What Is ACS?


ACS is a very powerful tool that enables network security administrators to centrally manage authentication, authorization, and accounting (AAA) on a wide range of Cisco platforms. ACS allows network access devices to act as an AAA client to the server. ACS has many benefits and features, which include some of the following:

  • Automatic service monitoring Automatic service monitoring watches the process that runs ACS and alerts the administrator as well as restarts these critical services.

  • Lightweight Directory Access Protocol (LDAP) support LDAP support includes user's certificate authority (CA) certificates that are stored in remote LDAP directories when using Active Directory, using the Windows external user database feature. The LDAP external user database feature support is limited to PAP, ASCII, and OTP protocols.

  • Time-of-day and day-of-week restrictions Time of day and day of week restrictions allow you, the administrator, to determine when users are permitted to access certain resources on the network.

  • Virtual private network (VPN) authentication and wireless support With VPN and wireless support you can terminate VPN connections and authenticate users to ACS and employ Lightweight Extensible Authentication Protocol (LEAP) authentication using the RADIUS protocol with wireless access points.

  • External database synchronization Support for external database synchronization allows you to use an existing authentication database rather than spend valuable time creating a new one in ACS. Users found in an external database can be created in the CiscoSecure Database; however, they are not deleted when the users are removed from the external database. Although this is not a true external database synchronization, it can be looked at as an initial external database synchronization.

As you begin to deploy ACS, keep in mind that there is not a "one solution fits all" answer to the deployment of ACS. The deployment of your ACS is dependent on the size of your network as well as the location of the server in relationship to the locations of the clients requesting authentication. Keep in mind that no two networks are exactly the same, and you must take this approach when it comes to your deployment.




Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net