Installation and Setup Guide for Cisco Secure ACS Solution Engine 4.0
Cisco Secure ACS Solution Engine Overview
Download this chapter
Cisco Secure ACS Solution Engine OverviewCisco Secure ACS Solution Engine Overview
Download the complete book
Installation and Setup Guide for Cisco Secure ACS Solution Engine (PDF version)Installation and Setup Guide for Cisco Secure ACS Solution Engine (PDF version) (PDF - 4 MB)
 Feedback

Table Of Contents

Cisco Secure ACS Solution Engine Overview

System Description

ACS SE Hardware Description

Solution Engine Specifications for the Quanta (1112) Version Platform

Front Panel Features for the Quanta (1112) Version

Back Panel Features for the Quanta (1112) Version

Serial Port

Ethernet Connectors

Network Cable Requirements

Solution Engine Specifications for the Quanta (1113) Version Platform

Front Panel Features for the Quanta (1113) Version

Back Panel Features for the Quanta (1113) Version

Serial Port

Ethernet Connectors

Network Cable Requirements


Cisco Secure ACS Solution Engine Overview

System Description

Cisco Secure ACS Solution Engine (ACS SE) is a highly scalable, rack-mounted, dedicated platform that serves as a high-performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+). ACS SE controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.

You use ACS SE to control who can access the network, to authorize what types of network services are available for particular users or groups of users, and to keep an accounting record of all user actions in the network. The appliance supports access control and accounting for dial-up access servers, firewalls and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks (LANs and WLANs). In addition, you can use the same AAA framework, via TACACS+, to manage administrative roles and groups and to control how network administrators change, access, and configure the network internally.

ACS SE provides almost the same set of features and functions as in the Cisco Secure ACS for Windows Server (the software product) in a dedicated, security hardened, application-specific, appliance packaging. ACS SE includes additional features specific to operating and managing the ACS appliance. See Release Notes for Cisco Secure ACS Solution Engine for the new features in this release.

To ensure a highly secure posture, ACS SE:

Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix C, "Windows Service Advisement," for details on the hardening.)

Does not support a keyboard or monitor.

Does not provide access to its file system.

Does not allow you to run arbitrary applications on it.

Allows TCP/IP connections only via the ports necessary for its own operations.

Figure 1-1 shows the ACS SE operating context.

Figure 1-1 ACS SE Context Diagram

The administrative console in the context diagram represents any data terminal equipment (DTE) capable of supporting administrative connection via a serial port connection and is generally referred to as a console in this guide.

For more detailed information on ACS SE features and capabilities, see the User Guide for Cisco Secure ACS Solution Engine and the Release Notes for Cisco Secure ACS Solution Engine.

ACS SE Hardware Description

ACS SE is a rack-mountable 1U box. The sections below describe the following hardware devices:

Cisco Secure ACS 4.0.1 for Quanta (1112) version

Cisco Secure ACS 4.0.1 for Quanta (1113) version

Solution Engine Specifications for the Quanta (1112) Version Platform

The ACS SE on the Quanta (1112) platform has the following specifications:

Intel 3.06 GHz Pentium 4 processor with a 512-KB level 2 ECC cache

Two built-in NC7760 PCI gigabit server adapters

40-GB ATA hard drive

Floppy drive

CD-ROM drive

Serial port

The parallel port, video, keyboard, and mouse controllers are not used.

Technical specifications for the Quanta (1112) version are detailed in Appendix A, "Technical Specifications for the Quanta (1112) Version."

This section contains the following sections and subsections:

Front Panel Features for the Quanta (1112) Version

Back Panel Features for the Quanta (1112) Version

Serial Port

Ethernet Connectors

Network Cable Requirements

Front Panel Features for the Quanta (1112) Version

The ACS SE front panel on the Quanta (1112) version contains switches, indicators, and the CD-ROM drive. Figure 1-2 shows the front panel switches and LED indicators. The functions of the switches and LED indicators are described in the table below the illustration.

Figure 1-2 Front Panel Switches and Indicators

The following table describes the callouts in Figure 1-2.

No.
Switch or LED Indicator
Description
1

CD-ROM drive activity LED

On = Activity
Off = No Activity

2

USB Connector (not supported)

Do not use.

3

Front unit identification LED

Glows blue after you switch on unit ID switch.

