENTER.
(c) in the left pane, click User Configuration, Administrative Templates,Systemand Options Ctrl + Alt + Delete.
d. in the right pane, right-click on Remove Task Manager and click Properties.
e. Select disabled or not configured , and then clickOK.
f. close the Group Policy window.Step 3: Create a new user account and check if the problem persists there.
Create a user account
http://support.Microsoft.com/kb/279783If it works in a new user account, then you will need to fix the corrupted user profile. You can visit this link for the steps:
http://support.Microsoft.com/kb/811151Thanks and greetings
Umesh P - Microsoft technical support.Visit our Microsoft answers feedback Forum and let us know what you think.
[If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.] -
so I'm trying to download Microsoft Silverlight to netflx, but every time I click to install it I only get the option to save it and run it, how to fix this?
Visit http://forums.silverlight.net/>
UTC/GMT is 03:01 on Friday, October 14, 2011
-
What is the link state Power Management under PCI Express power management Options list
What is link State Power Management under PCI Express power management Options list.
What is link State Power Management under PCI Express power management Options list.
Hello
The PCI Express Link State Power Management option is part of the PCI-E specification and is working with the State active power management (ASPM) in Windows 7.
It is a complex subject, but can be simply described as follows.
There are 2 levels of power management in PCI Express options.
The difference between these 2 options are the energy savings compared to the latency (time to recover from sleep state).
If you select the first option, moderate energy savings, energy savings are lower, but the time to recover from sleep state (latency) is much shorter.
If you select Maximum energy savings, energy savings are more important, but the time to recover from sleep state (latency) is much longer.
I hope this helps.
Thank you for using Windows 7
Ronnie Vernon MVP -
Taskbar icon battery lack of power management options after upgrade to Windows 7
Hello
I just upgraded to Windows Vista Home Premium 64-bit of Windows 7 Home Premium 64 - bit on my HP dv4t laptop.
Under Vista, when I left click on the battery icon on the right side of the taskbar (next to the clock), I would see three power - recommended HP options, saving energy and high performance. It was excellent. Click on the stack, click the option to that I actually wanted.
I have just upgraded to Windows 7. When I left click on the battery icon, I see only 2 power options - one that is currently active and HP recommended. That means whoever I want to never in the list. You see, I don't use never HP recommended, and if Power Saver is active, it is in the list... but if Power Saver is selected and I want to spend, which is why I must click the icon of the battery in the first place, it is because I want to choose something else than the day before.
This suppression of the feature is frustrating. How can I get the three points to be in the list yet? If not, how can I remove HP recommended in the list?
Thank you!
EricEricpdx,
It is a feature, which was invited in many forums in the days of Beta version. We didn't get no answer or how to reactivate. We thought, Windows 7 RC will come with this missing feature, but in any case it didn't.
It was posted in a forum, a member who needed too (I don't know why). I agree that this is not a direct solution for the functionality you want. I just posted, if this can help you in any case.
http://www.customizewindows.co.Nr/
[If this post was helpful, please click the button "Vote as helpful" (green triangle). If it can help solve your problem, click on the button 'Propose as answer' or 'mark as answer '. [By proposing / marking a post as answer or useful you help others find the answer more quickly.]
-
Smartphones only a blackBerry option is available for email
Hi, I got new curve 3g 6 July 2011 with vodafone network and I'm facing 2 problems. First of all when I go to the Setup Wizard for email set up it shows only a single option that is. You want to use a work email account and do not show the other option. I use the Vodafone 399 plan that covers all the services BB
second is when I go to the main menu, I'm not able to find the blackberry app world icon anywhere and when I download, saying your device already can replace blackberry application wan it I say Yes and again once there is error.
I am really very disappointed please look in my question. Waiting for answer
Bell
shrds, you will find that your same question asked here a dozen times a day, often enough.
Do you have a data Plan BlackBerry enabled on your account with your carrier or mobile provider?
You have to, to get the push RIM email functions you are looking for, as well as services of BlackBerry data such as the Web browser, Facebook for BlackBerry, BlackBerry Messenger and much more.
Then call your carrier and you learn about to have added to your account BlackBerry data Plan.
Good luck.
