Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How would Cisco ACS 3.0.2 help in a Windows 2000 network?

We're building a new network from scratch in our building. The basic network setup is a Cat 4006 w/ Sup3 and 2950s on 5 other floors connected to 4006 via dual fiber. This would connect various groups into same physical (cabling) network, and from there on we'll VLAN w/ interVLAN routing. The win2k guys want a single forest with child domains, to be able to talk to each other in the grand scheme of Windows 2000. Here's the catch : a few exec will go between different floors because they hold positions at various groups, so port-based VLANs are a little crude in this situation. Unfortunately, I don't have enough time to evaluate ACS. From what I understand, it can connect to Active Directory in roder to lookup if users are legit. How does that actually work when a PC boots up and a user is presented with a logon prompt?

Thanx in advance.

  • Other Security Subjects
New Member

Re: How would Cisco ACS 3.0.2 help in a Windows 2000 network?

As I understand it you want to use ACS to do your LAN authentication through Active Directory ?

What is it your trying to accomplish ?

We have a very similar network setup and port based Vlans per floor is the way to go in my opinion. If your users are using WIN2K Pro or WIN XP they can move from VLAN to VLAN and get new addresses assigned on the fly. To do this you will need the L3 module for your 4006 or the daughter card on the SUP for inter VLAN routing. Windows Server does support multiple DHCP scopes and hands out the correct DHCP address for the VLAN you are in.

We don't use ACS in the manner I think you are suggesting. Primarily we use it as an authentication tool for remote users and for access to our network equipment.

New Member

Re: How would Cisco ACS 3.0.2 help in a Windows 2000 network?

Thanks for the reply. I just sort of wanted to see what other people use ACS for. It does make sense to manage Cisco devices through ACS, as we're going to have quite a few of them, and a number of admins.

Port-based VLANs would work just fine for 99% of the clients that we have, it's that 1% that I'm thinking of, because they are the ones that are the most important. Thanks anyway.