cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

414
Views
0
Helpful
5
Replies
Joshua Engels
Beginner

Cisco ACS 4.2 Solutions Engine replacement advice

Hi everyone,

I am hoping to get some advice on an upcoming upgrade.  We currently have a Cisco ACS 4.2 Solutions Engine.  (That's the physical appliance).  It is coming to end of support and we are looking to replace.  Here is what we use it for today:

1. TACACS+ AAA for all routers and switches.  Gives us great reporting.

2. PEAP Authentication for our wireless network off of a 5508 Wireless Controller.

3. Machine Access Restrictions for our Wireless network.  (Basically Machine Authentication)

I believe that is all we use it for today.  That said, hoping to get some of your opinions on a replacement.

Any advice or opinions are greatly appreciated.

Thanks,

Josh

5 REPLIES 5
Jatin Katyal
Cisco Employee

All these features are avialble in ACS 5.4 latest version.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/eap_pap_phase.html

Jatin Katyal


- Do rate helpful posts -

~Jatin

Hi Josh,

  To add up to the above post, You will have to undergo the migration process from going to ACS 4.2 to ACS 5.4.

Here is the migration guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_support.html

Regards

Minakshi

(Do rate the helpful posts )

Also looking at the Cisco ISE Base package.  We are getting into the BYOD stuff as well.  What do you guys think about using ISE to replace my ACS? 

Looking at your current requirements, not a right time to go with ISE as it doesn’t natively support TACACS+, we’ll need to use the ACS for that. Tacacs+ will be supported in ISE 2.0

ISE 2.0 its a WAY out, no timeline yet.

Jatin Katyal


- Do rate helpful posts -

~Jatin
minkumar
Beginner

Hi Josh,

Thats where Cisco is moving towards.. So you should replace ACS with  ISE, However Tacacs is not supported  on the  ISE, But Radius will have  Everything that ACS supports.

Regards

Minakshi (Do rate the helpful posts )

Content for Community-Ad