Cisco Secure Access Control Server Express

Cisco Secure ACS Express 5.0

  • Viewing Options

  • PDF (153.5 KB)
  • Feedback

Product Overview

Today's growing number of network-access methods, which increase the possibility of security breaches and uncontrolled user access, are becoming a top concern across service provider, enterprise, and commercial market segments. Security challenges exist not only at the perimeter but also inside a network. Identity networking solutions that provide mechanisms to control network access are of high interest to such customers.
Cisco ® Secure Access Control Server (ACS) is an industry-leading access control server that provides a comprehensive identity-based networking solution to enterprise customers for network access (wired, wireless, remote access) and device administration. Cisco ACS extends security to users, machines, and device administrators by providing authentication, authorization, and accounting (AAA) services through robust access policies. These policies defining AAA access are managed from a centralized, identity-based networking framework that gives enterprise networks greater flexibility, mobility, and security resulting in user productivity gains.
The Cisco ACS family of products introduces the new Cisco Secure ACS Express 5.0, which is intended for commercial (fewer than 350 users), retail, and enterprise branch office deployments. The product offers a comprehensive yet simplified feature set, a cutting-edge user-friendly GUI, and an attractive price point that allows customers to deploy this product in situations where Cisco Secure ACS for Windows or Cisco Secure ACS Solution Engine may not be suitable.
Cisco ACS Express is available as a 1-rack-unit (RU), security-hardened appliance with a preinstalled Cisco Secure ACS Express license. Cisco ACS Express supports a maximum of 50 AAA clients and 350 unique user logons in a 24-hour period.
Table 1 lists the supported features within Cisco Secure ACS Express 5.0.

Table 1. Supported Features

Key Feature


Supported Protocols


Cisco Secure ACS Express conforms to RFC 2138, 2284, 2865, 2866, 2867, and 2869.

Cisco Secure ACS Express supports the following:

• Authentication on old and new RADIUS ports
• Vendor-specific attributes (VSAs) from Cisco IOS ® Software/PIX ® devices, VPN concentrators, Cisco WLAN controllers, Aironet ® access points, and other IETF RADIUS-compliant Network Access Servers (NAS
• The definition of custom VSAs


Cisco Secure ACS Express supports privilege-level authorization and time of day (TOD), day of week (DOW) policies for TACACS+ users. Additionally, there is support for external databases such as Lightweight Directory Access Protocol (LDAP), Microsoft Active Directory, OTP servers (RADIUS and RSA native access) for TACACS+ requests.

Extensible Authentication Protocol (EAP)

Cisco Secure ACS Express supports the following EAP methods with a configurable order of negotiation:

• Protected EAP (PEAP) v0, v1
• EAP-Flexible Authentication through Secure Tunneling (EAP-FAST) v0
• Lightweight EAP (LEAP)
• Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)

Additionally, Cisco Secure ACS Express supports Password Authentication Protocol (PAP) and CHAP.


Credential source

Cisco Secure ACS Express supports the use of local database, external token server, LDAP, and Active Directory.

Machine authentication

Cisco Secure ACS Express supports Microsoft Windows machine authentication against Active Directory.


Group mapping

Cisco Secure ACS Express supports the mapping of external groups to determine entitlements for user or machine.

Time based

Cisco Secure ACS Express supports access based on time of day and day of week.

RADIUS response sets

Cisco Secure ACS Express supports the returning of RADIUS attribute/values in an authentication response based on group mapping and time-based conditions.

Shell privileges

Cisco Secure ACS Express supports the maximum privilege levels for device access.

Machine access restrictions

Cisco Secure ACS Express supports machine address restriction to mandate machine authentication as a prerequisite for successful user authentication.

RADIUS access services

RADIUS access services allow classification of access requests based either on the basis of device membership in a device group or on the basis of RADIUS attributes in the access request such as network location, protocol, or other RADIUS attributes sent by the device the user is connecting through.

High Availability

Configuration replication

Cisco Secure ACS Express supports high availability between an ACS Express pair.

This allows customers to achieve redundancy if one ACS Express server is unavailable from a network device point of view.


Web based

Administration and configuration of Cisco Secure ACS Express can be done remotely through HTTPS using a Web browser.


Provides a command-line interface (CLI) to remotely administer the server.

Additionally, the CLI provides a mechanism to export configurations that can be modified and imported back to the same Cisco Secure ACS Express or another Cisco Secure ACS Express in the network.

Administrator access control

Provides two-level access: administrators and operators; restricts operators to read-only access to specific pages.

Password policies

Conforms to password policies in the Cisco security baseline.
Supports password expiration, forced change, and lockout.

Password policy applies to administrator authentication to Cisco Secure ACS Express.


Supports RADIUS accounting logs, debug logs, and backup of the logs off the machine.


Provides usage reports.

Digital Certificate

Certificate generation

Supports addition of new Certificate Authority (CA) certificates and self-signed certificates

Certificate management

Supports management of the Certificate Revocation List (CRL)



Cisco Secure ACS Express is offered as a hardened appliance with the software preinstalled for deployment ease.

License limit

A maximum of 50 AAA clients.

A maximum of 350 unique user ID logons to AAA (through TACACS+ or RADIUS). The limit applies daily and is reset at 12 midnight.

Product Specifications

Cisco Secure ACS Express is available as a 1-rack-unit, security-hardened appliance with a preinstalled Cisco Secure ACS Express license. Table 2 lists the specifications of the Cisco Secure ACS Express appliance.

Table 2. Product Specifications

Key Feature



Processor (CPU)

Intel 352 Celeron D

Processors installed


Basic input/output system (BIOS) type

Flash memory


Memory Installed

1 GB

Hard Disk

Standard hard disk size

1 x 250 GB

Mean time between failure (MTBF) of hard drives

1.0 Mhours (40C)

Power-on hours

24 hours/7 days (70-80 percent duty cycle)

Optical Storage


1, front accessible (8X DVD read, 24X CD read)

Network Connectivity

Ethernet network interface card (NIC)

2 onboard 10/100/1000


2 RJ-45 connectors on back of server




Serial ports


USB 2.0 ports

3 (1 at front and 2 at back of chassis)

Keyboard port

1 PS/2

Mouse port

1 PS/2


Maximum power consumption

540W (maximum load, power supply rating)

Autoranging AC input


Policy feature card (PFC)


Input low range

90 to 127 (nominal) VAC; 47-63 Hz

Input high range

180 to 264 (nominal) VAC; 47-63 Hz


Air temperature - Server on

50 to 95°F (10 to 35°C)

Air temperature - Server off

-104 to 158°F (-40 to 70°C)


Server off: 95 percent, noncondensing at +30°C

Cooling system

3 fans installed (two are in the power supply)

2 blowers installed


Form factor

1-rack-mount unit


2-post, 4-post rack-mounting options available


15.0 lb (6.8 kg), base chassis


1.7 in. (43 mm)


16.9 in. (429 mm)


20.0 in. (508 mm) without bezel or mounting hardware


Cisco Secure ACS Express 5.0 will be orderable beginning October 12, 2007. Customers interested in purchasing this product can place orders through their normal sales channels.

Ordering Information

Table 3 lists ordering information. To place an order, visit the Cisco Ordering Homepage.

Table 3. Ordering Information for Cisco Secure ACS

Product Name

Part Number

Cisco Secure Access Control Server Express 5.0


Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services.

For More Information

For more information about the Cisco Secure ACS product family, including the user guide and release notes, please visit
For information about Cisco Secure Access Control Server Express, please visit, contact your local account representative, or send an e-mail to the product marketing group at