![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
Cisco has developed a line of Access Control Server software products to provide a scalable method for the centralization of security. CiscoSecure Access Control Server software complements and protects any network installation, centralizing individual access control of network access servers, firewalls, and routers.
Cisco's complete line of Access Control Server software products can be used for:
The products range from an entry-level product, CiscoSecure EasyACS (included with every Cisco Access Server), to powerful carrier class Access Control Server software.
The CiscoSecure Global Roaming Server (GRS) for UNIX is one of many solutions in Cisco's suite of specialized, security software solutions for Authentication, Authorization, and Accounting (AAA). CiscoSecure GRS for UNIX turns existing dial infrastructures into global roaming networks. The use of CiscoSecure GRS can increase the number of Internet access points a service provider can offer to a customer without incurring the costs associated with additional equipment. With the deployment of GRS into complex environments using both TACACS+ and RADIUS facilitating proxy and translation, GRS provides concurrent true global scalability and dialup access across thousands of globally deployed access control servers.
CiscoSecure GRS for UNIX enables service providers to provide a new level of service to other Service Providers (SPs) and corporate customers to take local Internet connectivity to a global scale. This server can provide the complex operation of the "proxy" and translation of TACACS+ and RADIUS security protocols. This functionality removes the proprietary burden of forcing every end of a secured connection to be from a single manufacturer, and makes adding services a simple action instead of a network overhaul.
CiscoSecure GRS is a scaleable global roaming server with many Service Provider features:
GRS enables:
| Description |
Hardware | Sun SPARCstation 20
CD-ROM drive 128 MB of RAM 128 MB of disk swap space 500 MB of disk space |
Software | Solaris V2.51 |
Description | Product Number |
CiscoSecure GRS V.1.1 for UNIX (1 server license) | CSU-GRS-1.1 |
CiscoSecure GRS V.1.1 for UNIX (4 server license) | CSU-GRS-4S-1.1 |
CiscoSecure GRS software application support (1 server license) | CON-SAS-CSGRS |
CiscoSecure GRS software application support plus upgrade (1 server license) | CON-SAU-CSGRS |
To support the growing population of network devices that directly or indirectly control how users connect to the public Internet and the corporate intranet, Cisco introduces CiscoSecure ACS v2.2 for UNIX. CiscoSecure ACS v2.2 for UNIX is an Access Control Server for Solaris that controls the authentication, authorization, and accounting of users accessing the Internet or intranet.
Primary applications for the CiscoSecure Access Control Server include securing dial-up access servers and firewalls for network access and securing the management of routers and switches within a network. Both applications have unique authentication and authorization requirements. With CiscoSecure Access Control Server, system administrators can select a variety of authentication methods that each provide a set of authorization privileges.
Completing the access control functionality, the CiscoSecure Access Control Server serves as a central repository for accounting information. Each session that is established can be fully accounted for and stored on the server. This accounting information can be used for security audits, capacity planning, or bill-back network usage.
CiscoSecure ACS is a powerful access control server with many Service Provider and Enterprise features:
Using CiscoSecure Access Control Server, a network administrator can control the following:
| Description |
Hardware | Sun SPARCstation 20
CD-ROM drive 128 MB of RAM 256 MB of disk swap space 500 MB of disk space |
Software | Solaris V2.51 or V2.6
IOS v11.1 (TACACS+) IOS v11.2 (RADIUS) Oracle v7.33 or v8.03 Sybase v11.1 |
Table 5-4 lists the CiscoSecure Access Control Server product numbers. Note that each copy of CiscoSecure is licensed to be installed on a single Sun Workstation. A backup copy can also be used, but this backup copy can only be used to Authenticate, Authorize, or Account when the primary CiscoSecure is not active. There are no license restrictions on number of users or ports.
Description | Product Number |
CiscoSecure Access Control Server Version 2.2 for UNIX (Solaris) | CSU-2.2 |
CiscoSecure Access Control Server Version 1.x/2.x to Version 2.2 upgrade | CSU-2.2-UG |
CiscoSecure software application support for UNIX | CON-SAS-CSU |
CiscoSecure software application support plus upgrades for UNIX | CON-SAU-CSU |
To support the growing population of network devices that directly or indirectly control how users connect to the public Internet and the corporate intranet, Cisco introduces CiscoSecure ACS v2.1 for Windows NT. CiscoSecure ACS v2.1 for Windows NT is an Access Control Server that operates as a Windows NT Service and controls the authentication, authorization, and accounting of users accessing thousands of network ports.
