CiscoWorks Interface Configuration Manager (ICM) is a network management application that simplifies the configuration of switch access ports and interfaces. In medium-sized to large networks, CiscoWorks ICM performs bulk access-port configurations across the network, resulting in faster service deployment with reduced misconfiguration. CiscoWorks ICM can be used to configure Layer 2 Network Admission Control (L2 NAC), a new technology from Cisco Systems
® that controls network access based on the identity and posture of the client(s). CiscoWorks ICM 1.0 automates the configuration of L2 NAC-specific switch ports and features, and future releases will support generic port configuration across the network.
CiscoWorks ICM provides rich graphical configuration and reporting capabilities to help you efficiently manage access ports on your Cisco
® LAN switches. It simplifies configuration of L2 NAC and reduces the cost and time needed for consistent L2 NAC configuration on the switches.
CiscoWorks ICM offers additional functionality that extends the capability of CiscoWorks LAN Management Solution (LMS) 2.5 and 2.5.1. It installs on top of CiscoWorks LMS 2.5 (with the December 2005 update applied) or 2.5.1 with a minimum prerequisite of CiscoWorks Resource Manager Essentials (RME) 4.0.2. CiscoWorks ICM integrates with the CiscoWorks Campus Manager if installed and operational (with discovered network information). CiscoWorks ICM will use the discovered network information and make the end-user experience more integrated and user-friendly.
CiscoWorks ICM provides the capability to create and save named device and port groups that can be re-used in multiple configurations. The devices can be selected from the pre-created groups and lists in CiscoWorks RME. Ports can be chosen for the selected devices using powerful filtering capabilities.
CiscoWorks ICM provides easy-to-use configuration wizards to configure end-to-end L2 NAC on Cisco LAN switches. These configurations can be saved, edited, copied, and scheduled multiple times. The application includes a user-friendly configuration browser with a powerful navigation panel for quick navigation through the various L2 NAC configurations.
KEY FEATURES AND BENEFITS
CiscoWorks ICM Home
A single click on the home page launches most features in the application. This provides an easy, centralized point of navigation. See Figure 1.
Figure 1. CiscoWorks ICM Home Page
Network Planning and Research
CiscoWorks ICM accelerates network research and planning for L2 NAC deployment, resulting in faster deployments and reduced error through intelligent automation with the L2 NAC Readiness Report.
The L2 NAC Readiness Report takes the inventory of devices in CiscoWorks RME and displays a graphical report of the L2 NAC capabilities of each device in the inventory. The granularity of capabilities is based on the supported technologies such as NAC L2 802.1x and NAC L2 IP. In version 1.0, the analysis is done on supported switches and is based on the hardware platform and the OS version running on it. Using this report, network administrators can quickly see which of the devices need updates and which are ready at any given time. See Figure 2.
Figure 2. CiscoWorks ICM L2 NAC Readiness Report
Device and Port Groups
With CiscoWorks ICM, you can divide your network into device and port groups in order to maintain smaller, more manageable and re-useable sets of network devices and ports. This saves considerable amounts of time for ongoing configuration changes and management.
A device and port group (DPG) is a named group of selected devices and the chosen ports on these devices. A DPG can be used in multiple configurations. CiscoWorks ICM provides a wizard to create a DPG and you can see the same device grouping as created in CiscoWorks RME. You can choose individual devices or choose the whole group from the device selector.
Port selection provides powerful filtering capability to make selecting several thousand ports an easy task. You can filter ports based on port name, port type, port speed, range of ports, administrative status, operational status, VLAN assigned to ports (with CiscoWorks Campus Manager integration only), port description, etc. See Figure 3.
Figure 3. Port Selection GUI Showing Filtering Options
Easy, Consistent, and Reusable Configuration
Saved configuration templates speed up ongoing configuration changes and management, reducing deployment time and increasing consistency across the network.
• Configuration Instance-CiscoWorks ICM provides a wizard to create configuration templates called Configuration Instances that can be saved, edited, copied, and reused. The Configuration Instance contains the selected device and port groups and all the configured services such as NAC L2 802.1x, NAC L2 IP, etc saved with a unique name. This Configuration Instance can be scheduled to run as a job at any time or immediately. Any part of the Configuration Instance can be edited and re-deployed. A Configuration Instance can be copied into an exact replica and given a unique name.
• Configuration Instance Browser-CiscoWorks ICM provides a browser window for the Configuration Instances with a navigation tree panel. The navigation tree panel allows you to expand the configuration instances for easy viewing and editing. See Figure 4.
Figure 4. Figure 4 Configuration Instance Browser and its Navigation Tree panel
CiscoWorks LMS Integration
Integration with CiscoWorks LMS reduces valuable training time and takes advantage of existing CiscoWorks RME and Campus Manager capabilities.
• CiscoWorks Resource Manager Essentials-CiscoWorks ICM integrates tightly with CiscoWorks RME's inventory module to obtain inventory information of supported devices. CiscoWorks ICM uses the device and credential information from the Device Credential Repository (DCR) in CiscoWorks LMS 2.5 and 2.5.1. CiscoWorks ICM also uses the device group structure created in CiscoWorks RME during the creation of the device and port groups. This allows you to see the same group information as created in CiscoWorks RME. CiscoWorks ICM integrates with the Configuration Archive, Configuration Downloader, and the Job Approval modules in CiscoWorks RME to talk to the devices and maintain security in job downloads.
• CiscoWorks Campus Manager-CiscoWorks ICM integrates with Campus Manager to reduce errors caused by manual typing, and to improve overall reliability of the network through consistent valid configurations. CiscoWorks ICM uses the discovered network information from CiscoWorks Campus Manager, such as VLAN name and ID, in its GUI. This integration also allows you to filter port selection based on the VLANs assigned (names and ID) to ports (see Device and Port Groups on page 3).
Supported L2 NAC technologies in CiscoWorks ICM
CiscoWorks ICM supports the following L2 NAC technologies:
• NAC L2 802.1x
• NAC L2 IP
• RADIUS server configuration on switches
• AAA Fail/Open configuration on switches
• MAC exception handling configuration on switches
• Policy-based access control list (ACL) configuration (on CATOS for the Catalyst 6000/6500 Series only)
PREREQUISITES AND SYSTEM REQUIREMENTS
CiscoWorks ICM 1.0 requires restricted or un-restricted version of CiscoWorks LAN Management Solution 2.5 (with the December 2005 update applied) or 2.5.1. CiscoWorks RME 4.0.2 or later, which is part of CiscoWorks LMS is required as a minimum. CiscoWorks ICM integrates tightly with CiscoWorks RME and uses many of its modules to function.
CiscoWorks ICM is available for purchase through regular Cisco sales and distribution channels worldwide. To place an order, visit the
Cisco Ordering Home Page.
CiscoWorks ICM licensing options are described in the product bulletin and ordering guide located under the "product literature" section here:
SERVICE AND SUPPORT
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see
Cisco Technical Support Services or
Cisco Advanced Services.