In this article, you learn about the Cisco ACS Secure Access Control System Products. In Order to implement AAA solution in a networking environment, we must need Server Infrastructure which should able to host TACACS or Radius Type Services.
Under various options, one option is feed-based software which has TACACS and Radius service
So, CISCO developed a product that has all these options combined together and It is called CISCO ACS and here ACS stands for Access control Server.
CISCO ACS Product Options
1) Appliance -Based Versions
2) Software-Based Versions
1) Appliance Based version
- It is a Linux based which has ACS 5.X pre-installed.
- You can use TACACS and Radius since both options available.
- You can use the GUI.
- It can be easily integrated with Microsoft Active Directory.
2) Software-Based Version
- It could be installed in a Virtualized environment like VM ware or it could be a physical server like a Windows-based server which is a windows-based version of this.
- This is a truly scalable solution for AAA.
- It is a centralized database for all devices likes firewall, switch, router Etc.
The benefit of CISCO ACS product
- ACS is a complete access control and confidentiality control product that that means it can easily integrate with other components like other policy or end-point components.
- ACS supports various authentication protocols available like PAP, MS_CHAP, EAP-TLS,
- There are two types of authentication protocols are there first is for Network access control and the other is for Device access control. For Network access control it uses Radius and for Devices, it could be used TACACS+
- It could be easily managed centralized and very friendly Graphical user interface it has.
- ACS is used for monitoring and reporting for logs. It’s friendly GUI can be used to export logs and use for auditing.
- ACS5.8 could be Integrate with RSA token for two-factor authentications.
How CISCO ACS product works
As per Screenshot above Endpoint user or Supplicant Hits traffic against any network devices like Wireless LAN controller.
The network devices ask for username and password.
The user provides usernames and passwords to the network devices.
The device sends these credentials details to CISCO ACS.
These credentials or details would check against the ACS database and return that information
If the user is already added in ACS that means which that allowed access device pass this to user due to which user could access the device.
If not allowed user will be blocked or won’t get access to the device.
It could check against Active Directory that if the user has which role like admin, read/Write.
Download Cisco ACS Secure Access Control System in pdf- Click here