Monday, May 16, 2011

Cisco Secure Access Control Server (ACS)



Cisco Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements. By integrating with your other access control systems, it helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including:

  • Device administration: Authenticates administrators, authorizes commands, and provides an audit trail
  • Remote Access: Works with VPN and other remote network access devices to enforce access policies
  • Wireless: Authenticates and authorizes wireless users and hosts and enforces wireless-specific policies
  • Network admission control: Communicates with posture and audit servers to enforce admission control policiec
first the installation










now configure the ACS server
configue a client that will be our Router

give the router IP address and the shared secret cisco we will configure that in our server with the shared secret cisco too

create a user name:


give a password and select the user group
now configuring the user group :
scroll down to tacacs server part and enable shell for exec mode and the privilege

now we finish configuration with ACS server : just simple configuration for login ACS has a lot configuration (^_*)
we move to configure our router to authenticate users using our ACS server
1: enable the aaa with the command aaa new-model
2:create a method that tells the router we need to authenticate our users using tacacs+ server if you don't find tacacs+ server use our local user database
aaa authentication login mylogin group tacacs+ local
3:now we give the router the tacacs server ip address
and configure the shared key
tacacs-server host 10.0.0.50
tacacs-server key cisco

so now we done but we don't enable the mylogin method yet
we will put our method mylogin under the telnet interface to authenticate users using telent to configure our router
line vty 0 4
login authentication mylogin

congratulation we finish configuring our server to authenticate users come by telent to use ACS tacacs server
now time to test ?!
1- you can use telnet 10.0.0.1 to comunicate with our server
i'm using tera term :

enter the user name and password :
dadaaaaaaaaa
Posted by at
Labels:

3 comments:

  1. Abdulrahman .May 17, 2011 at 4:32 AM

    هذه الداة الي تعمل المستخدمين والصلاحيات لهم وجعلهم في مجموعات ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

    ReplyDelete
  2. Abdulrahman .May 17, 2011 at 4:50 AM

    هلا يا كاهلي ايوه نعم

    ReplyDelete
  3. Abdulrahman .March 22, 2012 at 3:29 PM

    You can access EXEC mode, and how about the privilege mode? After trying to input the command enable, it says %Error in authentication %

    ReplyDelete

Subscribe to: Post Comments (Atom)