The ciscosecure acs paradigm, The cisco secure acs paradigm – Cisco 3.3 User Manual

Chapter 1 Overview

The Cisco Secure ACS Paradigm

1-2

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

–

Accessing the HTML Interface, page 1-32

–

Logging Off the HTML Interface, page 1-33

–

Online Help and Online Documentation, page 1-33

The Cisco Secure ACS Paradigm

Cisco Secure ACS provides authentication, authorization, and accounting
(AAA—pronounced “triple A”) services to network devices that function as AAA
clients, such as a network access server, PIX Firewall, or router. The AAA client
in

Figure 1-1

represents any such device that provides AAA client functionality

and uses one of the AAA protocols supported by Cisco Secure ACS.

Figure 1-1

A Simple AAA Scenario

Cisco Secure ACS centralizes access control and accounting, in addition to router
and switch access management. With Cisco Secure ACS, network administrators
can quickly administer accounts and globally change levels of service offerings
for entire groups of users. Although the external user database shown in

Figure 1-1

is optional, support for many popular user repository implementations

enables companies to put to use the working knowledge gained from and the
investment already made in building their corporate user repositories.

Cisco Secure ACS supports Cisco AAA clients such as the Cisco 2509, 2511,
3620, 3640, AS5200 and AS5300, AS5800, the Cisco PIX Firewall, Cisco
Aironet Access Point wireless networking devices, Cisco VPN 3000
Concentrators, and Cisco VPN 5000 Concentrators. It also supports third-party
devices that can be configured with the Terminal Access Controller Access
Control System (TACACS+) or the Remote Access Dial-In User Service
(RADIUS) protocol. Cisco Secure ACS treats all such devices as AAA clients.
Cisco Secure ACS uses the TACACS+ and RADIUS protocols to provide AAA

67472

End-user client

AAA client

Cisco Secure
Access Control Server

External user
database