Installation Guide for the Cisco 1120 Secure Access Control Server 4.2
Cisco 1120 Secure Access Control Server Overview
Download this chapter
Cisco 1120 Secure Access Control Server OverviewCisco 1120 Secure Access Control Server Overview
Download the complete book
PDFPDF (PDF - 4 MB)
 Feedback

Table Of Contents

Cisco 1120 Secure Access Control Server Overview

System Description

Product Overview

Specifications for the CSACS 1120 Series Appliance

Product Serial Number Location

Cisco Product Identification Tool

Hardware Features

CSACS 1120 Appliance Front-Panel View

LEDs

CSACS 1120 Appliance Back-Panel View

LEDs

Input/Output Ports and Connectors

Ethernet Port (NIC 1 and NIC 2)

Serial (Console) Port

Environmental Monitoring

Overcurrent Protection (OCP)

Overvoltage Protection (OVP)

Overtemperature Protection (OTP)

Regulatory Compliance


Cisco 1120 Secure Access Control Server Overview

This chapter gives a functional overview of the Cisco 1120 Secure Access Control Server, hereafter referred to as CSACS 1120. This chapter covers the appliance hardware, major components, controls, connectors, and front- and rear-panel LED indicators.

This chapter contains:

System Description

Product Overview

Hardware Features

Environmental Monitoring

Regulatory Compliance

System Description

The Cisco 1120 Secure Access Control Server (CSACS 1120) is a highly scalable, rack-mounted, dedicated platform that serves as a high-performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System (TACACS+). CSACS 1120 controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.

You use CSACS 1120 to control who can access the network, to authorize what types of network services are available for particular users or groups of users, and to keep an accounting record of all user actions in the network. The appliance supports access control and accounting for dial-up access servers, firewalls and VPNs, Voice-over-IP solutions, content networking, and switched and wireless local area networks (LANs and WLANs). In addition, you can use the same AAA framework, via TACACS+, to manage administrative roles and groups and to control how network administrators change, access, and configure the network internally.

CSACS 1120 provides almost the same set of features and functions as in the Cisco Secure ACS for Windows Server (the software product) in a dedicated, security hardened, application-specific, appliance packaging. CSACS 1120 includes additional features specific to operating and managing the ACS appliance.

To ensure a highly secure posture, CSACS 1120:

Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix C, "Windows Service Advisement," for details on the hardening.)

Does not support a keyboard or monitor.

Does not provide access to its file system.

Does not allow you to run arbitrary applications on it.

Allows TCP/IP connections only via the ports necessary for its own operations.

Figure 1-1 shows the CSACS 1120 operating context.

Figure 1-1 CSACS 1120 Context Diagram

The administrative console in the context diagram represents any data terminal equipment (DTE) capable of supporting administrative connection via a serial port connection and is generally referred to as a console in this guide.

Product Overview

This section describes the power requirements, rack-mount hardware kit, and features of the CSACS 1120 Series appliance.

This section contains:

Specifications for the CSACS 1120 Series Appliance

Product Serial Number Location

Cisco Product Identification Tool

Specifications for the CSACS 1120 Series Appliance

The CSACS 1120 Series appliance (see Figure 1-2) is contained in a standard shelf-rack enclosure. The appliance weighs from 15 lb (9.071 kg) to 33 lb (14.96 kg) depending on what options are installed in the appliance. It measures 1.69 inches high x 17 inches wide x 20 inches deep (4.29 cm x 43.18 cm x 50.80 cm). These dimensions do not include the rack handles.

Figure 1-2 Cisco 1120 Secure Access Control System Front View

The CSACS 1120 Series appliance is configured for AC-input power and has a single auto-ranging AC-input power supply, mounted in a standard 19-inch (48.3 cm), 4-post equipment rack (using the rack-mount brackets provided). The CSACS 1120 features include:

Microprocessor—Intel Core 2 Duo 2.13-GHz processor with an 800-MHz front side bus (FSB) and 2 MB of Layer 2 cache.

Four synchronous dynamic RAM (SDRAM) slots that support up to 4 GB.

Support for up to 2 x 250-GB SATA hard drives.

Two fixed RJ-45 10BASE-T/100BASE-TX/1000BASE-T network interface connectors (located on the rear panel).

One slimline DVD-ROM drive (located on the front-panel).

One DB-9 serial (console) port (located on the rear-panel).

Front-to-rear airflow blowers using two 40-mm exhaust fans and ducting for the CPU and memory, two 40-mm exhaust fans built into the power supply, and one PCI exhaust fan.

Expansion slot support—One PCI-X (located on the rear panel).

Three USB 2.0 ports (two located on the rear panel, one on the front-panel).

One PS/2 keyboard port (located on the rear panel).

