All Cisco-Network Study Notes: Installing and Configuring Cisco Secure ACS

Installing and Configuring Cisco Secure ACS

Before you install Cisco Secure ACS for Windows 3.0.2, you charge to ensure that

your server meets the afterward minimum accouterments and software requirements:

Pentium III processor, 550MHz or faster

256MB of RAM

250MB of chargeless deejay space

Graphics resolution of 800 x 600 with 256 colors

Windows 2000 (with SP1 or SP2),Windows 2000 Advanced Server

(without Microsoft Clustering Services, and with SP1 or SP2), or

Windows NT (with SP6a)

Microsoft Internet Explorer (version 5.0 or 5.5) or Netscape

Communication (version 4.76); the browser charge accept both Java

and JavaScript enabled

NOTE

During the Cisco Secure ACS accession process, at atomic one AAA client

(a NAS) needs to be configured on the server. If you do not accept an

actual NAS to configure at the time of installation, accomplish up information

just to complete the accession process. Afterwards commutual installation,

you can annul the “made up” NAS and actualize absolute NAS entries.

To install Cisco Secure ACS, chase these steps:

1. Log on to the server application the bounded authoritative annual and insert

the Cisco Secure ACS CD into the CD-ROM drive. If the Cisco Secure

ACS for Windows 2000/NT chat box does not arise via the

Windows Autorun feature, run setup.exe from the basis agenda of the

www.syngress.com

Authentication, Authorization, and Accounting • Chapter 5 231

Cisco Secure ACS CD.You should now see the Cisco Secure ACS for

Windows 2000/NT chat box with the software allotment agreement.

2. Read the allotment agreement, and bang the Accept button if you accept

the acceding of the allotment agreement. As apparent in Figure 5.4, the

Welcome awning should now appear.

3. Bang the Next button to affectation the Before You Begin awning (see

Figure 5.5), which identifies some tasks that you charge complete before

installing Cisco Secure ACS.

www.syngress.com

Figure 5.4 The Cisco Secure ACS Welcome Screen

Figure 5.5 The Cisco Secure ACS Before You Begin Screen

232 Chapter 5 • Authentication, Authorization, and Accounting

4. Review anniversary account listed and baddest the agnate analysis box for

items that you accept completed. Once all the items are checked, bang the

Next button.The Accept Destination Area awning will be displayed.

NOTE

If you accept not completed all the items listed in the Before You Begin

dialog box, bang the Cancel button, again bang Exit Setup. Complete the

necessary items, and again restart the accession process.

5. The Accept Destination Area awning displays the absence drive

and aisle for the accession of Cisco Secure ACS. If you appetite to install

the software in an alternating location, bang the Browse button and select

the adapted location. Bang the Next button to advance to the

Authentication Database Agreement awning displayed in Figure 5.6.

6. The Affidavit Database Agreement awning allows you to select

options for acceptance users.You can accept to use the Cisco Secure

ACS database only, or you can accredit users adjoin a Windows

2000/NT user database. Baddest the adapted option. If you accept to

include the Windows 2000/NT user database, you can again accept to

www.syngress.com

Figure 5.6 The Cisco Secure ACS Affidavit Database

Configuration Screen

Authentication, Authorization, and Accounting • Chapter 5 233

check user accounts for the “Grant dialin permission to user” setting

before acceding access.When this advantage is angry on, users will be

granted admission alone if the “Grant punch permission to user” ambience is

enabled for their accounts. Otherwise, users will be denied access. Once

you accept called the adapted settings, bang the Next button to proceed

to the Network Admission Server Capacity awning (see Figure 5.7).

NOTE

Once you accept installed Cisco Secure ACS, you can accredit abutment for

external databases, including Windows NT/2000.

7. The Network Admission Server Capacity awning allows you to ascertain an initial

NAS (an AAA client) that will accomplish affidavit or authorization

requests to the Cisco Secure ACS server. Baddest the adapted authentication

method in the Accredit Users Application drop-down list. Provide

the hostname of the AAA applicant in the Admission Server Name argument box.

