Table Of Contents
Cisco 1120 Secure Access Control Server Overview
System Description
Product Overview
Specifications for the CSACS 1120 Series Appliance
Product Serial Number Location
Cisco Product Identification Tool
Hardware Features
CSACS 1120 Appliance Front-Panel View
LEDs
CSACS 1120 Appliance Back-Panel View
LEDs
Input/Output Ports and Connectors
Ethernet Port (NIC 1 and NIC 2)
Serial (Console) Port
Environmental Monitoring
Overcurrent Protection (OCP)
Overvoltage Protection (OVP)
Overtemperature Protection (OTP)
Regulatory Compliance
Cisco 1120 Secure Access Control Server Overview
This chapter gives a functional overview of the Cisco 1120 Secure Access Control Server, hereafter referred to as CSACS 1120. This chapter covers the appliance hardware, major components, controls, connectors, and front- and rear-panel LED indicators.
This chapter contains:
•System Description
•Product Overview
•Hardware Features
•Environmental Monitoring
•Regulatory Compliance
System Description
The Cisco 1120 Secure Access Control Server (CSACS 1120) is a highly scalable, rack-mounted, dedicated platform that serves as a high-performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+). CSACS 1120 controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.
You use CSACS 1120 to control who can access the network, to authorize what types of network services are available for particular users or groups of users, and to keep an accounting record of all user actions in the network. The appliance supports access control and accounting for dial-up access servers, firewalls and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks (LANs and WLANs). In addition, you can use the same AAA framework, via TACACS+, to manage administrative roles and groups and to control how network administrators change, access, and configure the network internally.
CSACS 1120 provides almost the same set of features and functions as in the Cisco Secure ACS for Windows Server (the software product) in a dedicated, security hardened, application-specific, appliance packaging. CSACS 1120 includes additional features specific to operating and managing the ACS appliance.
To ensure a highly secure posture, CSACS 1120:
•Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix C, "Windows Service Advisement," for details on the hardening.)
•Does not support a keyboard or monitor.
•Does not provide access to its file system.
•Does not allow you to run arbitrary applications on it.
•Allows TCP/IP connections only via the ports necessary for its own operations.
Figure 1-1 shows the CSACS 1120 operating context.
Figure 1-1 CSACS 1120 Context Diagram
The administrative console in the context diagram represents any data terminal equipment (DTE) capable of supporting administrative connection via a serial port connection and is generally referred to as a console in this guide.
Product Overview
This section describes the power requirements, rack-mount hardware kit, and features of the CSACS 1120 Series appliance.
This section contains:
•Specifications for the CSACS 1120 Series Appliance
•Product Serial Number Location
•Cisco Product Identification Tool
Specifications for the CSACS 1120 Series Appliance
The CSACS 1120 Series appliance (see Figure 1-2) is contained in a standard shelf-rack enclosure. The appliance weighs from 15 lb (9.071 kg) to 33 lb (14.96 kg) depending on what options are installed in the appliance. It measures 1.69 inches high x 17 inches wide x 20 inches deep (4.29 cm x 43.18 cm x 50.80 cm). These dimensions do not include the rack handles.
Figure 1-2 Cisco 1120 Secure Access Control System Front View
The CSACS 1120 Series appliance is configured for AC-input power and has a single auto-ranging AC-input power supply, mounted in a standard 19-inch (48.3 cm), 4-post equipment rack (using the rack-mount brackets provided). The CSACS 1120 features include:
•Microprocessor—Intel Core 2 Duo 2.13-GHz processor with an 800-MHz front side bus (FSB) and 2 MB of Layer 2 cache.
•Four synchronous dynamic RAM (SDRAM) slots that support up to 4 GB.
•Support for up to 2 x 250-GB SATA hard drives.
•Two fixed RJ-45 10BASE-T/100BASE-TX/1000BASE-T network interface connectors (located on the rear panel).
•One slimline DVD-ROM drive (located on the front-panel).
•One DB-9 serial (console) port (located on the rear-panel).
•Front-to-rear airflow blowers using two 40-mm exhaust fans and ducting for the CPU and memory, two 40-mm exhaust fans built into the power supply, and one PCI exhaust fan.
•Expansion slot support—One PCI-X (located on the rear panel).
•Three USB 2.0 ports (two located on the rear panel, one on the front-panel).
•One PS/2 keyboard port (located on the rear panel).
•One PS/2 video monitor port (located on the rear panel).
•One DB-15 serial (video) port (located on the rear panel).
•Rear-access cabling.
•Four green, front-panel appliance LEDs:
–Power (indicates whether the power supply is operational).
–Hard disk drive activity (indicates whether the drive is functioning properly).
–Network Interface connector (NIC) 1 and NIC 2 activity (indicates whether interrupts or packet transfers are running).
For a description of the LEDs, see CSACS 1120 Appliance Front-Panel View.
