Solved

Cisco ACS 3.0 implementation

Posted on 2004-08-11
4
826 Views
Last Modified: 2012-08-13
Hi everybody,

I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.

I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.

1. Description of the network:

My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.


2. What it is the desire:

By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external  ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.

3 .The problems

a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.

4. What I need

a) Some advices from people who  has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the  authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.

Thank you very much.
0
Comment
Question by:Osirium
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11790527
If you have Windows 2000 servers, then you already have windows Internet Authentication Server which is RADIUS, built right in. Why pay money for the ACS software, plus annual maintenance, plus another dedicated server?
IAS is so much simpler to setup and administer, and is already part of the Active directory.
Complete documentation for ACS 3.0
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/index.htm

Do you have the software already? Do you have 3.0 or the newest 3.3?

background on setting up AAA
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm
0
 

Author Comment

by:Osirium
ID: 11790549
I have ACS 3.0.After a quick rewiev of the ACS I see that software can do expecially Accounting.

The main problem it is that are an number of people that have the passwords on the network devices.The board wants to have control and different type of reports about who entered, what kind of modification he made, etc...

I do not known if IAS work fine with the CISCO devices and what type of reports can it generate.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11790569
IAS works just fine with Cisco devices. It does not have the robust reporting capabilities that ACS gives you.

I hope you have software maintenance so that you can get the upgrade to 3.3...

0
 

Author Comment

by:Osirium
ID: 11790656
It seems that version 3.3 has new features.

I will take a look over these...


Thank you very much for the support.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now