|
Table Of Contents
Upgrading to Cisco Secure ACS Version 3.3
Windows Support for Remote Agent
Tested Windows Security Patches
Solaris Support for Remote Agent
Third-party RADIUS and TACACS+ Clients
Supported and Interoperable Devices and Software
Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS Solution Engine Version 3.3
June 28, 2007
Full Build Number: 3.3.3.11
Introduction
Because the number of devices that Cisco Secure ACS Solution Engine Version 3.3 interoperates with runs into the hundreds, this "supported devices" list differs significantly from those of other Cisco products with which you may be familiar. The relation of hardware to software Cisco Secure ACS Solution Engine Version 3.3 products is specified in Supported Versions.
This document lists supported devices and software, that is, those that we have tested against. Finally, this document also lists devices and software programs that are, to the best of our knowledge, interoperable. Of the hundreds of devices and software programs that Cisco Secure ACS Solution Engine Version 3.3 interoperates with, Cisco officially supports only those that have been tested.
For details regarding other limitations and known problems see Release Notes for CiscoSecure Access Control Server Appliance Version 3.3. You can find the most recent version of all documentation at: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/
csacsapp/csapp33/index.htmThis document contains the following sections:
•Third-party RADIUS and TACACS+ Clients
•Supported and Interoperable Devices and Software
Supported Versions
Table 1 details the Cisco Secure ACS software versions supported by each Cisco Secure ACS Solution Engine platform.
Table 1 Supported Versions
Cisco Secure ACS
Solution Engine Platform Cisco Secure ACS version 3.3 Cisco Secure ACS version 3.2Cisco 1111
Yes1
Yes
Cisco 1112
Yes
No
1 To upgrade an existing Cisco 1111 platform to Cisco Secure ACS version 3.3, see Upgrades and Patches.
Supported Migration Versions
We support migrating to Cisco Secure ACS Solution Engine version 3.3 from many versions of Cisco Secure ACS for Windows Server; however, migration requires upgrading Cisco Secure ACS for Windows Server to version 3.3.
For detailed steps for performing a migration from Cisco Secure ACS for Windows Server to Cisco Secure ACS Solution Engine, see either of the following two documents:
•Installation Guide for Cisco Secure ACS for Windows Server, version 3.3
•Installation and Configuration Guide for Cisco Secure ACS Solution Engine, version 3.3
Upgrades and Patches
Upgrading to Cisco Secure ACS Version 3.3
See Release Notes for Cisco Secure ACS Solution Engine Version 3.3. for the procedure to upgrade your Cisco Secure ACS software to version 3.3.
Security Patch Process
For information about our process for evaluating and releasing Microsoft security patches for Cisco Secure ACS Solution Engine, see Cisco Secure ACS Solution Engine Security Patch Process, available in the Product Literature section for Cisco Secure ACS Solution Engine on cisco.com.
Remote Agent Support
Cisco Secure ACS 3.3 supports Cisco Secure ACS Remote Agent on Microsoft Windows 2000 and Solaris operating systems, as specified in the following two sections.
•Windows Support for Remote Agent
•Solaris Support for Remote Agent
The list of tested patches will be updated as additional patches are identified and tested.
Windows Support for Remote Agent
The computer running Cisco Secure ACS Remote Agent for Windows must use an English-language version of one of the following operating systems:
•Windows 2000 Server, with Service Pack 4 installed
•Windows 2000 Advanced Server, with the following conditions:
–with Service Pack 4 installed
–without features specific to Windows 2000 Advanced Server enabled
•Windows Server 2003, Enterprise Edition with Service Pack 1 installed
•Windows Server 2003, Standard Edition with Service Pack 1 installed
The following restrictions apply to support for Microsoft Windows operating systems:
•We have not tested and cannot support the multi-processor feature of any supported operating system.
•We cannot support Microsoft clustering service on any supported operating system.
•Windows 2000 Datacenter Server is not a supported operating system.
Tested Windows Security Patches
Note For information about remote agent support for Microsoft patches issued after the release of Cisco Secure ACS Solution Engine version 3.3, see Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine, version 3.3.
We tested Cisco Secure ACS Remote Agent for Windows with the Windows Server 2003 patches documented in the following Microsoft Knowledge Base Articles:
We tested Cisco Secure ACS Remote Agent for Windows with the Windows 2000 Server patches documented in the following Microsoft Knowledge Base Articles:
Solaris Support for Remote Agent
The computer running Cisco Secure ACS Remote Agent for Solaris must use Solaris 2.8.
Third-party RADIUS and TACACS+ Clients
With regard to third-party RADIUS and TACACS+ clients, Cisco Secure ACS Solution Engine fully interoperates with devices that adhere to the governing protocols. Also, support for RADIUS and TACACS+ functions depends on device-specific implementation. On a given device, TACACS+ may not be available for user authentication and authorization. Likewise, RADIUS may not be available for administrative authentication and authorization.
For RADIUS these include the following RFCs:
• RFC 2138 - Remote Authentication Dial In User Service (RADIUS)
• RFC 2139 - RADIUS Accounting
• RFC 2865 - Remote Authentication Dial In User Service (RADIUS)
• RFC 2866 - RADIUS Accounting
• RFC 2867 - RADIUS Accounting for Tunnel Protocol Support
• RFC 2868 - RADIUS Attributes for Tunnel Protocol Support
• RFC 2869 - RADIUS Extensions
For details regarding the implementation of vendor-specific attributes (VSAs), see User Guide for Cisco Secure ACS Solution Engine Version 3.3.
