Solved

Cisco ACS 3.0 implementation

Posted on 2004-08-11
4
828 Views
Last Modified: 2012-08-13
Hi everybody,

I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.

I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.

1. Description of the network:

My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.


2. What it is the desire:

By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external  ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.

3 .The problems

a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.

4. What I need

a) Some advices from people who  has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the  authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.

Thank you very much.
0
Comment
Question by:Osirium
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11790527
If you have Windows 2000 servers, then you already have windows Internet Authentication Server which is RADIUS, built right in. Why pay money for the ACS software, plus annual maintenance, plus another dedicated server?
IAS is so much simpler to setup and administer, and is already part of the Active directory.
Complete documentation for ACS 3.0
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/index.htm

Do you have the software already? Do you have 3.0 or the newest 3.3?

background on setting up AAA
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm
0
 

Author Comment

by:Osirium
ID: 11790549
I have ACS 3.0.After a quick rewiev of the ACS I see that software can do expecially Accounting.

The main problem it is that are an number of people that have the passwords on the network devices.The board wants to have control and different type of reports about who entered, what kind of modification he made, etc...

I do not known if IAS work fine with the CISCO devices and what type of reports can it generate.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11790569
IAS works just fine with Cisco devices. It does not have the robust reporting capabilities that ACS gives you.

I hope you have software maintenance so that you can get the upgrade to 3.3...

0
 

Author Comment

by:Osirium
ID: 11790656
It seems that version 3.3 has new features.

I will take a look over these...


Thank you very much for the support.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 104
New Aruba 2930f switches in lab.  Do they need to be configured to work? 21 105
Eigrp Router 5 67
Cisco iWAN 8 71
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now