Chapter 9. Cisco Secure Access Control Server (ACS)

This chapter contains the following sections:

• Cisco Secure Access Control Server (ACS) Features

• Overview of Authentication, Authorization, and Accounting (AAA)

• RADIUS and TACACS+

• Cisco Secure ACS Installation

• Cisco Secure ACS Configuration

• Network Access Server Configuration

• Configuration Example

• Summary

• Frequently Asked Questions

• Glossary

• Bibliography

• URLs

This chapter covers the Cisco Secure Access Control Server (ACS). As networks and network security have evolved, so too have the methods of controlling access to these networks and their associated resources. Ten years ago, it was deemed suitable to use a static username and password pair to gain access to resources on the corporate network. As time progressed, these methods became stronger from a security standpoint with the introduction of aging passwords and one-time passwords. Eventually, security professionals initiated the use of token cards and token servers to issue one-time passwords.

From an Internet security viewpoint, you can consider two distinct areas of concern:

• Access to the network by dial-up or other remote services

• Access to the internetworking devices at the perimeter or on the internal network

To manage these concerns, Cisco released the Cisco Secure Server, which was later renamed the Cisco Secure Access Control Server (ACS). This is a complete access control server that supports the industry-standard Remote Access Dial-In User Service (RADIUS) protocol in addition to the Cisco proprietary Terminal Access Controller Access Control System Plus (TACACS+) protocol.