CiscoSecure ACS v2.1 for Windows NT supports the centralization of access control and accounting for dial-up access servers and firewalls, and management of access to routers and switches. With it, service providers can quickly administer accounts and globally change levels of service offerings for entire groups of users. This improves their ability to deliver wholesale dial-up services to corporations investing in the outsourcing of dial-up and networking services.
For corporations supporting the rollout of their own access control infrastructure and those investing in service provider outsourcing while maintaining ownership of user account control, CiscoSecure ACS can be used for both. Because of its tight integration with the Windows NT operating system, companies can leverage their working knowledge, and the investment already made into building a Windows NT network and the Windows NT database.
CiscoSecure ACS is a powerful access control server with many Service Provider and Enterprise features:
Using CiscoSecure Access Control Server, a network administrator can control the following:
| Description |
Hardware | Intel class Pentium 133 MHz PC or compatible
32 MB of RAM 10 MB hard drive space CD-ROM drive Screen resolution of 800 x 600 or better |
Software | Microsoft Windows NT Server v4.0
Microsoft Internet Explorer v3.02 or higher or NetScape Navigator v3.0 or higher Cisco IOS 11.1 or higher on the network device (11.2 for RADIUS) |
Table 5-6 lists the CiscoSecure ACS v2.1 for Windows NT product numbers. Note that CiscoSecure ACS v2.1 for Windows NT is licensed on a per-server basis. There are no restrictions on the number of users or the number of ports used on a licensed server.
Description | Product Number |
CiscoSecure ACS V.2.1 for Windows NT | CSNT-2.1 |
CiscoSecure ACS v1.0/v2.0 for Windows NT to v2.1 upgrade | CSNT-2.1-UG |
CiscoSecure software application support for Windows NT | CON-SAS-CSNT |
CiscoSecure software application support plus upgrades for Windows NT | CON-SAU-CSNT |
As more and more dial-up access servers, firewalls, and routers get deployed, centralized management of access becomes a requirement to be able to scale. The present and common method for controlling access is at the device itself. This is certainly secure but difficult to manage changes in personnel and policy. The most obvious method to support these types of changes and leverage much of the work already completed in designing a network of Windows NT servers is to move to a central repository concept of security on a Windows NT Server.
CiscoSecure EasyACS is entry-level, basic access control server software that can run on Windows NT and allow service providers and corporations to begin to roll out, or experiment with, the concept of a centralized access control and security system.
In many cases, basic access control service is sufficient for a single access server and customers can put this right into production environments. For administrators who desire to scale up to higher-end products, the installation and rollout of CiscoSecure EasyACS can be built upon, using all of the configuration and database already created. CiscoSecure ACS v2.0 for Windows NT is the higher-end Cisco ACS for Windows NT product that can scale the EasyACS installation to support many more features and multiple access devices.
For corporations supporting the rollout of their own access control infrastructure and those investing in service provider outsourcing while maintaining ownership of user account control, CiscoSecure EasyACS can be used for both as a low-risk, easy-to-use starting place. Because of its tight integration with the Windows NT operating system, companies may leverage the working knowledge and the investment already made into building a Windows NT network and the Windows NT database.
Using CiscoSecure Access Control Server, a network administrator can control the following:
Figure 5-1 shows the navigation bar, edit field, and help windows of CiscoSecure EasyACS.
Table 5-7 lists the specifications for CiscoSecure ACS v2.0 for Windows NT.
Minimum Hardware Requirements | Software Requirements |
---|---|
Intel class Pentium 133 MHz PC or compatible 24 MB of RAM 10 MB hard drive space CD-ROM drive Screen resolution of 800 x 600 or better | Microsoft Windows NT Server v4.0 |
Microsoft Internet Explorer v3.0 or Netscape Navigator v3.0 | |
Cisco IOS 11.1 or higher |
CiscoSecure EasyACS is included on a CD-ROM with Cisco 2500 series access servers, AS5200 universal access servers, and Cisco 3600 series dial-up routers. CiscoSecure EasyACS is also available via CCO if you have a Cisco 2500 series access server, AS5200, or Cisco 3600 series installed at your site that is covered by a SMARTnet contract.
Table 5-8 shows the CiscoSecure Access Server product numbers. Note that CiscoSecure EasyACS v1.0 for Windows NT is licensed on a per-server basis and supports one access server or one firewall. There are no restrictions on the number of users or the number of ports used on a licensed server.
Description | Part Number |
---|---|
CiscoSecure EasyACS v1.0 | Included with Cisco Dial-up Access Servers; not orderable or for sale separately |
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |