C!sc0 Secure Access Control Server (ACS) is a powerful tool that allows network administrators to centrally manage AAA (authentication, authorization, and accounting) on a wide range of C!sc0 devices. You can deploy an ACS server in a standalone configuration or in a redundant topology. In order to provide failover capability, two or more ACS machines share database components at preconfigured times. AAA clients, such as routers, switches, and firewalls, must list two or more ACS servers in their configuration in order to benefit from a redundant implementation. An administrator need only make changes to the primary ACS server. A configured secondary ACS server receives database information through manual or automatic database replication.
AAA clients attempt to communicate with the first ACS server listed in their configuration. If a client cannot reach this server after a specified amount of time, it attempts to communicate with the second ACS server listed in its configuration. You cannot force a client to attempt to communicate with the second server first. If the AAA client receives a response from the first server, it will not attempt to communicate with the second server.
C!sc0 Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements. By integrating with your other access control systems, it helps improve productivity and contain costs. It supports multiple scenarios simultaneously, including:
* Device administration: Authenticates administrators, authorizes commands, and provides an audit trail
* Remote Access: Works with VPN and other remote network access devices to enforce access policies
* Wireless: Authenticates and authorizes wireless users and hosts and enforces wireless-specific policies
* Network admission control: Communicates with posture and audit servers to enforce admission control policies
C!sc0 Secure ACS lets you centrally manage access to network resources for a growing variety of access types, devices, and user groups. These key features address the current complexities of network access control:
* Support for a range of protocols including Extensible Authentication Protocol (EAP) and non-EAP protocols provides the flexibility to meet all your authentication requirements
* Integration with Cisco products for device administration access control allows for centralized control and auditing of administrative actions
* Support for external databases, posture brokers, and audit servers centralizes access policy control and lets you integrate identity and access control systems
Scenario I uses this network configuration: