Introduction

This book is focused on providing the skills necessary to successfully configure authentication, authorization, and accounting (AAA) services on Cisco devices using Cisco Secure Access Control Server/System 4.2 and 5.1. This book was motivated by a desire to provide a one-stop resource for AAA solutions on Cisco devices.

Goals and Methods

The goals of this book are as follows:

• Provide an overview of the AAA architecture

• Provide detailed discussion on the TACACS+ and RADIUS protocols

• Provide detailed discussion on AAA for most common scenarios of network access

• Provide an in depth configuration and troubleshooting overview of AAA on Cisco devices

• Provide an in-depth overview of ACS 4.2 and 5.1 features and configuration to match with configuration on Cisco devices

This book discusses different means to control the access to various network resources. This is followed by configuration and troubleshooting on Cisco devices and ACS. In the end, you are given a lab scenario to reinforce the learning.

Who Should Read This Book?

This book is targeted toward the following people:

• Network security professionals tasked with the implementation and management of access control and identity management using Cisco devices and/or Cisco ACS.

• Those who are pursuing different Cisco certifications requiring knowledge of AAA, such as CCSP and CCIE.

How This Book Is Organized

This book is separated into the following six logical parts.

• Part I, “AAA and CiscoSecure ACS”—This part is designed to introduce AAA and ACS. Chapters 1 and 2 provide an overview of AAA and ACS. Chapters 3 and 4 provide an in-depth understanding of ACS 4.2 and ACS 5.1. Chapter 5 builds on the previous two chapters and dicusses various user databases which can be configured with ACS.

• Part II, “Administrative AAA”—This part is designed to discuss AAA for administrative sessions on Cisco IOS and Cisco PIX/ASA. This part is also the foundation of establishing and troubleshooting connectivity between devices and ACS. It contains two chapters and five lab scenarios.

• Part III, “802.1x”—This part is designed to discuss the IEEE IEEE 802.1X protcol and its implementation on Cisco Catalyst Switches and Cisco Access Points. In this part you will learn about different EAP types, their advantages and disadvantages, and how to configure Cisco devices, ACS, and clients running Windows XP. This part contains two chapters and five lab scenarios.

• Part IV, “Pass-Through Traffic”—This part discusses access control on traffic passing through a device running Cisco IOS and through Cisco ASA/PIX. This part contains two chapters and three lab scenarios.

• Part V, “Remote Access”—This part discusses access control on Remote Access sessions such as VPN and PPP on Cisco IOS and Cisco PIX/ASA. This part contains two chapters and three lab scenarios.

• Part VI, “ACS Advanced Configuration”—The final part of the book looks at advanced topics of ACS management such as backup, restore, remote logging, and replication. This part contains two chapters.