Installation and Setup Guide for Cisco Secure ACS Solution Engine Version 3.3 - Cisco Secure ACS Solution Engine Overview [Cisco Secure Access Control Server Solution Engine]

Table Of Contents

Cisco Secure ACS Appliance Overview

System Description

Cisco Secure ACS Appliance Hardware Description

Front Panel Features

Back Panel Features

Serial Port

Ethernet Connectors

Network Cable Requirements

Cisco Secure ACS Appliance Overview

System Description

Cisco Secure ACS Appliance version 3.2 is a highly scalable, rack-mounted, dedicated platform that serves as a high performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+). The Cisco Secure ACS Appliance controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.

The Cisco Secure ACS Appliance allows you to control who can access the network, to authorize what types of network services are available for particular users or groups of users, and to keep an accounting record of all user actions in the network. The appliance supports access control and accounting for dial-up access servers, firewalls and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks (LANs and WLANs). In addition, the same AAA framework can be used, via TACACS+, to manage administrative roles and groups and to control how network administrators can change, access, and configure the network internally.

The Cisco Secure ACS Appliance provides, as nearly as possible, the exact same features and functions of the Cisco Secure ACS for Windows Server (the software product) in a dedicated, security hardened, application-specific, appliance packaging. The appliance includes additional features specific to operating and managing the Cisco Secure ACS Appliance.

To ensure a highly secure posture, Cisco Secure ACS Appliance:

•Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix B, "Windows Service Advisement," for details on the hardening.)

•Does not support a keyboard or monitor.

•Does not provide access to its file system.

•Does not allow running arbitrary applications on it.

•Allows TCP/IP connections only via the ports necessary to its own operations.

Figure 1-1 shows the Cisco Secure ACS Appliance operating context.

Figure 1-1 Cisco Secure ACS Appliance Context Diagram

The administrative console shown in the context diagram represents any data terminal equipment (DTE) capable of supporting administrative connection via a serial port connection and is generally referred to as a console in this guide.

For more detailed information on Cisco Secure ACS Appliance features and capabilities, see the User Guide for Cisco Secure ACS Appliance and the Release Notes for Cisco Secure ACS Appliance Version 3.2.

Cisco Secure ACS Appliance Hardware Description

The Cisco Secure ACS Appliance is a rack-mountable 1U box with the following configuration:

•Intel 3.06 GHz Pentium 4 processor with a 512-KB level 2 ECC cache

•Two built-in NC7760 PCI gigabit server adapters

•40-GB ATA hard drive

•Floppy drive

•CD-ROM drive

•Serial port

The parallel port, video, keyboard, and mouse controllers are not used.

Technical specifications are detailed in Appendix A, "Technical Specifications."

This section contains the following sections and subsections:

•Front Panel Features

•Back Panel Features

–Serial Port

–Ethernet Connectors

–Network Cable Requirements

Front Panel Features

The Cisco Secure ACS Appliance front panel contains switches, indicators, and the CD-ROM drive. Figure 1-2 shows the front panel switches and LED indicators. The functions of the switches and LED indicators are described in below the illustration.

Figure 1-2 Front Panel Switches and Indicators

No.

Switch or LED Indicator

Description

1

CD-ROM drive activity LED

On = Activity
Off = No Activity

2

USB Connector (not supported)

Do not use.

3

Front unit identification LED

Glows blue when unit ID switch has been pressed.

4

NIC 2 link/activity LED

On = Link
Off = No Link
Blinking = Activity

5

NIC 1 link/activity LED

On = Link
Off = No Link
Blinking = Activity

6

System health LED

Green = Good
Amber = Degraded
Red = Critical Error

7

Video connector (not supported)

Do not use.

8

Power On/Off Switch and LED

Press the power LED to turn the ACS 1112 on or off. The LED indicator has four states:

•Blinking Green = Power is connected, but power is off

•Green = Power On

•Amber = Standby Mode

•Off = Power is not connected, and is off.

9

Unit Identification Switch

When switched on, the Unit Identification LEDs on the front and back panels glow blue.

10

Floppy drive activity LED

On = Activity
Off = No Activity

Back Panel Features

The back panel contains the AC power receptacle, Ethernet connectors, indicator LEDs, and a serial port. Figure 1-3 shows the back-panel features.

Figure 1-3 Back Panel Features

1

AC power receptacle

5

Video connector (not supported). Do not use.

2

Mouse connector (not supported). Do not use.

6

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 2

3

USB connector 1 (not supported). Do not use.

7

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 1

4

Serial connector (see Figure 1-4)

8

Keyboard connector (not supported). Do not use.

Serial Port

The integrated serial port on the back panel of the appliance uses a 9-pin D-subminiature connector.

Serial Port Connector

If you reconfigure your hardware, you may need information regarding the pin number and signal for the serial port connector. Figure 1-4 illustrates the pin numbers for the serial port connector and defines the pin assignments and interface signals for the serial port connector. (Pin numbering proceeds bottom to top and right to left, as illustrated.)

Figure 1-4 Pin Numbers for the Serial Port Connector

Pin

Signal

I/O

Definition

1

DCD

I

Data carrier detect

2

SIN

I

Serial input

3

SOUT

O

Serial output

4

DTR

O

Data terminal ready

5

GND

N/A

Signal ground

6

DSR

I

Data set ready

7

RTS

O

Request to send

8

CTS

I

Clear to send

9

RI

I

Ring indicator

Shell

N/A

N/A

Chassis ground

Ethernet Connectors

Your system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. Cisco Secure ACS Appliance supports the operation of either Ethernet connector, but not both connectors. Each Ethernet connector provides all the functions of a network expansion card and supports the 10BASE-T, 100BASE-TX, and 1000BASE-TX Ethernet standards.

Each NIC is configured to automatically detect the speed and duplex mode of the network.

Note The Cisco Secure ACS Appliance supports the operation of only one Ethernet connector at a time. Concurrent operation of both Ethernet connectors is not supported.

Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

Network Cable Requirements

The Ethernet connectors are designed for attaching an unshielded twisted pair (UTP) Ethernet cable equipped with standard RJ-45 compatible plugs. Press one end of the UTP cable into the Ethernet connector until the plug snaps securely into place. Connect the other end of the cable to an RJ-45 port on a hub or other device, depending on your network configuration. Observe the following cabling restrictions for 10BASE-T, 100BASE-TX, and 1000BASE-TX networks:

•For 10BASE-T networks, use Category 3 or greater wiring and connectors.

•For 100BASE-TX and 1000BASE-TX networks, use Category 5 or greater wiring and connectors.

•The maximum cable run length is 328 feet (ft) or 100 meters (m).