|
Table Of Contents
Tested Windows Security Patches
Third-party RADIUS and TACACS+ Clients
Supported and Interoperable Devices and Software
Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS for Windows Server Version 3.3
June 28, 2007
Full Build Number: 3.3.3.11
Introduction
Because the number of devices that Cisco Secure ACS for Windows Server Version 3.3 interoperates with runs into the hundreds, this device list differs significantly from those of other Cisco products with which you may be familiar. This document lists supported devices and software, that is, those that we have tested against. However, this document also lists devices and software programs that are, to the best of our knowledge, interoperable. Of the hundreds of devices and software programs that Cisco Secure ACS for Windows Server Version 3.3 interoperates with, Cisco only officially supports those that have been tested.
For details regarding other limitations and known problems see Release Notes for Cisco Secure Access Control Server for Windows Server Version 3.3.
This document contains the following sections:
•Tested Windows Security Patches
•Third-party RADIUS and TACACS+ Clients
•Supported and Interoperable Devices and Software
Supported Operating System
Cisco Secure ACS for Windows Servers 3.3 supports the Windows operating systems listed below. Both the operating system and the service pack must be English-language versions.
•Windows 2000 Server, with Service Pack 4 installed
•Windows 2000 Advanced Server, with the following conditions:
–with Service Pack 4 installed
–without features specific to Windows 2000 Advanced Server enabled
•Windows Server 2003, Enterprise Edition with Service Pack 1 installed
•Windows Server 2003, Standard Edition with Service Pack 1 installed
Note The following restrictions apply to support for Microsoft Windows operating systems:
•We have not tested and cannot support the multi-processor feature of any supported operating system.
•We cannot support Microsoft clustering service on any supported operating system.
•Windows 2000 Datacenter Server is not a supported operating system.
When running Cisco Secure ACS on Windows Server 2003, you may encounter event messages that falsely indicate that Cisco Secure ACS services have failed. This issue is documented in bug CSCea91690.
Supported Upgrade Versions
We tested upgrading to Cisco Secure ACS for Windows Server, version 3.3, from the following previous versions:
•Cisco Secure ACS for Windows Server, version 3.2.3
•Cisco Secure ACS for Windows Server, version 3.2.2
•Cisco Secure ACS for Windows Server, version 3.2.1
•Cisco Secure ACS for Windows Server, version 3.1.2
Tested Windows Security Patches
The list of tested patches will be updated as additional patches are identified and tested.
We tested Cisco Secure ACS for Windows Server with the Windows Server 2003 patches documented in the following Microsoft Knowledge Base Articles:
We tested Cisco Secure ACS for Windows Server with the Windows 2000 Server patches documented in the following Microsoft Knowledge Base Articles:
Third-party RADIUS and TACACS+ Clients
With regard to third-party RADIUS and TACACS+ clients, Cisco Secure ACS fully interoperates with devices that adhere to the governing protocols. Support for RADIUS and TACACS+ functions depends on device-specific implementation. On a given device, TACACS+ may not be available for user authentication and authorization. Likewise, RADIUS may not be available for administrative authentication and authorization.
For RADIUS these include the following RFCs:
• RFC 2138—Remote Authentication Dial In User Service (RADIUS)
• RFC 2865—Remote Authentication Dial In User Service (RADIUS)
• RFC 2867—RADIUS Accounting for Tunnel Protocol Support
• RFC 2868—RADIUS Attributes for Tunnel Protocol Support
For details regarding the implementation of vendor-specific attributes (VSAs) see your Cisco Secure ACS user guide.
Cisco Secure ACS conforms to the TACACS+ protocol as defined by Cisco Systems in draft 1.77.
Supported and Interoperable Devices and Software
The following tables show the devices and software that Cisco Secure ACS supports or with which it interoperates:
•Table 2, Device Operating Systems
•Table 4, Access Devices/Universal Gateways
•Table 6, Content Networking Devices
•Table 7, Security and VPN Devices
•Table 8, Storage Networking Devices
•Table 10, Cisco Aironet Software (Access Points for Wireless LAN)
•Table 12, PKI/Certificate Servers
You can find information about new device support at Cisco.com, http://www.cisco.com.
