ACS 4.1 for a domain

binoyjosephstanly · ‎02-14-2007

hello all,

i've an ACS 4.1 solution engine. i would like to implement 802.1x on my 26 switches which are connecting to 6500 core. so in this scenario where should i place the ACS 4.1 box.

and in edge switches what all things i've to do, enabling 802.1x and enable AAA? so i need to use tacacs or radius.

i've an active directory.i've around 1000 users, so is it possible to use the domain user/passwd, to integrate with the ACS so that no need to create anything in ACS 4.1.

so i need to enable which protocol in my Active directory 2003?

in edge switches i need to enable AAA and i need to point it to the ACS4.1 ip address.

please guide me regarding the above thing, ill rate all the informative posts.

Regards

Binoy.

jafrazie · ‎02-14-2007

This should help get you started:

<http://www.cisco.com/application/pdf/en/us/guest/netsol/ns656/c654/ccmigration_09186a00805eea83.pdf>

Let us know if you need more,

binoyjosephstanly · ‎02-15-2007

Hello jafrazie

thanks for the info, if you can give some inputs like how things should configure exactly, if you can share your experience that will be great.

at · ‎02-19-2007

hi,

i think cause cisco switches (wired) only support EAP-MD5 you CAN NOT authenticate via external Database on ACS to Windows-DB or AD 2003-DB. You must create the DB for authentication on the ACS (internal DB).

One Solution could be to introduce NAC (NAC L2 802.1x).

1. EAP Authentication Protocol and User Database Compatibility

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00806fe24a.html#wp858207

2. NAC Introduction

http://www.cisco.com/en/US/netsol/ns628/networking_solutions_package.html

regards

Alex