Specifications

ManualsBrandsCisco ManualsComputer equipmentRSP4+ Bootflash Memory Upgrade to 16MB MEM-16F-RSP4+=

141

142

143

144

145

146

147

148

149

150

Chapter 5 VPN and Security

5-11

Cisco Secure Access Control Server (ACS) for Windows

When to Sell

Key Features

• Cisco NAC support—Using policies that you configure, it evaluates the credentials

sent to it by Cisco Trust Agent, determines the state of the host, and sends the AAA

client ACLs that are appropriate to the host state; records the results of policy

evaluation for use with your monitoring system

• Supports the new, publicly accessible IEEE 802.1X EAP type developed by Cisco to

support customers who cannot enforce a strong password policy and who wish to

deploy an 802.1X EAP; Does not require digital certificates, and supports a variety of

user and password database types, password expiration and change, and is flexible,

easy to deploy, and easy to manage

• Downloadable IP access control lists (ACLs)—Extends per-user ACL support to any

Layer 3 network device that supports this feature; Allows for custom defined sets of

ACLs that can be applied per user or per group

• Certification Revocation List (CRL) comparison for EAP-Transport Layer Security

(TLS) authentication—Adds support for certificate revocation using the X.509 CRL

profile; Cisco Secure ACS fails the authentication and denies access to the user if the

certificate presented by the user during an EAP-TLS authentication is present in the

retrieved CRL

• Machine Access Restrictions (MARs) that complement 802.1X machine

authentication—Ability to use MARs to control authorization of EAP-TLS and

Microsoft Protected Extensible Authentication Protocol (PEAP) users who

authenticate with a Windows external user database

• Network access filtering (NAF) as a new shared profile component—Introduces

granular application of network access restrictions and downloadable ACLs, both of

which previously supported only the use of the same access restrictions or ACLs to all

devices

• Allows replication of the user and group databases separately

Competitive Products

Specifications

Sell This Product When a Customer Needs These Features

Cisco Secure Access

Control Server (ACS)

for Windows

• Centrally manage who can log in to the network from wired or wireless connections

• Privileges each user has in the network

• Accounting information recorded in terms of security audits or account billing

• What access and command controls are enabled for each configuration administrator

• Virtual VSA for Aironet rekey

• Secure server authentication and encryption

• Simplified firewall access and control through Dynamic Port Assignment

• Same User AAA services

• Funk: Steel Belted RADIUS

• Lucent/Avaya: Security Management Server (LSMS)

• Nortel: Preside RADIUS Server (OEM of Funk product)

Feature Cisco Secure Access Control Server (ACS) for Windows

Hardware

• Pentium processor, 550 MHz or faster

• 256 MB RAM

• 250 MB free disk space, more if you are running your database on the same device

• Minimum resolution of 800 x 600 with 256 colors