•The CSACS 1120 appliance is normally shipped with a rack-mount hardware kit which includes either brackets or rails that allow the CSACS 1120 to be positioned in a 4-post equipment rack. For more information, see Chapter 3, "Installing the Cisco 1120 Secure Access Control System Hardware."
Note The rack-mount hardware kit does not include a 2-post equipment rack.
Product Serial Number Location
The serial number label is located on the front-panel of the CSACS 1120 Series appliance, at the lower Left. Figure 1-3 shows the location of this label.
Figure 1-3 CSACS 1120 Appliance Serial Number Location
Note The serial number for the CSACS 1120 Series appliance is 11 characters long.
Cisco Product Identification Tool
The Cisco Product Identification (CPI) tool helps you retrieve the serial number of your Cisco products.
Before you submit a request for service online or by phone, use the CPI tool to locate your product serial number. You can access this tool from the Cisco Support website.
To access this tool:
Step 1 Click the Get Tools & Resources link.
Step 2 Click the All Tools (A-Z) tab.
Step 3 Select Cisco Product Identification Tool from the alphabetical drop-down list.
This tool offers three search options:
•Search by product ID or model name.
•Browse for Cisco model.
•Copy and paste the output of the show command to identify the product.
Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before you place a service call.
You can access the CPI tool at:
http://tools.cisco.com/Support/CPI/index.do
To access the CPI tool, you require a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at:
http://tools.cisco.com/RPF/register/register.do
Hardware Features
This section describes the front- and rear-panel controls, ports, and LED indicators on the CSACS 1120 Series appliance.
This section contains:
•CSACS 1120 Appliance Front-Panel View
•CSACS 1120 Appliance Back-Panel View
•Input/Output Ports and Connectors
CSACS 1120 Appliance Front-Panel View
The front-panel of the CSACS 1120 Series appliance contains:
•USB 2.0 port
•Power button
•Various LEDs (appliance and NICs)
Figure 1-4 shows the components of the front-panel.
Figure 1-4 CSACS 1120 Series Appliance Front View
The following table describes the callouts in Figure 1-4.
1
|
USB port
|
4
|
Hard disk drive activity LED
|
2
|
Power button
|
5
|
NIC 1 LED
|
3
|
Appliance power LED
|
6
|
NIC 2 LED
|
LEDs
Table 1-1 describes the LEDs located on the front-panel of the CSACS 1120 Series appliance.
Table 1-1 Front-Panel LEDs
LED
|
Color
|
State
|
Description
|
Appliance power
|
Green
|
On
|
Power on
|
Green
|
Blinking
|
Sleep (standby)
|
Off
|
Off
|
Power off
|
Hard disk drive
|
Green
|
Random blinking
|
Hard disk drive activity
|
Off
|
Off
|
No hard disk drive activity
|
NIC 1 and NIC 2
|
Green
|
On
|
NIC link, no access
|
Green
|
Blinking
|
LAN access
|
Note Since ACS does not support Sleep (standby) mode, LED for Sleep (standby) is not applicable.
CSACS 1120 Appliance Back-Panel View
The back panel of the CSACS 1120 Series appliance contains:
•AC power connector
•Two PS/2 connectors (video monitor and keyboard)
•One serial (DB-9) connector
•One video connector
•Two NIC (RJ-45) ports
•Two USB 2.0 ports
•One PCI adapter card slot (expansion slot)
•NIC LEDs
Figure 1-5 shows the components of the back panel.
Note The locations of the rack-mounting brackets are also shown on the left and right sides of the appliance. (See Rack-Mounting Configuration Guidelines, page 3-1 for instructions on how to install the mounting brackets.)
Figure 1-5 CSACS 1120 Series Appliance Rear View
The following table describes the callouts in Figure 1-5
.
1
|
AC power receptacle
|
7
|
NIC 2 port LED (activity)
|
2
|
PS/2 connector (video monitor)
|
8
|
NIC 2 port LED (link)
|
3
|
PS/2 connector (keyboard)
|
9
|
Two USB 2.0 ports
|
4
|
Serial (EIA/TIA-232) console port
|
10
|
NIC 1 port (10/100/1000 Mb/s) or Ethernet 0
|
5
|
Video Graphics Array (VGA) port
|
11
|
PCI adapter card slot (expansion)
|
6
|
NIC 2 (10/100/1000 Mb/s) port or Ethernet 1
|
|
Note ACS must use only the NIC 1 port on the appliance. Using NIC 2 may lead to software configuration problems.
LEDs
The back panel of the CSACS 1120 Series appliance contains LEDs that indicate the connection activity and speed of the NIC ports. Figure 1-6 shows these LEDs.
Figure 1-6 NIC 1 and NIC 2 LEDs
Table 1-2 describes the activity and connection speed associated with each LED state.
