Cisco Secure Access Control Server 4.2 for Windows
PDF(186.9 KB) View with Adobe Reader on a variety of devices
Updated:Feb 25, 2008
® Secure Access Control Server (ACS) for Windows is an industry-leading, highly scalable access policy platform that supports comprehensive, identity-based network access control. Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios including wireless LAN, 802.1x wired, and remote access. Cisco Secure ACS is the leading authentication, authorization, and accounting (AAA) platform in the market and is deployed by 90 percent of the top 500 Cisco customers.
Cisco Secure ACS is available as the Cisco Secure ACS for Windows software kit or as Cisco Secure ACS Solution Engine - a 1-rack-unit (1RU), security-hardened appliance with a preinstalled Cisco Secure ACS license. For more information on Cisco Secure ACS Solution Engine 4.2, please refer to the data sheet and the product bulletin at:
Cisco Secure ACS 4.2 for Windows includes the following new features:
– EAP-Flexible Authentication via Secure Tunneling (FAST) enhancement for anonymous Transport Layer Security (TLS) renegotiation: ACS allows an anonymous TLS handshake between the end-user client and ACS.
– EAP-FAST enhancement for invalid Protected Access Credentials (PAC): ACS provides an option to run EAP-FAST without issuing or accepting any tunnel or machine PAC when an invalid PAC is received.
– EAP-TLS with no PAC and no Active Directory processing: ACS supports EAP-FAST tunnel establishment without PAC and without client certificate lookup.
• Group filtering at the Network Access Profile (NAP) level with Lightweight Directory Access Protocol (LDAP): When using LDAP to query an external user data store, ACS capabilities have been extended to allow group filtering at the NAP level. Depending on the user's external database group membership, ACS can either reject or accept access to the network based on the group filtering settings.
• RSA authentication with LDAP group mapping: ACS can authenticate with RSA and at the same time perform group mapping with LDAP. This option allows ACS to control authorization based on a user's LDAP group membership.
• Active Directory multiforest support: ACS supports authentication in a multiforest environment.
• Time-based restrictions: ACS administrators may configure a user to be in an alternative group for a restricted period of time.
• Relational database management system (RDBMS) synchronization enhancements: ACS has programmatic interface additions for downloadable ACL synchronization. ACS for Windows also now supports comma-separated value (CSV)-based RDBMS synchronization.
• NetBIOS disabling: ACS for Windows allows NetBIOS to be disabled on the server it is running on.
Cisco Secure ACS 4.2 for Windows will be available as a software upgrade to existing Cisco Secure ACS for Windows customers.
Cisco Secure ACS 4.0 and 4.1 customers with Cisco Software Application Support (SAS) can go to the product upgrade tool at
http://www.cisco.com/upgrade and request the service release kit for Cisco Secure ACS 4.2 for Windows. Cisco Secure ACS 4.0 and 4.1 customers without SAS should order part number CSACS4.2-WIN-MR-K9. Customers with earlier versions of Cisco Secure ACS for Windows should order part number CSACS-4.2-WINUP-K9.
New customers should order product number CSACS-4.2-WIN-K9.
Cisco Secure ACS 4.2 for Windows will be available beginning February 29, 2008. Customers interested in purchasing this product can place orders through their normal sales channels.
Table 1 gives ordering information for Cisco Secure ACS 4.2 for Windows.
Table 1. Ordering Information for Cisco Secure ACS 4.2 for Windows
Cisco Secure ACS 4.2 for Windows
Upgrade to Cisco Secure ACS 4.2 for Windows from versions earlier than 4.0
Upgrade to Cisco Secure ACS 4.2 for Windows from version 4.0 or 4.1
For More Information
For more information about Cisco Secure Access Control Server, visit
http://www.cisco.com/go/acs or contact your local account representative.