Cisco Secure ACS Solution Engine conforms to the TACACS+ protocol as defined by Cisco Systems in draft 1.77.
Supported and Interoperable Devices and Software
The following tables show the devices and software that Cisco Secure ACS Solution Engine supports or with which it interoperates:
•Table 3, Device Operating Systems
•Table 5, Access Devices/Universal Gateways
•Table 7, Content Networking Devices
•Table 8, Security and VPN Devices
•Table 9, Storage Networking Devices
•Table 11, Cisco Aironet Software (Access Points for Wireless LAN)
•Table 13, PKI/Certificate Servers
You can find information about new device support at Cisco.com, http://www.cisco.com.
To ensure full capabilities, the clients you deploy to interoperate with Cisco Secure ACS Solution Engine should use the most recent operating systems available. Nonetheless, Table 3 provides details on the minimum acceptable client operating system versions.
Table 2 Web Browsers1
Program Versions NotesMicrosoft Internet Explorer
Version 6.0 with Service Pack 1 for Microsoft Windows—English Language version
Microsoft Java Virtual MachineTested
Microsoft Internet Explorer
Version 6.0 with Service Pack 1 for Microsoft Windows—English Language version
Sun Java Plug-in 1.4.2_04Tested
Netscape Communicator
for Microsoft WindowsVersion 7.1 for Microsoft Windows - English Language version
Sun Java Plug-in 1.4.2_04Tested
Netscape Communicator for Solaris 2.8
Version 7.0
English Language version
Mozilla 5.0
Sun Java Plug-in 1.4.0_01Tested
1 To use a web browser to access the Cisco Secure ACS HTML interface, you must enable both Java and JavaScript in the browser. Also, you must disable HTTP proxy in the browser.
Table 5 Access Devices/Universal Gateways
Series Notes6400 Series
RADIUS and TACACS+ interoperability
AS2600 Series
RADIUS and TACACS+ interoperability
AS5350 Series
RADIUS and TACACS+ interoperability
AS5300 Series
Tested on version 3.3.
RADIUS and TACACS+ interoperability
AS5400 Series1
Tested with IOS12.2(7c)
RADIUS and TACACS+ interoperability
AS5850 Series
RADIUS and TACACS+ interoperability
DSL Series / 6015, 6100, 6130, 6160, 6260
RADIUS and TACACS+ interoperability
MGX Series / 8220, 8250, 8800, 8950
TACACS+ interoperability
1 This series, tested on version 3.2, not retested on version 3.3.
Table 6 Cable Devices
Devices NotesuBR71001
Tested with IOS 12.2BC
RADIUS and TACACS+ interoperability
1 Tested on version 3.2, not retested on version 3.3.
Table 7 Content Networking Devices1
Series / Devices NotesCE7300 / CE 7320
Tested with ACNS 4.2
RADIUS and TACACS+ interoperability
CDM4600 / CDM4630, CDM4650
RADIUS and TACACS+ interoperability
4400 Content Routers/ CR4430
Tested with ACNS 4.2
RADIUS and TACACS+ interoperability
1 Tested on version 3.2, not retested on version 3.3.
Table 9 Storage Networking Devices
Series Devices Supported NotesMDS 9000
MDS 9216, MDS9509
RADIUS interoperability
(TACACS+ support in future release)
Table 11 Cisco Aironet Software (Access Points for Wireless LAN)
Series NotesAP1100
RADIUS interoperability
with IOS v12.2(15)JAAP1200
RADIUS interoperability
with IOS v12.2(15)JA
Table 13 PKI/Certificate Servers
Platform Versions NotesMicrosoft CA Certificate Server
Windows 2000
Windows 2000 with SP3
Tested
Entrust PKI
Version 6.0
—
Verisign Onsite
Version 5.0
—
Table 14 Token Servers1
Platform Versions Client Requirement NotesActivCard Server
Version 3.1
—
—
CRYPTOCard CRYPTOAdmin
Version 5.16
—
—
PassGo Defender
Version 4.1.3
—
—
RSA ACE/Server
Version 5.1 and 5.2
—
Tested
Safeword Premier Access
Version 3.1
—
—
Vasco Vacman Server
Version 6.0.2
—
—
1 Cisco Secure ACS Solution Engine uses a RADIUS interface to support all token servers.
Table 16 User Databases1
Platform Version RequirementAD on Windows 2003
—
Tested with Service Pack 1
AD on Windows 2000
—
Tested with Service Pack 3
SAM on Windows 2000
—
Tested with Service Pack 3
SAM on Windows NT 4.0
—
—
LDAP
Generic
—
Novell NetWare Directory Services (NDS)
Version 6.0
Tested with eDirectory v.8.6 and Novell Client 4.83 SP2 for Windows NT 4.0, Windows 2000, and Windows XP
LEAP Proxy RADIUS servers
—
Tested
Table 17 Proxy Support
Platform Versions NotesCisco Secure ACS
Tested with version 3.3
Funk Steel Belted Radius
Enterprise Edition
—