Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ACS 3.0 implementation

Posted on 2004-08-11
4
Medium Priority
?
836 Views
Last Modified: 2012-08-13
Hi everybody,

I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.

I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.

1. Description of the network:

My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.


2. What it is the desire:

By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external  ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.

3 .The problems

a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.

4. What I need

a) Some advices from people who  has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the  authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.

Thank you very much.
0
Comment
Question by:Osirium
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 11790527
If you have Windows 2000 servers, then you already have windows Internet Authentication Server which is RADIUS, built right in. Why pay money for the ACS software, plus annual maintenance, plus another dedicated server?
IAS is so much simpler to setup and administer, and is already part of the Active directory.
Complete documentation for ACS 3.0
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/index.htm

Do you have the software already? Do you have 3.0 or the newest 3.3?

background on setting up AAA
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm
0
 

Author Comment

by:Osirium
ID: 11790549
I have ACS 3.0.After a quick rewiev of the ACS I see that software can do expecially Accounting.

The main problem it is that are an number of people that have the passwords on the network devices.The board wants to have control and different type of reports about who entered, what kind of modification he made, etc...

I do not known if IAS work fine with the CISCO devices and what type of reports can it generate.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11790569
IAS works just fine with Cisco devices. It does not have the robust reporting capabilities that ACS gives you.

I hope you have software maintenance so that you can get the upgrade to 3.3...

0
 

Author Comment

by:Osirium
ID: 11790656
It seems that version 3.3 has new features.

I will take a look over these...


Thank you very much for the support.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question