Table Of Contents
Cisco Secure ACS Appliance Overview
System Description
Cisco Secure ACS Appliance Hardware Description
Front Panel Features
Back Panel Features
Serial Port
Ethernet Connectors
Network Cable Requirements
Cisco Secure ACS Appliance Overview
System Description
Cisco Secure ACS Appliance version 3.2 is a highly scalable, rack-mounted, dedicated platform that serves as a high performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+). The Cisco Secure ACS Appliance controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.
The Cisco Secure ACS Appliance allows you to control who can access the network, to authorize what types of network services are available for particular users or groups of users, and to keep an accounting record of all user actions in the network. The appliance supports access control and accounting for dial-up access servers, firewalls and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks (LANs and WLANs). In addition, the same AAA framework can be used, via TACACS+, to manage administrative roles and groups and to control how network administrators can change, access, and configure the network internally.
The Cisco Secure ACS Appliance provides, as nearly as possible, the exact same features and functions of the Cisco Secure ACS for Windows Server (the software product) in a dedicated, security hardened, application-specific, appliance packaging. The appliance includes additional features specific to operating and managing the Cisco Secure ACS Appliance.
To ensure a highly secure posture, Cisco Secure ACS Appliance:
•Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix B, "Windows Service Advisement," for details on the hardening.)
•Does not support a keyboard or monitor.
•Does not provide access to its file system.
•Does not allow running arbitrary applications on it.
•Allows TCP/IP connections only via the ports necessary to its own operations.
Figure 1-1 shows the Cisco Secure ACS Appliance operating context.
Figure 1-1 Cisco Secure ACS Appliance Context Diagram
The administrative console shown in the context diagram represents any data terminal equipment (DTE) capable of supporting administrative connection via a serial port connection and is generally referred to as a console in this guide.
For more detailed information on Cisco Secure ACS Appliance features and capabilities, see the User Guide for Cisco Secure ACS Appliance and the Release Notes for Cisco Secure ACS Appliance Version 3.2.
Cisco Secure ACS Appliance Hardware Description
The Cisco Secure ACS Appliance is a rack-mountable 1U box with the following configuration:
•Intel 3.06 GHz Pentium 4 processor with a 512-KB level 2 ECC cache
•Two built-in NC7760 PCI gigabit server adapters
•40-GB ATA hard drive
•Floppy drive
•CD-ROM drive
•Serial port
The parallel port, video, keyboard, and mouse controllers are not used.
Technical specifications are detailed in Appendix A, "Technical Specifications."
This section contains the following sections and subsections:
•Front Panel Features
•Back Panel Features
–Serial Port
–Ethernet Connectors
–Network Cable Requirements
Front Panel Features
The Cisco Secure ACS Appliance front panel contains switches, indicators, and the CD-ROM drive. Figure 1-2 shows the front panel switches and LED indicators. The functions of the switches and LED indicators are described in below the illustration.
Figure 1-2 Front Panel Switches and Indicators
No.
|
Switch or LED Indicator
|
Description
|
1
|
CD-ROM drive activity LED
|
On = Activity Off = No Activity
|
2
|
USB Connector (not supported)
|
Do not use.
|
3
|
Front unit identification LED
|
Glows blue when unit ID switch has been pressed.
|
4
|
NIC 2 link/activity LED
|
On = Link Off = No Link Blinking = Activity
|
5
|
NIC 1 link/activity LED
|
On = Link Off = No Link Blinking = Activity
|
6
|
System health LED
|
Green = Good Amber = Degraded Red = Critical Error
|
7
|
Video connector (not supported)
|
Do not use.
|
8
|
Power On/Off Switch and LED
|
Press the power LED to turn the ACS 1112 on or off. The LED indicator has four states:
•Blinking Green = Power is connected, but power is off
•Green = Power On
•Amber = Standby Mode
•Off = Power is not connected, and is off.
|
9
|
Unit Identification Switch
|
When switched on, the Unit Identification LEDs on the front and back panels glow blue.
|
10
|
Floppy drive activity LED
|
On = Activity Off = No Activity
|
Back Panel Features
The back panel contains the AC power receptacle, Ethernet connectors, indicator LEDs, and a serial port. Figure 1-3 shows the back-panel features.
Figure 1-3 Back Panel Features
1
|
AC power receptacle
|
5
|
Video connector (not supported). Do not use.
|
2
|
Mouse connector (not supported). Do not use.
|
6
|
RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 2
|
3
|
USB connector 1 (not supported). Do not use.
|
7
|
RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 1
|
4
|
Serial connector (see Figure 1-4)
|
8
|
Keyboard connector (not supported). Do not use.
|
Serial Port
The integrated serial port on the back panel of the appliance uses a 9-pin D-subminiature connector.
Serial Port Connector
If you reconfigure your hardware, you may need information regarding the pin number and signal for the serial port connector. Figure 1-4 illustrates the pin numbers for the serial port connector and defines the pin assignments and interface signals for the serial port connector. (Pin numbering proceeds bottom to top and right to left, as illustrated.)
Figure 1-4 Pin Numbers for the Serial Port Connector
Pin
|
Signal
|
I/O
|
Definition
|
1
|
DCD
|
I
|
Data carrier detect
|
2
|
SIN
|
I
|
Serial input
|
3
|
SOUT
|
O
|
Serial output
|
4
|
DTR
|
O
|
Data terminal ready
|
5
|
GND
|
N/A
|
Signal ground
|
6
|
DSR
|
I
|
Data set ready
|
7
|
RTS
|
O
|
Request to send
|
8
|
CTS
|
I
|
Clear to send
|
9
|
RI
|
I
|
Ring indicator
|
Shell
|
N/A
|
N/A
|
Chassis ground
|
Ethernet Connectors
Your system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. Cisco Secure ACS Appliance supports the operation of either Ethernet connector, but not both connectors. Each Ethernet connector provides all the functions of a network expansion card and supports the 10BASE-T, 100BASE-TX, and 1000BASE-TX Ethernet standards.
Each NIC is configured to automatically detect the speed and duplex mode of the network.
Note The Cisco Secure ACS Appliance supports the operation of only one Ethernet connector at a time. Concurrent operation of both Ethernet connectors is not supported.
Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.
|
Network Cable Requirements
The Ethernet connectors are designed for attaching an unshielded twisted pair (UTP) Ethernet cable equipped with standard RJ-45 compatible plugs. Press one end of the UTP cable into the Ethernet connector until the plug snaps securely into place. Connect the other end of the cable to an RJ-45 port on a hub or other device, depending on your network configuration. Observe the following cabling restrictions for 10BASE-T, 100BASE-TX, and 1000BASE-TX networks:
•For 10BASE-T networks, use Category 3 or greater wiring and connectors.
•For 100BASE-TX and 1000BASE-TX networks, use Category 5 or greater wiring and connectors.
•The maximum cable run length is 328 feet (ft) or 100 meters (m).