Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4996
Views
5
Helpful
23
Replies

Ask the Expert: Installing and Configuring Cisco Access Control System

ciscomoderator
Community Manager
Community Manager

‎10-03-2013 11:49 AM - edited ‎03-10-2019 08:57 PM

Installing and configuring Cisco Access Control SystemWith Javier Henderson

Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about how to install and configure the Cisco Secure Access Control System (ACS) with expert Javier Henderson. 

The Cisco Secure ACS is a centralized identity and access policy solution that ties together an enterprise's network access policy and identity strategy. Cisco Secure ACS operates as a RADIUS and TACACS+ server, combining user authentication, user and administrator device access control, and policy control in a centralized identity networking solution. 

Javier Henderson has been a customer support engineer with the Security Team, specializing in AAA technologies, since 2004. In addition to supporting Cisco customers, he has delivered training to other teams on various AAA products. Javier attended Buenos Aires University and holds CCNA and Checkpoint certifications.

Remember to use the rating system to let Javier know if you've received an adequate response. 

Because of the volume expected during this event, Javier might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity, AAA, Identity and NAC, shortly after the event. This event lasts through October 18, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

      

Labels:
0 Helpful
23 Replies 23

John Ventura
Level 1
Level 1

‎10-10-2013 06:18 PM

Hi Javier,

Another quick question, how do I configure ACS to use Windows AD credentials for administrative access to the ACS GUI?

thanks,

John

0 Helpful

Javier Henderson
Level 4
Level 4
In response to John Ventura

‎10-11-2013 04:36 AM

To configure ACS to use Windows AD credentials for administrative access to the GUI once ACS has been joined to an AD domain:

1) Go to System Administration -> Administrators -> Administrative Access Control

2) Click on Identity, then for Identity Source select "AD1"

3) Click on Save Changes

4) Click on Authorization

5) Create an authorization policy with the desired criteria to grant access and grant the desired role

Complete, step by step instructions are available in the following document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_admin.html

Javier Henderson

Cisco Systems

0 Helpful

RAJMOHAN RAMAMOORTHY
Level 1
Level 1

‎10-14-2013 08:07 AM

Hi Javier,

How can we integrate ACS with RSA Authentication Manager for two factor authentication.

How does the two factor authentication work in this integration scenario?

Is there any other App other than RSA, we can integrate with ACS for two factor authentication.

Rajmohan R

Rajmohan R
0 Helpful

Javier Henderson
Level 4
Level 4
In response to RAJMOHAN RAMAMOORTHY

‎10-14-2013 08:19 AM

Rajmohan,

ACS supports the RSA product, in addition to other third party products as external user databases to provide two-factor authentication.


Details on the configuration steps can be found int he following document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/users_id_stores.html

Please let me know if you have specific questions regarding ACS configuration once you had a chance to read that document.

Javier Henderson

Cisco Systems

0 Helpful

Jessica Deaken
Level 1
Level 1

‎10-17-2013 10:19 AM

Hello Javier,

Thank you for covering this topic.  Have a question for you.  What are the requirements for the AD account used to join ACS to AD?

Regards,

Jessica

0 Helpful

Javier Henderson
Level 4
Level 4
In response to Jessica Deaken

‎10-18-2013 04:16 AM

Jessica,

An AD account which is required for the domain access in ACS, should have either of the following:

Add workstations to the domain user in the corresponding domain.

Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

Cisco recommends that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the administrator if a wrong password is used for that account. This is because, if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.

Javier Henderson

Cisco Systems

0 Helpful

Gabriel Lopez
Level 1
Level 1

‎10-18-2013 02:37 AM

Hi Javier

In terms of ipv6 is the platform ACS and protocols ready to receive ipv6 request, it would be very nice if we can create a simple network esenario where we can authenticate a user on 802.1x using nothing but ipv6 conectivity.

i hope my question bring more people together and we can discuss further.

thanks in advance for your answer.

Gabriel Lopez

0 Helpful

Spaniard141
Level 1
Level 1

‎10-18-2013 07:12 AM

Hi Javier

My question is, in Cisco ACS 5.2 (VMWARE) if the ssh password is lost but I still have access to the web gui, can I create or change an account from there to be able to ssh into the system?

Thanks

0 Helpful

Javier Henderson
Level 4
Level 4
In response to Spaniard141

‎10-18-2013 09:53 AM

Raul,

It is not possible to change the password for the shell users from the GUI.

However, you can change the password on the virtual console by booting from the virtual CD using the installation ISO image, one of the options is to reset the admin user password.

Javier Henderson

Cisco Systems

0 Helpful
Customers Also Viewed These Support Documents