Provide the IP abode of the AAA applicant in the Admission Server IP Address

text box, and accommodate the IP abode of the server on which you are

installing Cisco Secure ACS in the Windows Server IP Abode argument box.

In the TACACS+ or RADIUS Key argument box, blazon the key that will be

www.syngress.com

Figure 5.7 The Cisco Secure ACS Network Admission Server Details

Screen

234 Chapter 5 • Authentication, Authorization, and Accounting

used for affidavit amid the AAA applicant and the Cisco Secure

ACS server. Once you accept provided the all-important AAA applicant details,

click the Next button to advance to the Advanced Options screen

displayed in Figure 5.8.

NOTE

The RADIUS or TACACS+ key on ACS and the AAA applicant charge bout for

authentication and allotment to action correctly.

8. The Advanced Options chat box lists several options that you can

enable.These options are not enabled by absence and will alone arise in

the Cisco Secure ACS interface if you accredit them.You can always

enable the adapted options afterwards accession via the Advanced Options

page in the Interface Agreement section. Once you accept called the

Advanced Options that you would like to enable, bang the Next button

to advance to the Active Account Monitoring awning displayed in Figure

5.9.The Active Account Monitoring awning allows you to configure features

of Cisco Secure ACS that adviser the availability of the AAA services.

This awning provides you the befalling to configure these

features during the accession process, but you still accept the advantage of

configuring them any time afterwards the accession has completed by

www.syngress.com

Figure 5.8 The Cisco Secure ACS Advanced Options Screen

Authentication, Authorization, and Accounting • Chapter 5 235

selecting the System Agreement button in the Cisco Secure ACS

user interface. Bang the Explain button for added advice about the

available options.

9. Once you accept configured the adapted account administration features,

click the Next button to advance to the Network Admission Server

Configuration awning apparent in Figure 5.10.

www.syngress.com

Figure 5.9 The Cisco Secure ACS Active Account Monitoring Screen

Figure 5.10 Cisco Secure ACS Network Admission Server Configuration

Screen

236 Chapter 5 • Authentication, Authorization, and Accounting

10. The Network Admission Server Agreement awning appears if you selected

either TACACS+ (Cisco IOS) or RADIUS (Cisco IOS/PIX) as

the affidavit adjustment in the Network Admission Server Capacity dialog

box (shown in Figure 5.7).The Network Admission Server Configuration

screen gives you the advantage to configure the accordant NAS applicant to use

the Cisco Secure ACS server AAA services. It provides you with the

minimum commands all-important to admission on the Cisco accessory to accomplish

this assignment and provides you an befalling to Telnet to the accessory to

complete the configuration. Because you accept called TACACS+

(Cisco IOS) as the affidavit method, you will be provided with

the all-important commands to configure an IOS accessory for TACACS+.The

PIX firewall commands are altered from the IOS commands, so deselect

the Yes, I appetite to configure Cisco IOS software now check

box. Bang the Next button to advance to the CiscoSecure ACS Service

Initiation awning displayed in Figure 5.11.

11. The CiscoSecure ACS Account Initiation awning provides options for

launching casework afterwards the accession completes. All the options are

selected by default. Deselect the analysis boxes associated with any of the

services that you do not appetite started.You should leave the analysis box

associated with starting the Cisco Secure ACS account arrested in order

to alpha application Cisco Secure ACS. Once you accept completed your selections,

click the Next button to advance to the Bureaucracy Complete screen.

www.syngress.com

Figure 5.11 Cisco Secure ACS Account Initiation Screen

Authentication, Authorization, and Accounting • Chapter 5 237

12. Bang the Finish button to complete the accession and alpha the service.

NOTE

To admission the Cisco Secure ACS HTML interface, use the URL of

http://ip_address:2002, area ip_address is the IP abode of the ACS

server. For example, if the ACS server has an IP abode of 192.168.2.20,

you would admission it application the URL of http://192.168.2.20:2002.