Solved

Cisco ACS 3.0 implementation

Posted on 2004-08-11
4
834 Views
Last Modified: 2012-08-13
Hi everybody,

I do not know if this it is a stupid question or not, anyway it stress me very hard because of complexity of the project.

I need to implement in very short time Cisco ACS 3.0 with Windows 2000 active directory authentification for users.

1. Description of the network:

My network it is large: 5000 windows users ( windows 98, 2000, XP ), multiple windows 2000-2003 Domain Controllers, Cisco 2950 switches, different models of Cisco routers, PIX.


2. What it is the desire:

By implementing this pice of software from cisco, the network administrators will have the possibility to log from internal LAN and from external  ( using Dial-up,VPN, etc ) on the network equipments ( switches, routers, pix ) with their own windows 2000 domain password and perform different modifications upon configurations from this devices.

3 .The problems

a) I do not have much experience in configuring TACACS+ server and RADIUS.
b) The CISCO product CD containt a very few good documentation about what could be in this case a possible arhitecture for this sollution.

4. What I need

a) Some advices from people who  has implemented this kind of sollution.
b) where can I find some basic documentation about what it is the way of the  authentification process for a user who want to access a switch like example trought ACS 3.0
c) what are the basic hardware elements for deploying ACS arhitecture.
d) anything alse that can help me.

Thank you very much.
0
Comment
Question by:Osirium
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11790527
If you have Windows 2000 servers, then you already have windows Internet Authentication Server which is RADIUS, built right in. Why pay money for the ACS software, plus annual maintenance, plus another dedicated server?
IAS is so much simpler to setup and administer, and is already part of the Active directory.
Complete documentation for ACS 3.0
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/index.htm

Do you have the software already? Do you have 3.0 or the newest 3.3?

background on setting up AAA
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm
0
 

Author Comment

by:Osirium
ID: 11790549
I have ACS 3.0.After a quick rewiev of the ACS I see that software can do expecially Accounting.

The main problem it is that are an number of people that have the passwords on the network devices.The board wants to have control and different type of reports about who entered, what kind of modification he made, etc...

I do not known if IAS work fine with the CISCO devices and what type of reports can it generate.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11790569
IAS works just fine with Cisco devices. It does not have the robust reporting capabilities that ACS gives you.

I hope you have software maintenance so that you can get the upgrade to 3.3...

0
 

Author Comment

by:Osirium
ID: 11790656
It seems that version 3.3 has new features.

I will take a look over these...


Thank you very much for the support.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Provide internet access from one windows PC to another 16 148
SSH setup on ASA 5505 17 125
Management of Huawei B315 2 70
Linksys EA8500 3 17
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question