Guest

Cisco Secure Access Control Server for Windows

Supported and Interoperable Devices and Software Tables for Cisco Secure ACS for Windows Server version 3.2

 Feedback

Table Of Contents

Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS for Windows Server version 3.2


Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS for Windows Server version 3.2


Revised: March 18, 2004

Because the number of devices that Cisco Secure ACS for Windows Server version 3.2 interoperates with runs into the hundreds, this device list differs significantly from those of other Cisco products with which you may be familiar. This document lists supported devices and software, that is, those that we have tested against. However, this document also lists devices and software programs that are, to the best of our knowledge, interoperable. Of the hundreds of devices and software programs that Cisco Secure ACS for Windows Server version 3.2 interoperates with, Cisco only officially supports those that have been tested.

For details regarding other limitations and known problems see the Release Notes for Cisco Secure Access Control Server for Windows Server Version 3.2.

With regard to third-party RADIUS and TACACS+ clients, Cisco Secure ACS fully interoperates with devices that adhere to the governing protocols. Also note that support for RADIUS and TACACS+ functions depends on device-specific implementation. On a given device, TACACS+ may not be available for user authentication and authorization. Likewise, RADIUS may not be available for administrative authentication and authorization.

For RADIUS these include the following RFCs:

RFC 2138—Remote Authentication Dial In User Service (RADIUS)

RFC 2139—RADIUS Accounting

RFC 2865—Remote Authentication Dial In User Service (RADIUS)

RFC 2866—RADIUS Accounting

RFC 2867—RADIUS Accounting for Tunnel Protocol Support

RFC 2868—RADIUS Attributes for Tunnel Protocol Support

RFC 2869—RADIUS Extensions

For details regarding the implementation of vendor-specific attributes (VSAs) see your Cisco Secure ACS user guide.

Cisco Secure ACS conforms to the TACACS+ protocol as defined by Cisco Systems in draft 1.77.

The following tables show the devices and software that Cisco Secure ACS supports or with which it interoperates:

Table 1, Web Browsers

Table 2, Device Operating Systems

Table 3, Routers

Table 4, Access Devices/Universal Gateways

Table 5, Cable Devices

Table 6, Content Networking Devices

Table 7, Security and VPN Devices

Table 8, Storage Networking Devices

Table 9, Switches

Table 10, Cisco Aironet Software (Access Points for Wireless LAN)

Table 11, CiscoWorks VMS

Table 12, PKI/Certificate Servers

Table 13, Token Servers

Table 14, LDAP Servers

Table 15, User Databases

Table 16, Proxy Support

You can find information about new device support at Cisco.com, http://www.cisco.com.

To ensure full capabilities, the clients you deploy to interoperate with Cisco Secure ACS should use the most recent operating systems available. Nonetheless, Table 2, Device Operating Systems provides details on the minimum acceptable client operating system versions.

Table 1 Web Browsers1

Program
Versions
Notes

Microsoft Internet Explorer

Version 6.0 with Service Pack 1 for Microsoft Windows—English Language version

Tested

Netscape Communicator

Version 7.0 for Microsoft Windows—English Language version

Version 7.0 for Solaris 2.7- English Language version

Tested

Tested

1 To use a web browser to access the Cisco Secure ACS HTML interface, you must enable both Java and JavaScript in the browser. Also, you must disable HTTP proxy in the browser.


Table 2 Device Operating Systems

Operating System
Minimum Version
Notes

IOS

Version 11.2

For full RADIUS support

CAT OS

Version 7.2

Cisco products—and other third-party products that are RFC compliant—will work with ACS even when running earlier versions of CAT OS. However, full functionality, including the 802.1x VLAN assignment, is supported only when the listed version is used.


Table 3 Routers 

Series
Notes

Cisco 1400

End Of Life (EOL) Status

Cisco 1600

RADIUS and TACACS+ interoperability

Cisco 1700

Tested with IOS 12.2(8)

RADIUS and TACACS+ interoperability

Cisco 2500

EOL

Cisco 2600

RADIUS and TACACS+ interoperability

Cisco 3600

RADIUS and TACACS+ interoperability

Cisco 3700

Tested with IOS 12.2

RADIUS and TACACS+ interoperability

Cisco 7100

RADIUS and TACACS+ interoperability

Cisco 7200

Tested with IOS 12.2

RADIUS and TACACS+ interoperability

Cisco 7300

RADIUS and TACACS+ interoperability

Cisco7400

RADIUS and TACACS+ interoperability

Cisco 7500

RADIUS and TACACS+ interoperability

Cisco 10000

RADIUS interoperability

Cisco 10720

RADIUS and TACACS+ interoperability


Table 4 Access Devices/Universal Gateways 

Series
Notes

6400 Series

RADIUS and TACACS+ interoperability

AS5350 Series

RADIUS and TACACS+ interoperability

AS5400 Series

Tested with IOS12.2(7c)

