Cisco Secure Access Control Server vv2.0

Course details

This course teaches you how to provide secure access to your network using the Cisco® Secure Access Control Server (ACS) and to monitor and generate reports with ACS View. You will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication, to restrict user access to networks, services, and devices; authorization, to restrict the functions users can perform on services and devices; and accounting, to track the activities of users. The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed restrictions. The course includes hands-on labs to provide personal experience in configuring the Cisco ACS and ACS View and Cisco network devices.

Target Audience

This course is for network administrators, network operators, and system administrators responsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities.

Objectives

Describe the importance of network access security needs and challenges associated with a network

Understand the features, functions, and benefits of the Cisco Secure ACS and ACS View

Integrate Cisco Secure ACS with external user databases, such as Windows Active Directory

Configure Cisco Secure ACS and Cisco IOS® Software to implement AAA features for Education Data Sheet

Effectively use Cisco Secure ACS to:

Control access to the network and to network services by remote VPN, wireless, or wired users

Control the authority to perform specific functions

Record and audit the activity of users on the network and on services

Effectively use Cisco Secure ACS View to:

Collect and consolidate ACS server logs and configuration data

Generate access, system, and entitlement reports as well as custom and favorite reports

Schedule (dialy/weekly/monthly) reports in HTML, PDF, and CSV formats

Monitor ACS system health

Create real-time thresholds on specified conditions and monitor/forward alerts

Prerequisites

Understanding of TCP/IP networking

AAA security concepts and terminology

Basic understanding of security challenges facing networks

Basic Microsoft Windows system administration

Basic Cisco IOS Software router and switch configuration (CCNA® certifications equivalent)

Basic Cisco ASA (Adaptive Security Appliance 5500) or VPN concentrator configuration

Internet Web browser use

Course Outline

Module 1: Introduction

Access Control in the Network

AAA Concepts/Technology

Cisco Secure ACS/ACS View Product Overviews

Module 2: Getting Started

ACS Server Installation and Initial Configuration

ACS View Installation and Initial Configuration

Module 3: Network Access Scenarios

Remote VPN Access Scenarios

Wired/Wireless 802.1x Scenario

Module 4: Device Administration Scenarios

Securing Device Administration using Network Access Restrictions (NAR) Education Data Sheet

Securing Device Administration Using Privilege Levels and CLI View

Securing Device Administration Using Command Authorization Sets

Module 5: Other Deployment Topics

Scalability and Performance

Database Replication

Lab Outline

The lab outline is as follows:

Module 2: Getting Started

Lab 2-1: ACS Windows Installation and ACS View Appliance Setup

Lab 2-2: Administering the ACS Windows Server

Lab 2-3: Administering the ACS View Server

Module 3: Network Access Scenarios

Lab 3-1: Network Conguration (RADIUS)

Lab 3-2: Remote Access (VPN) Profile

Lab 3-3: Network Configuration (802.1x)

Lab 3-4’ Wired/Wireless 802.1x Profile

Module 4: Device Administration Scenarios

Lab 4-1: Network Conguration (TACACS+)

Lab 4-2: Network Access Restrictions

Lab 4-3: Command Authorization Sets