Chapter 2 Deploy the Access Control Servers

Determining the Deployment Architecture

EAP-TLS—Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). EAP-TLS uses the TLS protocol (RFC 2246), which is the latest version of the Secure Socket Layer (SSL) protocol from the IETF. TLS provides a way to use certificates for user and server authentication and for dynamic session key generation.

PEAP— Protected Extensible Authentication Protocol (PEAP) is an 802.1x authentication type for wireless LANs (WLANs). PEAP provides strong security, user database extensibility, and support for one-time token authentication and password change or aging. PEAP is based on an Internet Draft that Cisco Systems, Microsoft, and RSA Security submitted to the IETF.

Small LAN Environment

In a small LAN environment (a LAN containing up to 3,000 users; see Figure 2-1), a single ACS is usually located close to the switch and behind a firewall. In this environment, the user database is usually small because few switches require access to ACS for AAA, and the workload is small enough to require only a single ACS.

However, you should still deploy a second ACS server for redundancy, and set up the second ACS server as a replication partner to the primary server; because, losing the ACS would prevent users from gaining access to the network. In Figure 2-1, an Internet connection via firewall and router are included because these are likely to be features of such a network; but, they are not strictly related to the Cisco Catalyst AAA setup or required as part of it.

You should also limit access to the system hosting the ACS to as small a number of users and devices as necessary. As shown in Figure 2-1, you set access by connecting the ACS host to a private LAN segment on the firewall. Access to this segment is limited only to the Cisco Catalyst Switch client and those user machines that require HTTP access to the ACS for administrative purposes. Users should not be aware that the ACS is part of the network.

Figure 2-1 ACS Server in a Small LAN Environment

Catalyst 2900/3500

Switch

Firewall

Cisco Secure ACS

Campus LAN

Internet

158316

You can use ACS for wired access in a campus LAN. A campus LAN is typically divided into subnets. Figure 2-2shows an ACS deployment in a wired campus LAN.

Configuration Guide for Cisco Secure ACS 4.2

 

OL-14390-02

2-3

 

 

 

Page 23
Image 23
Cisco Systems 4.2 manual Small LAN Environment, Campus LAN

4.2 specifications

Cisco Systems, a global leader in IT and networking solutions, has consistently evolved to meet the demands of modern enterprises. One of its noteworthy offerings is Cisco Systems 4.2, a version that embodies a significant leap in networking technology and capability. With its rich set of features, Cisco Systems 4.2 caters to a wide range of industries, facilitating enhanced performance and security.

One of the main features of Cisco Systems 4.2 is its improved scalability. The architecture has been designed to support an ever-increasing number of devices and users, making it ideal for growing enterprises. The enhanced scalability allows organizations to expand their network capacities without compromising performance, ensuring seamless integration of new technologies and devices.

Another critical aspect of Cisco Systems 4.2 is its advanced security protocols. With cyber threats constantly evolving, Cisco prioritizes security in this version by offering robust features such as end-to-end encryption, improved firewall capabilities, and enhanced intrusion detection systems. These security enhancements provide organizations with peace of mind, knowing that their sensitive data and networks are well-protected from unauthorized access and potential threats.

Cisco Systems 4.2 also introduces intelligent automation features, which significantly streamline network management. Through the use of artificial intelligence and machine learning, Cisco enables organizations to automate routine tasks, reduce human error, and optimize performance. This automation not only enhances efficiency but also allows IT teams to focus on strategic initiatives rather than day-to-day maintenance.

Moreover, Cisco Systems 4.2 emphasizes infrastructure flexibility. The new architecture supports various deployment models, including on-premises, cloud, and hybrid environments. This flexibility enables organizations to adapt their networking strategies according to their specific needs and operational requirements, facilitating a more tailored approach to IT infrastructure.

Collaboration tools have also been enhanced in this version. Cisco Systems 4.2 integrates advanced communication solutions that empower teams to collaborate in real time, regardless of their geographical location. Features such as high-definition video conferencing, secure messaging, and file sharing enhance productivity and foster innovation across teams.

In summary, Cisco Systems 4.2 stands out as a forward-thinking networking solution with key features such as scalability, advanced security, intelligent automation, flexible infrastructure, and enhanced collaboration tools. These characteristics position Cisco Systems 4.2 as an invaluable asset for enterprises striving for digital transformation in an increasingly interconnected world. The ongoing innovation reflects Cisco's commitment to delivering cutting-edge technology solutions that drive business success and resilience.