We are currently implementing CiscoWorks for managing our Enterprise. We have Ciscoworks installed and we have been able to incorporate all of the LOCAL network devices for management under Ciscoworks using ACS authentication.
Now we are in the process of trying to do the same thing (manage our Cisco devices using ACS authentication) for each of our Remote sites. However we keep getting Authentication failures. Cisco has implied that we should leave our network "wide-open" and our devices with a default configuration and it should just work. Unfortunately we have a policy of "Deny All, Allow by exception" Therefore, we need to know what services (such as SNMP and RCP) should be enabled and what ports need to be open to enable us to accomplish our goal.
Therefore, I guess the question boils down to: Is there anyone out there who can tell me what to look for in the config file of a managed device to verify it can be managed under a Ciscoworks Environment using ACS authentication?
All devices have had their default configs modified by a variety of previous admins we do not do config fetches or OS uploads to them. All devices are Cisco Catalyst Switches or Routers.
Any help or direction in this matter is greatly appreciated.