Adding and Editing Consumer Devices
Consumer device entries in the dashlet are not synonymous with the actual ASA and WSA firewall devices. Instead, each Consumer Device entry here is a logical rule, permitting an IP address (if the Mask is 32), or a range of addresses (if the Mask is 0-31), to communicate with the Cisco CDA over RADIUS.
Creating a consumer device entry in the table or dashlet does not actually initiate any communication with the device. It only creates the rule. The Cisco CDA acts as the RADIUS server in this case, hence it does not initiate the conversation with the device. It is the actual consumer device that initiates the RADIUS conversation with the Cisco CDA. First add the consumer device IP address or range in the Cisco CDA, and then configure the device itself to contact the Cisco CDA using the CLI or management GUI.
To add or edit a consumer device, complete the following steps:
1. Click Add on the Identity Consumers dashlet, or check the check box next to a device and click Edit to edit it. You can alternatively click Add Consumer Devices link on the Dashboard.
The Consumer Device Configuration dialog box appears (Figure 3-4).
Figure 3-3 Identity Consumers Dashlet
Figure 3-4 Consumer Device Configuration Dialog Box
2. Fill in or edit the following details:
• IP Address—IP address (subnet) of the consumer device (range of devices).
• Mask (range)—A number between 0-32. This describes the consumer device IP range in CIDR notation.
• Shared Secret—Passphrase that a consumer device will use for communicating with the Cisco CDA device. The Shared secret entered here should be identical to that configured in the device with that IP address (or each of the multiple devices in the IP range), attempting to access the Cisco CDA via this rule.
3. Check the Show Secret check box if you want the shared secret to be displayed in plain text.
The new network device is listed in the Identity Consumers dashlet.