Guest

Cisco Secure Access Control Server for Windows

Quick Installation Card: CiscoSecure ACS 2.4 for Windows NT Server

 Feedback

Table of Contents

Quick Installation Card
CiscoSecure ACS 2.4 for Windows NT Server

Installing the Software
Configuring the NAS
Completing Setup
Starting CiscoSecure ACS

Quick Installation Card
CiscoSecure ACS 2.4 for Windows NT Server



Note:      Make sure you have already followed the instructions on the Read Me First: CiscoSecure ACS 2.4 for Windows NT Server Getting Started card.



Caution If you have an earlier version of CiscoSecure ACS installed, back up your data to another machine before you install the new version. If you have any problems with the installation, run the Clean.exe file located on the CiscoSecure ACS CD-ROM as described in the readme file or release notes and re-run Setup.

Installing the Software


Note:      Close all Windows programs before you run Setup.


1. Log in as the local system administrator to the machine on which you are installing CiscoSecure ACS.


Note:      A new remote administrator can be created remotely as long as the current remote administrator is given the Administrator's control right.


2. Insert the CiscoSecure ACS CD-ROM into your CD-ROM drive. The Installation window opens.

3. Click Install. The Software License Agreement window opens.

4. Read the Software License Agreement; click Accept to agree to the licensing terms and conditions. The Welcome window opens.

5. Click Next. The Before You Begin window opens.

6. Verify that each condition is met, then click the check box for each item. Click Next. (Click Explain for more information on the listed items. If any condition is not met, click Cancel to exit Setup.) If this is a new installation, skip to Step 9.

7. (Optional) If CiscoSecure ACS is already installed, the Previous Installation window opens. Setup asks if you want to remove the previous version and save the existing database information. To keep the existing data, click:

Yes, keep existing database

To use a new database, clear the check box.

Click Next. If you checked the check box, Setup backs up the existing configuration. Setup removes the old files. When the files are removed, click OK.

8. If Setup finds an existing configuration, it asks if you want to import the configuration. To keep the existing configuration, click:

Yes, import configuration

To use a new configuration, clear the check box.

Click Next.

9. The Choose Destination Location window opens. To install the software in the default directory, click Next. To use a different directory, click Browse and enter the directory to use. If the directory does not exist, setup asks if you want to create it. Click Yes. The Authentication Database Configuration window opens.

10. Click the option button(s) for the authentication database(s) to be used by CiscoSecure:

­ Check the CiscoSecure ACS Database only (default)

­ Also check the Windows NT User Database

If you select the first option, CiscoSecure ACS will use only the CiscoSecure ACS database for authentication; if you select the second option, CiscoSecure ACS will check both databases.

11. (Optional) To limit dial-in access to only those users you specified in the Windows NT User Manager, click:

Yes, reference "Grant dialin permission to user" setting

Click Next. The Network Access Server Details window opens.

12. Complete the following information. (Review the Before You Start: CiscoSecure ACS 2.4 for Windows NT Server Getting Started quick reference card.)

­ Authenticate Users Using—Type of security protocol to be used. TACACS+ (Cisco) is the default.

­ Access Server Name—Name of the NAS that will be using the CiscoSecure ACS services.

­ Access Server IP Address—IP address of the NAS that will be using the CiscoSecure ACS services.

­ Windows NT Server IP Address—IP address of this Windows NT server.

­ TACACS+ or RADIUS Key—Shared secret of the NAS and CiscoSecure ACS. These passwords must be identical to ensure proper function and communication between the NAS and CiscoSecure ACS. Shared secrets are case sensitive.

Setup installs the CiscoSecure ACS files and updates the Registry.

13. Click Next. The Interface Configuration window opens. The Interface Configuration options are disabled by default. Click the check box to enable any or all of the options listed.


Note:      Configuration options for these items are displayed in the CiscoSecure ACS interface only if they are enabled. You can disable or enable any or all of these and additional options after installation in the Interface Configuration: Advanced Options window.


14. Click Next. The Active Service Monitoring window opens. To enable the CiscoSecure ACS monitoring service, CSMon, check the Enable Log-in Monitoring check box, then select the script to execute when the login process fails the test:

  • No Remedial Action—Leave CiscoSecure ACS operating as-is
  • Reboot—Reboot the system on which CiscoSecure ACS is running
  • Restart All—(default) Restart all CiscoSecure ACS services
  • Restart RADIUS/TACACS+—Restart only the RADIUS and/or TACACS+ protocol

You can also develop your own scripts to be executed if there is a system failure. See the Online Documentation for more information.

To have CiscoSecure ACS generate an e-mail message when administrator events occur, check the Enable Mail Notifications check box, then enter the following information:

­ SMTP Mail Server—Enter the name and domain of the sending mail server; for example, server1.company.com

­ Mail account to notify—Enter the complete e-mail address of the intended recipient; for example, msmith@company.com

15. Click Next. The CiscoSecure ACS Service Initiation window opens. If you do not want to configure a NAS from Setup, click Next. and skip to the "Completing Setup" section.

To configure a single NAS now, click:

Yes, I want to configure Cisco IOS now

Click Next.

Configuring the NAS

1. If you selected Yes, I want to configure Cisco IOS now, the Enable Secret Password window opens. Enter an optional Enable Secret password that can be used in addition to the Enable password. Click Next. The Access Server Configuration window opens.

2. Click Next. The NAS Configuration window opens. Review the information in the scrolling window. This information is the minimum Cisco IOS AAA configuration requirement for the NAS.

3. Select one of the following options:

­ Click Telnet Now? to Telnet to the IP address that you entered in the NAS Details window. The NAS configuration is automatically copied to the clipboard and can be pasted directly into the NAS configuration file. See your Cisco IOS documentation for more information.

­ Click Print to make a copy of the sample configuration. Review the printed copy before you Telnet to the NAS.

­ Click Next to continue without configuring a NAS.

Completing Setup

1. The CiscoSecure ACS Service Initiation window opens. Check one or more of the following options:

­ Yes, I want to start the CiscoSecure ACS Service now


Note:      The service must be running to access the CiscoSecure ACS web-based interface.


­ Yes, I want Setup to launch the CiscoSecure ACS Administrator from my browser following installation

­ Yes, I want to view the readme file


Note:      The readme file contains additional important information.


2. Click Next. The Setup Complete window opens.

3. Click Finish. Installation of CiscoSecure ACS is complete. An icon labeled ACS Admin is created on the Windows NT desktop. This is a shortcut to the CiscoSecure ACS program associated with your browser. If you selected the "launch" option in Step 1, your browser launches and CiscoSecure ACS opens. If you selected the "readme" option in Step 1, the readme file opens.

Starting CiscoSecure ACS

To start CiscoSecure ACS, double-click the ACS Admin icon to launch a browser with the URL for ACS Admin, or enter:

http://IP address:2002

For example:

http://172.16.0.1:2002


Note:      Each remote administrator must have remote administration access permission.