One PS/2 video monitor port (located on the rear panel).

One DB-15 serial (video) port (located on the rear panel).

Rear-access cabling.

Four green, front-panel appliance LEDs:

Power (indicates whether the power supply is operational).

Hard disk drive activity (indicates whether the drive is functioning properly).

Network Interface connector (NIC) 1 and NIC 2 activity (indicates whether interrupts or packet transfers are running).

For a description of the LEDs, see CSACS 1120 Appliance Front-Panel View.

The CSACS 1120 appliance is normally shipped with a rack-mount hardware kit which includes either brackets or rails that allow the CSACS 1120 to be positioned in a 4-post equipment rack. For more information, see Chapter 3, "Installing the Cisco 1120 Secure Access Control System Hardware."

Note The rack-mount hardware kit does not include a 2-post equipment rack.

Product Serial Number Location

The serial number label is located on the front-panel of the CSACS 1120 Series appliance, at the lower Left. Figure 1-3 shows the location of this label.

Figure 1-3 CSACS 1120 Appliance Serial Number Location

Note The serial number for the CSACS 1120 Series appliance is 11 characters long.

Cisco Product Identification Tool

The Cisco Product Identification (CPI) tool helps you retrieve the serial number of your Cisco products.

Before you submit a request for service online or by phone, use the CPI tool to locate your product serial number. You can access this tool from the Cisco Support website.

To access this tool:

Step 1 Click the Get Tools & Resources link.

Step 2 Click the All Tools (A-Z) tab.

Step 3 Select Cisco Product Identification Tool from the alphabetical drop-down list.

This tool offers three search options:

Search by product ID or model name.

Browse for Cisco model.

Copy and paste the output of the show command to identify the product.

Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before you place a service call.

You can access the CPI tool at:

http://tools.cisco.com/Support/CPI/index.do

To access the CPI tool, you require a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at:

http://tools.cisco.com/RPF/register/register.do

Hardware Features

This section describes the front- and rear-panel controls, ports, and LED indicators on the CSACS 1120 Series appliance.

This section contains:

CSACS 1120 Appliance Front-Panel View

CSACS 1120 Appliance Back-Panel View

Input/Output Ports and Connectors

CSACS 1120 Appliance Front-Panel View

The front-panel of the CSACS 1120 Series appliance contains:

USB 2.0 port

Power button

Various LEDs (appliance and NICs)

Figure 1-4 shows the components of the front-panel.

Figure 1-4 CSACS 1120 Series Appliance Front View

The following table describes the callouts in Figure 1-4.

1

USB port

4

Hard disk drive activity LED

2

Power button

5

NIC 1 LED

3

Appliance power LED

6

NIC 2 LED


LEDs

Table 1-1 describes the LEDs located on the front-panel of the CSACS 1120 Series appliance.

Table 1-1 Front-Panel LEDs

LED
Color
State
Description

Appliance power

Green

On

Power on

Green

Blinking

Sleep (standby)

Off

Off

Power off

Hard disk drive

Green

Random blinking

Hard disk drive activity

Off

Off

No hard disk drive activity

NIC 1 and NIC 2

Green

On

NIC link, no access

Green

Blinking

LAN access


Note Since ACS does not support Sleep (standby) mode, LED for Sleep (standby) is not applicable.

CSACS 1120 Appliance Back-Panel View

The back panel of the CSACS 1120 Series appliance contains:

AC power connector

Two PS/2 connectors (video monitor and keyboard)

One serial (DB-9) connector

One video connector

Two NIC (RJ-45) ports

Two USB 2.0 ports

One PCI adapter card slot (expansion slot)

NIC LEDs

Figure 1-5 shows the components of the back panel.

Note The locations of the rack-mounting brackets are also shown on the left and right sides of the appliance. (See Rack-Mounting Configuration Guidelines, page 3-1 for instructions on how to install the mounting brackets.)

Figure 1-5 CSACS 1120 Series Appliance Rear View

The following table describes the callouts in Figure 1-5

.

1

AC power receptacle

7

NIC 2 port LED (activity)

2

PS/2 connector (video monitor)

8

NIC 2 port LED (link)

3

PS/2 connector (keyboard)

9

Two USB 2.0 ports

4

Serial (EIA/TIA-232) console port

10

NIC 1 port (10/100/1000 Mb/s) or Ethernet 0

5

Video Graphics Array (VGA) port

11

PCI adapter card slot (expansion)

6

NIC 2 (10/100/1000 Mb/s) port or Ethernet 1

 

Note ACS must use only the NIC 1 port on the appliance. Using NIC 2 may lead to software configuration problems.

LEDs

The back panel of the CSACS 1120 Series appliance contains LEDs that indicate the connection activity and speed of the NIC ports. Figure 1-6 shows these LEDs.