RADIUS and TACACS+ interoperability

AS5850 Series

RADIUS and TACACS+ interoperability

DSL Series / 6015, 6100, 6130, 6160, 6260

RADIUS and TACACS+ interoperability

MGX Series / 8220, 8250, 8800, 8950

TACACS+ interoperability


Table 5 Cable Devices

Devices
Notes

uBR7100

Tested with IOS 12.2BC

RADIUS and TACACS+ interoperability

uBR7200

EOL

TACACS+ interoperability


Table 6 Content Networking Devices

Series / Devices
Notes

CE7300 / CE 7320

Tested with ACNS 4.2

RADIUS and TACACS+ interoperability

CDM4600 / CDM4630, CDM4650

RADIUS and TACACS+ interoperability

4400 Content Routers/ CR4430

Tested with ACNS 4.2

RADIUS and TACACS+ interoperability


Table 7 Security and VPN Devices

Series / Devices
Notes

3000 Series Concentrator /
3005, 3015, 3030, 3060, 3080

Tested with 3015

RADIUS and TACACS+ interoperability

PIX 500 Series Firewall /
501, 506E, 515, 515E, 525, 535

Tested with 515 and PIX OS v6.3

RADIUS and TACACS+ interoperability

5000 Series Concentrator

EOL Status


Table 8 Storage Networking Devices

Series
Devices Supported
Notes

MDS 9000

MDS 9216, MDS9509

RADIUS interoperability

(TACACS+ support in future release)


Table 9 Switches

Series / Devices
Notes

Catalyst 2950/3550

Tested with 3550 and IOS 12.1(12)EA1

RADIUS and TACACS+ interoperability

Catalyst 4000/4500

Tested with Cat4503, CatOS 7.5, and IOS 12.1

RADIUS and TACACS+ interoperability

Catalyst 5000

EOL status

Catalyst 6500

Tested with CatOS 7.5, and IOS 12.1

RADIUS and TACACS+ interoperability


Table 10 Cisco Aironet Software (Access Points for Wireless LAN)

Series
Notes

350

RADIUS interoperability

AP1100

RADIUS interoperability

AP1200

Tested with Aironet 11.23

RADIUS interoperability


Table 11 CiscoWorks VMS

Series
Devices Supported
Notes

IOS/Router MC

Version 1.1

TACACS+ interoperability

Firewall MC

Version 1.1

Tested with VMS2.1

TACACS+ interoperability

IDS MC

Version 1.1

TACACS+ interoperability

LMS

TACACS+ interoperability (future release)

HSE

Version 1.7

TACACS+ interoperability

WLSE

TACACS+ interoperability (future release)


Table 12 PKI/Certificate Servers

Platform
Versions
Notes

Microsoft CA Certificate Server

Windows 2000

Windows 2000 with SP3

Tested

Entrust PKI

Version 6.0

Verisign Onsite

Version 5.0


Table 13 Token Servers1  

Platform
Versions
Client Requirement
Notes

ActivCard Server

Version 3.1

CRYPTOCard CRYPTOAdmin

Version 5.16

PassGo Defender

Version 4.1.3

RSA ACE/Server

Version 5.1

RSA ACE Agent version 5.5 for Windows 2000

Tested

Safeword Premier Access

Version 31.

Vasco Vacman Server

Version 6.0.2

1 Cisco Secure ACS uses a RADIUS interface to support all token servers, with the exception of RSA ACE/Server. For more information, see Changes to Token Server Support.


Table 14 LDAP Servers

Platform
Versions
Notes

SunONE Identity Server

(Formerly iPlanet Directory)

Version 5.1

Tested with Windows 2000 Active Directory with Windows Service Pack 3

Novell NetWare Directory Services (NDS)

Version 6.0

Tested

Novell eDirectory

Version 8.6

Tested


Table 15 User Databases1  

Platform
Version
Requirement

AD on Windows 2003

AD on Windows 2000

Tested with Service Pack 3

SAM on Windows 2000

Tested with Service Pack 3

SAM on Windows NT 4.0

LDAP

Generic

Novell NetWare Directory Services (NDS)

Version 6.0

Tested with Edirectory v.8.6 and Novell Client 4.83 SP2 for Windows NT 4.0, Windows 2000, and Windows XP.

Novell Client must be installed on the same Windows server as Cisco Secure ACS.

Open Database Connectivity (ODBC)-compliant relational databases

In addition to the Windows ODBC interface, the third-party ODBC driver must be installed on the Cisco Secure ACS Windows server

LEAP Proxy RADIUS servers

1 See also Table 13 Token Servers.


Table 16 Proxy Support

Platform
Versions
Notes

Cisco Secure ACS

Version 2.4 or later

Funk Steel Belted Radius

Enterprise Edition