Cisco 3.3 User Manual

2-5

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 2 Deployment Considerations

Basic Deployment Requirements for Cisco Secure ACS

Note

We tested Cisco Secure ACS on computers that have only one
network interface card.

•

If you want to have Cisco Secure ACS use the “Grant Dial-in Permission to
User” feature in Windows when authorizing network users, this option must
be selected in the Windows User Manager or Active Directory Users and
Computers for the applicable user accounts.

Table 2-1

lists the ports that Cisco Secure ACS listens to for communications with

AAA clients, other Cisco Secure ACSes and applications, and web browsers.
Cisco Secure ACS uses other ports to communicate with external user databases;
however, it initiates those communications rather than listening to specific ports.
In some cases, these ports are configurable, such as with LDAP and RADIUS
token server databases. For more information about ports that a particular external
user database listens to, see the documentation for that database.

Table 2-1

Ports that Cisco Secure ACS Listens To

Feature/Protocol

UDP or TCP?

Ports

RADIUS authentication and authorization

UDP

1645, 1812

RADIUS accounting

UDP

1646, 1813

TACACS+

TCP

49

CiscoSecure Database Replication

TCP

2000

RDBMS Synchronization with
synchronization partners

TCP

2000

User-Changeable Password web application

TCP

2000

Logging

TCP

2001

Administrative HTTP port for new sessions

TCP

2002

Administrative HTTP port range

TCP

Configurable;
default 1024
through 65535