-
I have a new computer system and creative Photoshop Cloud has been removed. In my window out yhe cloud-app I only see the option to start a trialversie but I want to have a normal version because iI paid for it. How can I start Photoshop on my new system?
Hello Clemens,
On your Adobe ID on the forums, there is no subscription for creative cloud, please make sure that you are connected with the good email your see Creative Cloud App links below:
Connect and disconnect activate Cloud Creative applications
Using creative cloud | Applications creative Cloud back to update evaluation Mode to 2015 CC
Let us know if that helps.
Kind regards
Bani
-
Adobe mine is in English how can I leave the Portuguese as an official language? I tried Edit > Preferences > languages > language of the Application. But apparently not the Portuguese, only the English Option, choose at startup applicantion and even as the operating system.
Cloud creation help / solve the installation language. Creative Cloud applications. CCM-
http://helpx.Adobe.com/creative-cloud/KB/change-installed-language.html
-
I have CS3 and had to reinstall on a computer that is rebuilt, is unable to go beyond unavailable activation server, as the only other software option gives phone activation which no longer exists, advice?
Please check: Adobe - Adobe Creative Suite 3 Master Collection: System requirements and error: "Activation Server unavailable". CS2, Acrobat 7, pass a hearing 3
-
always had problems with the dps app generator. I only got the option activate in the app Builder.
Hello
I'm doing an app with Indesign. When I download the application with the Builder app everything works until the end, I don't get the files to download.
I only get the option enable the user to simple editing. I followed all the steps on this forum to make things work, but it did not make sense.
I ordered Adobe CC membership from a Dutch company Slim.nl (it is for students and teachers), they say it's full membership and I can download all the software.
On the internet, I found an article that said that the Slim software of Adobe do not support digital publishing service. This could be the reason why the app Builder does not work? I asked Slim.nl, but they say that I have full membership.
Maybe someone can confirm that there are several versions of full membership.
Thank you!
You launch the App Builder by going to the item Create App in the flyout in Panel of Folio Builder? Don't launch App Builder directly from the Applications.
If you run the App Builder in the menu drop down and will always ask for a serial number then your CC subscription does not include simple editing.
Neil
-
Could not find the calculation Manager option in the menu
Hi all
I have configured the calculation Manager in my machine [version: 11.1.2].] I can't find the calculation Manager option in the menu [Navigate-> administer-> calculation Manager].
Calculation Manager is running. Kindly guide me to overcome.
Thanks and greetings
AlizéeIf calc manager has been installed after the configuration of the web, re-run the web comfiguration step. You may also cycle in the service of SST on the Foundation subsequently.
Kind regards
John A Booth
-
I did a software upgrade a few days ago, then I did a restore, because I lost all my App I had downloaded. After I did the restore, I started to download every App, when I was told that I can go the Blackberry App world on my desktop and reinstall them faster then one by one. Before that I was downloading one by one.
Now that I did, I can see the icons on my BB but when I go to my world App on my phone, some of the same application are evidence of uninstall, when I have them install. Please help solve this problem.
My phone was working fine without problem until I did the update of the operating system software. I hope that we can have this correction at your earliest.
Thank you
Also on my Blackberry when I go to see the management of the applications on my phone is displayed, it's another question also.
Help, please!
Hang on... now I am confused. You have problems with the supplied AppWorld apps? Or applications that you have obtained from other sources? Or the default applications provided originally with the BB?
Maybe you are looking for
-
Firefox is no longer connected but internet Explorer doesn't. How can I restore firefox
Has been using firefox for a long time. Yesterday, he disappeared and the only way I can get the East through Explorer.
-
Hello, when I turn on my iMac it says that the keyboard is not connected. It is however a wireless keyboard. What can I do?
-
I use a labview program that uses nisync beginning ptp and nisync stop ptp.vi with one NOR PCI - 1588 my display on the control panel of labview shows different 8hrs to actual hours read on the real device. How can I do read elsewhere. Thank you
-
Microsoft windows update
-
Upgrade Vista SP 2 Word problem
After 2 installed SP cannot copy and paste into Word. I note 2 words and ctrl + c or right click and then go to the section and left-click and try to insert. Word now pastes the entire document at the end of the existing document.