4

NIC 2 link/activity LED

On = Link
Off = No Link
Blinking = Activity

5

NIC 1 link/activity LED

On = Link
Off = No Link
Blinking = Activity

6

System health LED

Green = Good
Amber = Degraded
Red = Critical Error

7

Video connector (not supported)

Do not use.

8

Power On/Off LED

Blinking Green = Power is connected but not on
Green = Power On
Amber = Standby Mode
Off = Power Off

9

Unit Identification Switch

When switched on, the Unit Identification LEDs on the front and back panels glow blue.

10

Floppy drive activity LED

On = Activity
Off = No Activity


Back Panel Features for the Quanta (1112) Version

The back panel for the Quanta (1112) versions contains the AC power receptacle, Ethernet connectors, indicator LEDs, and a serial port. Figure 1-3 shows the back-panel features.

Figure 1-3 Back Panel Features for the Quanta (1112) Version

The following table describes the callouts in Figure 1-3.

No.
Description
1

AC power receptacle

2

Mouse connector (not supported). Do not use.

3

USB connector 1 (not supported). Do not use.

4

Serial connector (see Figure 1-4)

5

Video connector (not supported). Do not use.

6

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 2

7

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 1

8

Keyboard connector (not supported). Do not use.


Serial Port

The integrated serial port on the back panel of the appliance uses a 9-pin D-subminiature connector.

Serial Port Connector

If you reconfigure your hardware, you may need information regarding the pin number and signal for the serial port connector. Figure 1-4 illustrates the pin numbers for the serial port connector, and defines the pin assignments and interface signals for the serial port connector. (Pin numbering proceeds bottom to top and right to left, as illustrated.)

Figure 1-4 Pin Numbers for the Serial Port Connector

Pin
Signal
I/O
Definition
1

DCD

I

Data carrier detect

2

SIN

I

Serial input

3

SOUT

O

Serial output

4

DTR

O

Data terminal ready

5

GND

N/A

Signal ground

6

DSR

I

Data set ready

7

RTS

O

Request to send

8

CTS

I

Clear to send

9

RI

I

Ring indicator

Shell

N/A

N/A

Chassis ground


Ethernet Connectors

Your system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. ACS SE supports the operation of either Ethernet connector, but not both connectors. Each Ethernet connector provides all the functions of a network expansion card and supports the 10BASE-T, 100BASE-TX, and 1000BASE-TX Ethernet standards.

Each NIC is configured to automatically detect the speed and duplex mode of the network.

Note ACS SE supports the operation of only one Ethernet connector at a time. Concurrent operation of both Ethernet connectors is not supported.

Network Cable Requirements

Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

The Ethernet connectors are designed for attaching an unshielded twisted pair (UTP) Ethernet cable equipped with standard RJ-45 compatible plugs. Press one end of the UTP cable into the Ethernet connector until the plug snaps securely into place. Connect the other end of the cable to an RJ-45 port on a hub or other device, depending on your network configuration. Observe the following cabling restrictions for 10BASE-T, 100BASE-TX, and 1000BASE-TX networks:

For 10BASE-T networks, use Category 3 or greater wiring and connectors.

For 100BASE-TX and 1000BASE-TX networks, use Category 5 or greater wiring and connectors.

The maximum cable run length is 328 feet (ft) or 100 meters (m).

Solution Engine Specifications for the Quanta (1113) Version Platform

The ACS SE on the Quanta (1113) platform has the following specifications:

Intel Pentium 4 Prescott/Smithfield/Cedar Mill/Presler and Celeron D LGA775 CPU

Broadcom 5721J Ethernet network interface card

80-GB or more ATA hard drive

QSI DVD-ROM drive

Serial port

Technical specifications are detailed in Appendix B, "Technical Specifications for the Quanta (1113) Version."

This section contains the following sections and subsections:

Front Panel Features for the Quanta (1113) Version

Back Panel Features for the Quanta (1113) Version

Serial Port

Ethernet Connectors

Network Cable Requirements

Front Panel Features for the Quanta (1113) Version

The ACS SE front panel on the Quanta (1113) version contains switches, indicators, and the CD-ROM drive. Figure 1-5 shows the front panel switches and LED indicators. The functions of the switches and LED indicators are described in the table below the illustration.

Figure 1-5 Front Panel Switches and Indicators for the Quanta (1113) Version

The following table describes the callouts in Figure 1-5.

