Who should attend
The primary audience for this course is as follows:
- Security professionals, Security Architects, Security Engineers, and Network administrators responsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities.
The secondary audience for this course is as follows:
- Cisco channel partners who sell, implement, and maintain Cisco ACS Solutions
- Cisco engineers who support the sale of Cisco ACS solutions
The knowledge and skills that a learner must have before attending this course are as follows:
- Cisco Certified Network Associate (CCNA) certification or the equivalent in knowledge and experience.
- Working knowledge of the Microsoft Windows operating system.
Though not mandatory, students should also attend:
- Implementing Cisco IOS Network Security (IINS) certification or the equivalent in knowledge and experience.
This course teaches students how to provide secure access to network resources using the Cisco® Secure Access Control System (ACS) 5.2, interoperating with security features in Cisco’s IOS® Software. Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication, to restrict user access to networks, services, and devices; authorization, to restrict the functions users can perform on services and devices; and ac-counting, to track the activities of users. The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed restrictions. The course includes hands-on labs to provide personal experience in configuring Cisco ACS and Cisco network devices.
Students attending this course will be exposed to designing, implementing and troubleshooting “Triple A” services (authentication, authorization and accounting services) using Cisco’s ACS and IOS technology. The benefits of this course are to be found in its real-world approach, putting the students in the shoes of the consultant implementing these services. By the end of the course, students will feel like they didn’t just take a class, they participated in the design, deployment and management of an ACS 5.2 solution. Many engineers will benefit from this course when they use the implementation plan and checklists included in this course during their own projects.
Upon completing the ACS 5.2 Course, you will be able to meet these overall objectives:
- Understand how the RADIUS and TACACS+ protocols operate and what purpose they serve
- Be familiar with all present ACS Solutions, including ACS Express, ACS Enterprise, ACS on VMware and Appliances like the CSACS-1120 Series and CSACS-1121 Series Appliances
- Main Components of ACS
- How to install ACS 5.2
- How to use a Setup Script
- How Licensing works with the ACS
- Understand how Attributes, Value Types and Predefined Values are used
- The different types of AAA Clients and how they access Network Resources and AAA Clients
- How to work with a Local Identity Store & Identity Store Sequence
- Understand Users and Identity Stores
- Configure an External Identity Store with LDAP
- The fundamentals of LDAP
- How to setup LDAP SSL
- How to set up an External Identity Store with Active Directory
- How to perform Authentication – Command Authorization – Accounting with TACACS
- How to monitor and Troubleshoot ACS (AAA with TACACS+)
- Replacing digital certificates self-signed by ACS using a local Certificate Authority
- Introduction to IEEE 802.1x and EAP – Extensible Authentication Protocol
- 802.1x and Windows XP
- Single Host Authentication
- 802.1x – Single Host Authentication
- 802.1x Troubleshooting