cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

822
Views
5
Helpful
3
Replies
Highlighted
Frequent Contributor

TACACS solution overview

Hi guys,

We need a centralised solution for device authentication (routers&switches) and we opt to use TACACS.

Except ACS 5.x is there any other tool you can recommend for this requirement?

 

Second: equipment are spread both on EU, North America and Asia; how can I tackle this? Install two instances one in EU and one in NA?

 

Many thanks,

Florin.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Contributor

Cisco ACS is a tried and true solution for centralized router and switch authentication. I would install one TACACS server as your primary and replicate it to a secondary. I would do this with virtual machines for ease of maintenance and support.

As to whether or not you install a TACACS solution on each continent you support, you could justify this depending upon how many devices there are in each part of the world.

Hope this helps you make an informed decision:

"With the Base license, a Cisco Secure ACS 5.5 appliance or software virtual machine can support the deployment of up to 500 network devices. These are authentication, authorization, and accounting (AAA) clients. The number of network devices is based on how many unique IP addresses are configured. The 500-device limit is not a limit for each individual appliance or instance, but a deployment-wide limit that applies to a set of Cisco Secure ACS instances (primary and secondary) that are configured for replication."
-Paul

View solution in original post

3 REPLIES 3
Highlighted
Contributor

Cisco ACS is a tried and true solution for centralized router and switch authentication. I would install one TACACS server as your primary and replicate it to a secondary. I would do this with virtual machines for ease of maintenance and support.

As to whether or not you install a TACACS solution on each continent you support, you could justify this depending upon how many devices there are in each part of the world.

Hope this helps you make an informed decision:

"With the Base license, a Cisco Secure ACS 5.5 appliance or software virtual machine can support the deployment of up to 500 network devices. These are authentication, authorization, and accounting (AAA) clients. The number of network devices is based on how many unique IP addresses are configured. The 500-device limit is not a limit for each individual appliance or instance, but a deployment-wide limit that applies to a set of Cisco Secure ACS instances (primary and secondary) that are configured for replication."
-Paul

View solution in original post

Highlighted

Hi mate,

Thanks for the input. I am not familiar with ACS, so your answer is very helpful.

I will start with ACS on North America and try routing most of the traffic over MPLS for using it in EU or AS. Based on the outcome we will decide if a second deployment is needed.

 

Nevertheless I would really want to know what other options do I have.

How is the ACS 5.x, except the recent polished GUI?

I am really interested in the functionalities and trying to avoid buying&deploying from scratch an OLD dusty product (if the case).

Highlighted

We have been using it for years with few complaints to mention. The ACS 5.x does have a polished GUI and the ability to install it on a VM. It was rebuilt entirely in version 5.x so you need not worry about buying an "old dusty product."

The reporting functionality is also greatly improved in version 5.x compared with 3.x of 4.x. It's robust and easy to use.

Take a look at Juniper if you want something to compare Cisco ACS with. Hope this helps.

 

Content for Community-Ad