Table 1-2 NIC 1 and NIC 2 LEDs
LED
|
Color
|
State
|
Description
|
Left (1)
|
—
|
Off
|
No network connection
|
Amber
|
Solid
|
Network connection
|
Amber
|
Blinking
|
Transmit/receive activity
|
Right (2)
|
—
|
Off
|
10-Mb/s connection (if left LED is on or blinking)
|
Amber
|
Solid
|
1000-Mb/s connection
|
Green
|
Solid
|
100-Mb/s (or 1-Gb/s) connection
|
Input/Output Ports and Connectors
The back panel of the CSACS 1120 Series appliance supports the following types of I/O connectors:
•Ethernet
•Serial
•Video monitor
•Keyboard
Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables. Statement 1021
Ethernet Port (NIC 1 and NIC 2)
The CSACS 1120 Series appliance comes with two integrated dual-port Ethernet controllers. These controllers provide an interface for connecting to 10-Mb/s, 100-Mb/s, or 1000-Mb/s networks and provide full-duplex (FDX) capability, which enables simultaneous transmission and reception of data on the Ethernet LAN.
To access the Ethernet port, connect a Category 3, 4, 5, 5E, or 6 unshielded twisted-pair (UTP) cable to the RJ-45 connector on the back of the appliance.
Table 1-3 describes the UTP cable Categories.
Table 1-3 Ethernet Cabling Guidelines
Type
|
Description
|
10BASE-T
|
EIA Categories 3, 4, or 5 UTP (2 or 4 pair) up to 328 ft (100 m)
|
100BASE-TX
|
EIA Category 5 UTP (2 pair) up to 328 ft (100 m)
|
1000BASE-T
|
EIA Category 6 UTP (recommended), Category 5E UTP or 5 UTP (2 pair) up to 328 ft (100 m)
|
Ethernet Port Connector
Figure 1-7 shows the Ethernet RJ-45 port and plug.
Figure 1-7 RJ-45 Port and Plug
Table 1-4 lists and describes the RJ-45 pin signals used on the connector.
Table 1-4 Ethernet Port Pinout
Ethernet Port Pin
|
Signal
|
Description
|
1
|
TxD+
|
Transmit data +
|
2
|
TxD-
|
Transmit data -
|
3
|
RxD+
|
Receive data +
|
4
|
Termination network
|
No connection
|
5
|
Termination network
|
No connection
|
6
|
RxD-
|
Receive data -
|
7
|
Termination network
|
No connection
|
8
|
Termination network
|
No connection
|
Serial (Console) Port
The CSACS 1120 Series appliance has one standard serial (console) port. Use the configuration or setup utility program to change the port address assignments.
Note The configuration or setup utility program is located in the CSACS 1120 Series appliance ROM and can be accessed through the serial (console) port.
Serial (Console) Port Connector
The CSACS 1120 Series appliance has one serial port connector located on the back panel of the appliance.
Figure 1-8 shows the pin number assignments for the 9-pin, male D-shell serial port connector located on the back panel of the appliance. These pin number assignments conform to industry standards.
Figure 1-8 Serial Port Connector
Table 1-5 lists and describes the serial (console) port pinout.
Table 1-5 DB-9 Serial (Console) Port Pinout
Serial Port Pin
|
Signal
|
Description
|
1
|
DCD
|
Carrier Detect
|
2
|
DSR
|
Data Set Ready
|
3
|
RXD
|
Receive Data
|
4
|
RTS
|
Request To Send
|
5
|
TXD
|
Transmit Data
|
6
|
CTS
|
Clear To Send
|
7
|
DTR
|
Data Terminal Ready
|
8
|
RI
|
Ring Indicator
|
9
|
GND
|
Ground
|
Environmental Monitoring
The CSACS 1120 Series appliance has protection circuits that monitor and detect overcurrent, overvoltage, and overtemperature conditions inside the appliance. If the power supply shuts down, or latches off, an AC cycle switches off for 15 seconds and switches on for 1 second to reset the power supply.
This section contains:
•Overcurrent Protection (OCP)
•Overvoltage Protection (OVP)
•Overtemperature Protection (OTP)
Overcurrent Protection (OCP)
The power supply shuts down and latches off after an overcurrent condition occurs. This latch is cleared by an AC power interruption.
Note The power supply will not be damaged from repeated power cycling.
Overvoltage Protection (OVP)
The power supply shuts down and latches off after an overvoltage condition occurs. This latch is cleared by an AC power interruption.
Overtemperature Protection (OTP)
The power supply is protected against overtemperature conditions caused by the loss of fan cooling or excessive ambient temperature. In an OTP condition, the power supply will shut down. When the power supply temperature drops to the rated safety limit, the power supply restores power automatically.
Regulatory Compliance
For regulatory compliance and safety information, see Regulatory Compliance and Safety Information for the Cisco 1120 Secure Access Control Server 4.2. This document is available online at Cisco.com:
For more information, see Obtaining Documentation and Submitting a Service Request, page -xv.