I am expected to install the Cisco ACS solution in a HA environment. These will be RedHat boxes that do not log onto any kind of Microsoft AD domain. They are very much isolated. I want to use the ACS to do 801.x for the switch points and system boot up. I also want to use them for logging into the routers and switches.
First, can this be done without AD?
Second, what kind of hardware is in the actual ACS Appliance Boxes? Customer is very concerned about using redundant Windows servers.
Third, do I need any kind of agent running on the RedHat boxes to authenticate workstations? I am guessing there is simply a service that I need to enable.
You need some sort of database for the users. That database can be Windows AD, a local database (stored on the appliance), LDAP, RSA, or another RADIUS server. For a small group, a local user database would be fine (the database can be replicated between ACS SE appliances for redundancy).
The appliance is proprietary Cisco hardware running a closed/hardened version of Windows Server 2003. You can only access the appliance via console serial port, web browser, and SSH/Telnet. There is no keyboard, mouse, monitor, etc.
Don't know about an agent, but if Red Hat includes an 802.1X supplicant with their OS, then you don't need anything else. Most current operating systems include 802.1X capabilities (Windows XP, Vista, 7, MAC OS X, etc.), so I'm guessing the Linux crowd with "enterprise" distribution does, too.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :