Cisco ACS

Unanswered Question
May 5th, 2010

Currently we use debian radius to authentice users. We have about 15000 users (wired, wireless and VPN remote users).

Does any one know how many users can ACS support? and how does Cisco charge for user licenses?

Also, is it compatible with Windows active directory?

How does your system authenticate users? Is it feasible with ACS? Is ACS the right product? Are there any other product which support this?

Thanks for your input.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Wed, 05/05/2010 - 03:41


It all depends on the deployment methods you choose when you install your ACS.

ACS can easily be integrated with your AD for authentication purpose but you need a separate middleware called remote agents if you make use of ACS appliance instead of ACS application on a Windows server.

You can integrate all your device authentication / Wireless authentications to the ACS which in turn can pick all the details from the AD server farms.

do refer the below link for more info.


after1111 Wed, 05/05/2010 - 10:22

From what I know, ACS isprimarily use for user authentication to network devices?

I dont have a clear picture of how ACS interact with microsoft Active Directory LDAP, my understanding is that, when user request network access, it then direct to ACS server, ACS then direct to Active Directory and search for user attributes, so basically ACS use as a hub between end-users and LDAP.

Pls correct me if I'm wrong,


darpotter Wed, 05/05/2010 - 11:34

ACS will only grab the user's group memberships from LDAP or AD in order to run an internal group mapping. In ACS you create a group structure that is relevant for network access (ie stuff like ACLs, access restrictions etc) rather than pull stuff out of AD.


This Discussion