To ensure full capabilities, the clients you deploy to interoperate with Cisco Secure ACS should use the most recent operating systems available. Nonetheless, Table 2, Device Operating Systems provides details on the minimum acceptable client operating system versions.
Table 1 Web Browsers1
Program Versions NotesMicrosoft Internet Explorer
Version 6.0
•Service Pack 1 for Microsoft Windows
•English Language version
•Microsoft Java Virtual Machine
Tested
Microsoft Internet Explorer
Version 6.0
•Service Pack 1 for Microsoft Windows
•English Language version
•Sun Java Plug-in 1.4.2_04
Tested
Netscape Communicator
Version 7.1 for Microsoft Windows
•English Language version
•Sun Java Plug-in 1.4.2_04
Tested
1 To use a web browser to access the Cisco Secure ACS HTML interface, you must enable both Java and JavaScript in the browser. Also, you must disable HTTP proxy in the browser.
Table 4 Access Devices/Universal Gateways
Series Notes6400 Series
RADIUS and TACACS+ interoperability
AS2600 Series
RADIUS and TACACS+ interoperability
AS5350 Series
RADIUS and TACACS+ interoperability
AS5300 Series
Tested on version 3.3.
RADIUS and TACACS+ interoperability
AS5400 Series1
Tested with IOS12.2(7c)
RADIUS and TACACS+ interoperability
AS5850 Series
RADIUS and TACACS+ interoperability
DSL Series / 6015, 6100, 6130, 6160, 6260
RADIUS and TACACS+ interoperability
MGX Series / 8220, 8250, 8800, 8950
TACACS+ interoperability
1 This series, tested on version 3.2, not retested on version 3.3.
Table 5 Cable Devices
Devices NotesuBR71001
Tested with IOS 12.2BC
RADIUS and TACACS+ interoperability
1 Tested on version 3.2, not retested on version 3.3.
Table 6 Content Networking Devices1
Series / Devices NotesCE7300 / CE 7320
Tested with ACNS 4.2
RADIUS and TACACS+ interoperability
CDM4600 / CDM4630, CDM4650
RADIUS and TACACS+ interoperability
4400 Content Routers/ CR4430
Tested with ACNS 4.2
RADIUS and TACACS+ interoperability
1 Tested on version 3.2, not retested on version 3.3.
Table 8 Storage Networking Devices
Series Devices Supported NotesMDS 9000
MDS 9216, MDS9509
RADIUS and TACACS+ interoperability
Table 10 Cisco Aironet Software (Access Points for Wireless LAN)
Series NotesAP1100
RADIUS interoperability
with IOS v12.2(15)JAAP1200
RADIUS interoperability
with IOS v12.2(15)JA
Table 13 Token Servers1
Platform Versions Client Requirement NotesActivCard Server
Version 3.1
—
—
CRYPTOCard CRYPTOAdmin
Version 5.16
—
—
PassGo Defender
Version 4.1.3
—
—
RSA ACE/Server
Version 5.1 and 5.2
RSA ACE Agent version 5.5 for Windows 2000
Tested
Safeword Premier Access
Version 3.1
—
—
Vasco Vacman Server
Version 6.0.2
—
—
1 Cisco Secure ACS uses a RADIUS interface to support all token servers, with the exception of RSA ACE/Server. For more information, see Changes to Token Server Support.
Table 15 User Databases1
Platform Version RequirementAD on Windows 2003
—
Tested
AD on Windows 2000
—
Tested with Service Pack 3
SAM on Windows 2000
—
Tested with Service Pack 3
SAM on Windows NT 4.0
—
—
LDAP
Generic
—
Novell NetWare Directory Services (NDS)
Version 6.0
Tested with Edirectory v.8.6 and Novell Client 4.83 SP2 for Windows NT 4.0, Windows 2000, and Windows XP.
Novell Client must be installed on the same Windows server as Cisco Secure ACS.
Open Database Connectivity (ODBC)-compliant relational databases
—
In addition to the Windows ODBC interface, the third-party ODBC driver must be installed on the Cisco Secure ACS Windows server
LEAP Proxy RADIUS servers
—
Tested
1 See also Table 13 Token Servers.
Table 16 Proxy Support
Platform Versions NotesCisco Secure ACS
Tested with version 3.3
Funk Steel Belted Radius
Enterprise Edition
—