Cisco ACS Appliance

jfraasch · ‎07-31-2009

I am expected to install the Cisco ACS solution in a HA environment. These will be RedHat boxes that do not log onto any kind of Microsoft AD domain. They are very much isolated. I want to use the ACS to do 801.x for the switch points and system boot up. I also want to use them for logging into the routers and switches.

First, can this be done without AD?

Second, what kind of hardware is in the actual ACS Appliance Boxes? Customer is very concerned about using redundant Windows servers.

Third, do I need any kind of agent running on the RedHat boxes to authenticate workstations? I am guessing there is simply a service that I need to enable.

Any help is appreciated.

James

Robert.N.Barrett_2 · ‎08-04-2009

You need some sort of database for the users. That database can be Windows AD, a local database (stored on the appliance), LDAP, RSA, or another RADIUS server. For a small group, a local user database would be fine (the database can be replicated between ACS SE appliances for redundancy).

The appliance is proprietary Cisco hardware running a closed/hardened version of Windows Server 2003. You can only access the appliance via console serial port, web browser, and SSH/Telnet. There is no keyboard, mouse, monitor, etc.

Don't know about an agent, but if Red Hat includes an 802.1X supplicant with their OS, then you don't need anything else. Most current operating systems include 802.1X capabilities (Windows XP, Vista, 7, MAC OS X, etc.), so I'm guessing the Linux crowd with "enterprise" distribution does, too.