Figure 1-6 NIC 1 and NIC 2 LEDs

Table 1-2 describes the activity and connection speed associated with each LED state.

Table 1-2 NIC 1 and NIC 2 LEDs

LED
Color
State
Description

Left (1)

Off

No network connection

Amber

Solid

Network connection

Amber

Blinking

Transmit/receive activity

Right (2)

Off

10-Mb/s connection (if left LED is on or blinking)

Amber

Solid

1000-Mb/s connection

Green

Solid

100-Mb/s (or 1-Gb/s) connection


Input/Output Ports and Connectors

The back panel of the CSACS 1120 Series appliance supports the following types of I/O connectors:

Ethernet

Serial

Video monitor

Keyboard

Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables. Statement 1021

Ethernet Port (NIC 1 and NIC 2)

The CSACS 1120 Series appliance comes with two integrated dual-port Ethernet controllers. These controllers provide an interface for connecting to 10-Mb/s, 100-Mb/s, or 1000-Mb/s networks and provide full-duplex (FDX) capability, which enables simultaneous transmission and reception of data on the Ethernet LAN.

To access the Ethernet port, connect a Category 3, 4, 5, 5E, or 6 unshielded twisted-pair (UTP) cable to the RJ-45 connector on the back of the appliance.

Table 1-3 describes the UTP cable Categories.

Table 1-3 Ethernet Cabling Guidelines

Type
Description

10BASE-T

EIA Categories 3, 4, or 5 UTP (2 or 4 pair) up to 328 ft (100 m)

100BASE-TX

EIA Category 5 UTP (2 pair) up to 328 ft (100 m)

1000BASE-T

EIA Category 6 UTP (recommended), Category 5E UTP or 5 UTP (2 pair) up to 328 ft (100 m)


Ethernet Port Connector

Figure 1-7 shows the Ethernet RJ-45 port and plug.

Figure 1-7 RJ-45 Port and Plug

Table 1-4 lists and describes the RJ-45 pin signals used on the connector.

Table 1-4 Ethernet Port Pinout

Ethernet Port Pin
Signal
Description

1

TxD+

Transmit data +

2

TxD-

Transmit data -

3

RxD+

Receive data +

4

Termination network

No connection

5

Termination network

No connection

6

RxD-

Receive data -

7

Termination network

No connection

8

Termination network

No connection


Serial (Console) Port

The CSACS 1120 Series appliance has one standard serial (console) port. Use the configuration or setup utility program to change the port address assignments.

Note The configuration or setup utility program is located in the CSACS 1120 Series appliance ROM and can be accessed through the serial (console) port.

Serial (Console) Port Connector

The CSACS 1120 Series appliance has one serial port connector located on the back panel of the appliance.

Figure 1-8 shows the pin number assignments for the 9-pin, male D-shell serial port connector located on the back panel of the appliance. These pin number assignments conform to industry standards.

Figure 1-8 Serial Port Connector

Table 1-5 lists and describes the serial (console) port pinout.

Table 1-5 DB-9 Serial (Console) Port Pinout

Serial Port Pin
Signal
Description

1

DCD

Carrier Detect

2

DSR

Data Set Ready

3

RXD

Receive Data

4

RTS

Request To Send

5

TXD

Transmit Data

6

CTS

Clear To Send

7

DTR

Data Terminal Ready

8

RI

Ring Indicator

9

GND

Ground


Environmental Monitoring

The CSACS 1120 Series appliance has protection circuits that monitor and detect overcurrent, overvoltage, and overtemperature conditions inside the appliance. If the power supply shuts down, or latches off, an AC cycle switches off for 15 seconds and switches on for 1 second to reset the power supply.

This section contains:

Overcurrent Protection (OCP)

Overvoltage Protection (OVP)

Overtemperature Protection (OTP)

Overcurrent Protection (OCP)

The power supply shuts down and latches off after an overcurrent condition occurs. This latch is cleared by an AC power interruption.

Note The power supply will not be damaged from repeated power cycling.

Overvoltage Protection (OVP)

The power supply shuts down and latches off after an overvoltage condition occurs. This latch is cleared by an AC power interruption.

Overtemperature Protection (OTP)

The power supply is protected against overtemperature conditions caused by the loss of fan cooling or excessive ambient temperature. In an OTP condition, the power supply will shut down. When the power supply temperature drops to the rated safety limit, the power supply restores power automatically.

Regulatory Compliance

For regulatory compliance and safety information, see Regulatory Compliance and Safety Information for the Cisco 1120 Secure Access Control Server 4.2. This document is available online at Cisco.com:

For more information, see Obtaining Documentation and Submitting a Service Request, page -xv.