Overview
In the Implementing Cisco Secure Access Control System (ACS) course, you will learn to provide secure access to network resources using the Cisco Secure Access Control System (ACS) 5.2. You'll examine how the ACS has grown by leaps and bounds since 4.x., discover new features, and learn how the 4.x configurations map to 5.x configurations. You will also get a look into future ACS technologies.
You will learn about the role and importance of ACS in Cisco TrustSec, whether TrustSec is deployed as an appliance-based overlay solution or as a network-integrated 802.1x solution. You will learn about user authentication and authorization, posture assessment, device profiling, guest access, data integrity and confidentiality, centralized policy, collaborative monitoring, troubleshooting, and reporting in Cisco TrustSec solutions.
Pre-Requisites
The knowledge and skills that a learner must have before attending this course are as follows:
- CCNA certification or the equivalent knowledge and experience
- Working knowledge of Microsoft Windows
- CCNA Security certification or the equivalent knowledge and experience is recommended
To gain the prerequisite skills and knowledge, Cisco strongly recommends the knowledge of the following courses:
- Interconnecting Cisco Networking Devices Part 1 (ICND1)
- Interconnecting Cisco Networking Devices Part2 (ICND2)
- Implementing Cisco IOS Network Security (IINS)
Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
- RADIUS and TACACS+ protocols
- ACS solutions, including ACS Express, ACS Enterprise, ACS on VMware, and appliances such as the CSACS-1120 Series and CSACS-1121 Series
- Major components of ACS
- ACS 5.2 installation best practices
- Configure the ACS from a default install
- License requirements
- How attributes, value types, and predefined values are used
- Types of Authentication, Authorization, and Accounting (AAA) clients and how they access network resources and other AAA clients
- Work with a local identity store and identity store sequence
- Users and identity stores
- Configure an external identity store with LDAP
- Fundamentals of LDAP
- Set up LDAP SSL
- Set up an external identity store with Active Directory
- Perform AAA with TACACS+
- Monitor and troubleshoot ACS (AAA with TACACS+)
- Using a local certificate authority to replace digital certificates self-signed by ACS
- Introduction to IEEE 802.1x and EAP
- 802.1x using Windows XP, Windows 7, and AnyConnect 3.x supplicants
- 802.1x single host authentication
- 802.1x troubleshooting
Target Audience
This course is designed for:
- Security professionals, architects, and engineers and network administrators responsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities
- Cisco channel partners who sell, implement, and maintain Cisco ACS solutions
- Cisco ACS solutions sales engineers
