Implementing Cisco Secure Access Control Systems


Introduction

This course teaches students how to provide secure access to network resource by using the Cisco Secure Access Control System (ACS) v5.2, which interoperates with security features in Cisco IOS Software.

Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication (identify users and devices in order to control access to the network, services and devices), authorization (restricting the functions that the user can perform on services and devices) and accounting (to track the activities of users) the RADIUS, TACACS+, Extensible Authentication Protocol (EAP and IEEE 802.1X protocols are discussed in theory and practice as the basis of network security Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed control objectives. This course includes hands-on labs to provide direct experience in configuring Cisco ACS and Cisco network devices.

Summary
Duration – 3 Days hands-on training
Vendor – Cisco
Audience – Network Engineers
Level – Advance
Technology – Cisco ACS
Category – Borderless Networking / Security
Delivery Method -Instructor-led (Classroom)
Training Credits / Vouchers – Cisco Learning Credits Accepted

Course Content

1. Course Introduction

  • Overview
  • Learner Skills and Knowledge
  • Course Goal and Objectives
  • Course Flow

2. Identity Management Solution Overview

  • Reviewing Identity Management
  • Understanding Borderless Security

3. Product Overview and Initial Configuration

  • Reviewing RADIUS and TACACS+
  • Reviewing Cisco Secure ACS v5.2
  • Installing Cisco Secure ACS v5.2
  • Understanding Cisco Secure ACS Attributer and Dictionaries
  • Adding Network Devices to Cisco Secure ACS
  • Configuring Identity Stores and Identity Sequence

4. Advanced Cisco Secure ACS Configuration and Device Management

  • Configuring LDAP with External Identity Store
  • Configuring Active Directory with External Identity Store
  • Configuring Authentication, Authorization and Accounting with TACACS+
  • Understanding Cisco Secure ACS and Certification Authority
  • Monitoring, Reporting and Troubleshooting

5. IEEE 802.1X with Cisco Secure ACS v5.2

  • Introducing IEEE 802.1X
  • Reviewing IEEE 802.1X Policy Elements (RADIUS)
  • Configuring IEEE 802.1X and Windows XP, Vista and 7
  • Configuring IEEE 802.1X with Cisco Secure Services Client (SSC)
  • Using IEEE 802.1X Port-Based Authentication
  • Troubleshooting IEEE 802.1X

6. System Operations

  • Configuring Distributed Deployment
  • Configuring Cisco Secure ACS System Administration Features

Prerequisites

The knowledge and skills that a learner must have before attending this course is as follows:

  • CCNA Security certification or the equivalent in knowledge and experience
  • Working knowledge of the Microsoft Windows operating system
  • Cisco IOS Network Security

Cisco learning offerings that will enable you to meet the prescribed prerequisites:

  • Interconnecting Cisco Networking Devices, Part 1 (CI-ICND1)
  • Interconnecting Cisco Networking Devices, Part (CI-ICND2)
  • Implementing Cisco IOS Network Security (CI-IINS)

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe the RADIUS and TACACS+ protocols
  • Compare and contrast the various ACS solutions: ACS Express, Enterprise, ACS on VMware, Cisco Secure ACS – 1120 Series and Cisco Secure ACS – 1121
  • List the main components of Cisco Secure ACS
  • Install Cisco Secure ACS v5.2
  • Use a setup script during Cisco Secure ACS install
  • Describe how licensing works with Cisco Secure ACS
  • Understand attributes, value types and values
  • Configure the different types of AAA clients
  • Access network resources and AAA clients
  • Configure local identity store and identity store sequence
  • Understand users and identify stores
  • Configure an external identity store with LDAP
  • Describe the fundamentals of LDAP
  • Set up external identity store with Active Directory
  • Perform authenticating, command authorization and accounting with TACACS
  • Monitoring and troubleshooting Cisco Secure ACS
  • Configure and troubleshoot digital certificates self-signed by Cisco Secure ACS using local CA
  • Describe and configure IEEE 802.1X and EAP
  • Configure Cisco Secure ACS environments with IEEE 802.1X and Windows XP clients
  • Configure IEEE 802.1X for single host authentication
  • Troubleshoot IEEE 802.1X

Target Audience

This course is intended primarily for:

  • Network Professionals, including systems engineers
  • Cisco Channel Partners