Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Cisco Secure Access Control Server for Windows 4.1


Cisco Secure ACS is a scalable, high-performance Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+) security server.It is the centralized control point for managing network users, network administrators, and network infrastructure resources. ACS provides a comprehensive identity-based network-access control solution. It extends network-access security by combining traditional authentication, authorization, and accounting (AAA) with policy control.

ACS supports a broad variety of Cisco and other network-access devices (NADs), also known as AAA clients:

  • Wired and wireless LAN switches and access points
  • Edge and core routers
  • Dialup and broadband terminators
  • Content and storage devices
  • Voice over IP (VoIP)
  • Firewalls
  • Virtual private networks (VPNs)


Cisco Secure ACS 4.1 release provides the following features:

  • Improved Compliance Support 
    • This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance.
      • Authentication: 
        • Forcing periodic change of administrator's password
        • Applying password structure policy
        • Forcing administrator's password change for inactive account
        • Preventing the reuse of password (password history)
        • Disabling administrator accounts for inactivity
        • Disabling administrator accounts after failed logins
        • Allowing ACS administrators to change own passwords
      • Audit and Reporting: 
        • Logging all administrative actions via Syslog, in addition to existing logging targets.
        • Controlling administrators' access to log file configuration in order to prevent the disablement of specific audit logging.
        • Adding new reports for administrators privileges
      • Authorization: 
        • Providing a read-only privilege for users and groups
  • External database support for MAC Authentication Bypass 
    • The ability to maintain MAC address lists in an external LDAP server; and map MAC addresses to user groups
  • Improved diagnostics and error messages 
    • Improved diagnostic information about certificate mismatches with HCAP and GAME servers have been added to this release. The raw dump of GAME and HCAP messages is in a readable format and the authentication failure codes are now more intuitive.
  • PEAP/EAP-TLS Support 
    • The authenticator side of PEAP/EAP-TLS as a protocol enhancement is included in this release. This permits ACS to authenticate clients with PEAP by using EAP-TLS as the phase two inner method, and enables certificate based authentication to occur within a secure tunnel, encrypting identity information.
  • Logging and Reporting Extensions 
    • New internal mechanisms for logging have been added to this release, to create consistent log levels and improved performance. Syslog is supported and the capability to log ACS messages to remote servers that support Syslog standard is available.
  • Multiple concurrent logging destinations 
    • Log data may be sent to multiple destinations simultaneously.
  • Enhanced remote agent support for logging 
    • User can expose reports externally that were previously provided only locally, for files from previous versions, for example, sending audit reports to remote agent on appliance.
  • RADIUS AES Key Wrap Functionality 
    • This feature supports a secure, certified mode of operation, notably in a Federal Information Processing Standard (FIPS)-compliant wireless solution. RADIUS Key Wrap support with EAP-TLS authentication in ACS, is another step towards satisfying the set of security requirements in Cisco's practical, deployable, and interoperable secure solutions. AES replaces MD5 encryption.
  • Cisco NAC support 
    • ACS 4.1 acts as a policy decision point in NAC deployments. By using configurable policies, it evaluates and validates the credentials that it receives from the Cisco Trust Agent (posture), determines the state of the host, and sends a per-user authorization to the network-access device: ACLs, a policy based access control list, or a private VLAN assignment.
  • Extended replication components 
    • Improved and enhanced replication components have been added to this release. Administrators now can replicate: 
      • Posture validation settings
      • Additional logging attributes
  • Audit support for MAC Authentication Bypass 
    • Audit processing has been enhanced to include MAC Authentication Bypass (MAB). MAB enables double checking an audit request against a MAC authentication policy and an Audit Policy, and combines the evaluation of these two policies.
  • Audit Verification of MAC Exceptions 
    • User can apply MAC exceptions to NAC audit requests. Dual verification of endpoints is then possible.
  • Japanese Microsoft Windows Support 
    • New support for the Japanese version of Microsoft Windows 2003 at the service pack level is available. Only ACS for Windows supports the Japanese version of Windows 2003. The ACS Solution Engine does not support the Japanese OS.