Osirium
asked on
Cisco ACS 3.0 implementation
Hi everybody,
I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.
I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.
1. Description of the network:
My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.
2. What it is the desire:
By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.
3 .The problems
a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.
4. What I need
a) Some advices from people who has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.
Thank you very much.
I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.
I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.
1. Description of the network:
My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.
2. What it is the desire:
By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.
3 .The problems
a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.
4. What I need
a) Some advices from people who has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.
Thank you very much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
IAS works just fine with Cisco devices. It does not have the robust reporting capabilities that ACS gives you.
I hope you have software maintenance so that you can get the upgrade to 3.3...
I hope you have software maintenance so that you can get the upgrade to 3.3...
ASKER
It seems that version 3.3 has new features.
I will take a look over these...
Thank you very much for the support.
I will take a look over these...
Thank you very much for the support.
ASKER
The main problem it is that are an number of people that have the passwords on the network devices.The board wants to have control and different type of reports about who entered, what kind of modification he made, etc...
I do not known if IAS work fine with the CISCO devices and what type of reports can it generate.