Cisco Secure Access Control Server
Cisco Secure ACS is an AAA server product developed by Cisco that can run on Windows
NT/2000 Server and UNIX, although Cisco has discontinued support for the Windows NT
and UNIX platforms. It supports a number of NASs, including the Cisco Security Appliance.
Cisco Secure ACS supports both RADIUS and TACACS+.
Cisco has replaced the UNIX platform with the Cisco Secure ACS Solution Engine Server.
The server is a standalone 1U server with Cisco Secure ACS 3.3 preinstalled.
With the release of Cisco Secure ACS 3.3, several new features have been added to strengthen
an already powerful AAA server platform:
■ Network Admission Control—Using the Network Admission Control (NAC) feature,
the Cisco Secure ACS will acts as a policy decisions point within NAC deployments.
Policies are created to evaluate the host on several different levels before assigning AAAclient
ACS appropriate for the host’s security state. Through these policies, the ACS can
evaluate the host’s credentials using Cisco Trust Agents. Additionally, policies can be
created to determine the state of the host based on such details as the host’s operating
systems patch level and the antivirus DAT file version.
■ Machine Access Restrictions—The Cisco Secure ACS can help control authorization of
EAP-TLS and Microsoft PEAP users using Machine Access Restrictions (MAR). Users
who authenticate with a Windows external user database that does not pass machine
authentication within a configured length of time can be given authorizations of a user
group, limited authorization, or denial of network access.
■ Network Access Filters—Cisco has added a new shared profile component with ACS 3.3
called Network Access Filters (NAF). NAFs can apply network access restrictions and
can allow ACLs to be downloaded using specific AAA client names, IP addresses, or
specific devices.