No.
Switch or LED Indicator
Description
1

DVD-ROM drive activity LED

On = Activity
Off = No Activity

2

Power On/Off button and LED

Pushing the power button turns the unit on or off. The LED in the center of the power On/Off button has the following states:

Blinking Green = Power is connected but not on
Green = Power On
Off = Power Off

3

Unused button

This button is not operational.

4

HDD LED

Indicates that there is activity on the hard drive.

5

Unit Identification Button

To enable the Unit Identification LED, push the Unit Identification Button.

When the Unit identification button is on, the Unit Identification LEDs on the front and back panels flash blue. This enables you to go behind the unit and look at the flashing blue light on the back You can turn off the flashing LED on the back of the unit off by pressing the Unit Identification button on the back panel.

To turn off the Unit Identification LED, when the LED is on, push the Unit Identification Button.

6

Unit Identification LED

The Unit Identification LED has the following states:

Off = System power is off, the system ID button has not been pushed, and there is no fault assertion condition (the system cover is on the device and there is no fault condition).

Flashing Blue = When the system ID button is pushed, the Unit Identification LED flashes blue if the system is in either standby mode or system power is on.

Solid Blue = System power is on, the system cover is on the device, and there is no fault assertion condition. The system ID button has not been pushed.

Flashing Amber = The system is on standby power, there is a fault assertion condition (for example, the cover has been removed from the device), and the system ID button has not been pushed.

7

USB port (not supported)

Universal Serial Bus port. Do not use.


Back Panel Features for the Quanta (1113) Version

The back panel for the Quanta (1113) version contains the AC power receptacle, Ethernet connectors, indicator LEDs, and a serial port. Figure 1-6 shows the back-panel features.

Figure 1-6 Back Panel Features for the Quanta (1113) Version

The following table describes the callouts in Figure 1-6.

No.
Description
1

AC power receptacle

2

Mouse connector (not supported). Do not use.

3

USB connectors (not supported). Do not use.

4

Serial connector (see Figure 1-4)

5

Video connector (not supported). Do not use.

6

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 2

7

RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 1

8

Unit Identification Button and LED. When the Unit Identification Button on the front panel is pressed, this causes the Unit Identification Button on the back panel to flash blue. To turn off the Unit Identification indicator on the back panel, push the Unit Identification button.

9

Keyboard connector


Serial Port

The integrated serial port on the back panel of the appliance uses a 9-pin, D-subminiature connector.

Serial Port Connector

If you reconfigure your hardware, you may need information regarding the pin number and signal for the serial port connector. Figure 1-7 illustrates the pin numbers for the serial port connector, and defines the pin assignments and interface signals for the serial port connector. (Pin numbering proceeds bottom to top and right to left, as illustrated.)

Figure 1-7 Pin Numbers for the Serial Port Connector

Pin
Signal
I/O
Definition
1

DCD

I

Data carrier detect

2

SIN

I

Serial input

3

SOUT

O

Serial output

4

DTR

O

Data terminal ready

5

GND

N/A

Signal ground

6

DSR

I

Data set ready

7

RTS

O

Request to send

8

CTS

I

Clear to send

9

RI

I

Ring indicator

Shell

N/A

N/A

Chassis ground


Ethernet Connectors

Your Quanta (1113) system has two integrated 10/100/1000-megabit-per-second (Mbps) Ethernet connectors. ACS SE supports the operation of either Ethernet connector, but not both connectors. Each Ethernet connector provides all the functions of a network expansion card and supports the 10BASE-T, 100BASE-TX, and 1000BASE-TX Ethernet standards.

Each NIC is configured to automatically detect the speed and duplex mode of the network.

Network Cable Requirements

Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

The Ethernet connectors are designed for attaching an unshielded twisted pair (UTP) Ethernet cable equipped with standard RJ-45 compatible plugs. Press one end of the UTP cable into the Ethernet connector until the plug snaps securely into place. Connect the other end of the cable to an RJ-45 port on a hub or other device, depending on your network configuration. Observe the following cabling restrictions for 10BASE-T, 100BASE-TX, and 1000BASE-TX networks:

For 10BASE-T networks, use Category 3 or greater wiring and connectors.

For 100BASE-TX and 1000BASE-TX networks, use Category 5 or greater wiring and connectors.

The maximum cable run length is 328 feet (ft) or 100 meters (m).