Transcription
Implementing Cisco Secure Access Control SystemDuration: 3 DaysCourse Code: ACSOverview:In the Implementing Cisco Secure Access Control System (ACS) course, you will learn to provide secureaccess to network resources using the Cisco Secure Access Control System (ACS) 5.2. You'll examinehow the ACS has grown by leaps and bounds since 4.x., discover new features, and learn how the 4.xconfigurations map to 5.x configurations. You will also get a look into future ACS technologies.You will learn about the role and importance of ACS in Cisco TrustSec, whether TrustSec is deployed as an appliance-based overlay solutionor as a network-integrated 802.1x solution. You will learn about user authentication and authorization, posture assessment, device profiling,guest access, data integrity and confidentiality, centralized policy, collaborative monitoring, troubleshooting, and reporting in Cisco TrustSecsolutions.Target Audience:This course is designed for:Security professionals, architects, and engineers and network administrators responsible for securing theirnetworks to assure authorized access only by authenticated users, with accounting of their activities Cisco channel partners who sell,implement, and maintain Cisco ACS solutions Cisco ACS solutions sales engineersObjectives:Upon completing this course, the learner will be able to meetthese overall objectives:Configure an external identity store with LDAPRADIUS and TACACS protocolsFundamentals of LDAPACS solutions, including ACS Express, ACS Enterprise, ACS onVMware, and appliances such as the CSACS-1120 Series andCSACS-1121 SeriesSet up LDAP SSLSet up an external identity store with Active DirectoryMajor components of ACSPerform AAA with TACACS ACS 5.2 installation best practicesMonitor and troubleshoot ACS (AAA with TACACS )Configure the ACS from a default installLicense requirementsUsing a local certificate authority to replace digital certificatesself-signed by ACSHow attributes, value types, and predefined values are usedIntroduction to IEEE 802.1x and EAPTypes of Authentication, Authorization, and Accounting (AAA)clients and how they access network resources and other AAAclients802.1x using Windows XP, Windows 7, and AnyConnect ining@globalknowledge.ae00 971 4 446 4987
802.1x single host authenticationWork with a local identity store and identity store sequence802.1x troubleshootingUsers and identity storesPrerequisites:The knowledge and skills that a learner must have before attendingthis course are as follows:CCNA certification or the equivalent knowledge and experienceWorking knowledge of Microsoft WindowsCCNA Security certification or the equivalent knowledge andexperience is recommendedTo gain the prerequisite skills and knowledge, Cisco stronglyrecommends the knowledge of the following courses:Interconnecting Cisco Networking Devices Part 1 (ICND1)Interconnecting Cisco Networking Devices Part2 (ICND2)Implementing Cisco IOS Network Security obalknowledge.ae00 971 4 446 4987
Content:Identity Management SolutionlineIdentity Management ModelslineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with Active DirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of Authenticating Usernameswith DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS ACSlineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS andADGroup Names Differences in ACS 4.xand 5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access Serviceswww.globalknowledge.com/en-ae/lineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection Rulestraining@globalknowledge.ae00 971 4 446 4987
Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure Services Client(SSC)Configure 802.1x on the SSCConfigure 802.1x Single Host Authenticationon a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and Windows TroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationACSService Selection RulesDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem lt Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationDownloadstraining@globalknowledge.ae00 971 4 446 4987
DownloadslineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with Active DirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of Authenticating Usernameswith DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andACSlineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS andADGroup Names Differences in ACS 4.xand 5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection Ruleswww.globalknowledge.com/en-ae/lineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andIdentitytraining@globalknowledge.ae00 971 4 446 4987
IdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure Services Client(SSC)Configure 802.1x on the SSCConfigure 802.1x Single Host Authenticationon a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and Windows TroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationDownloadsProduct Overview and Initial ConfigurationlineACSDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationDownloadsMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem raining@globalknowledge.ae00 971 4 446 4987
Overview of RADIUS and TACACS lineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with Active DirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of Authenticating Usernameswith DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andACSlineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS andADGroup Names Differences in ACS 4.xand 5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andwww.globalknowledge.com/en-ae/Secure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS Viewtraining@globalknowledge.ae00 971 4 446 4987
IdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure Services Client(SSC)Configure 802.1x on the SSCConfigure 802.1x Single Host Authenticationon a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and Windows TroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationDownloadsIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem e/Monitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS AuthenticationMonitoring and Debugging TACACS AuthorizationDebugging TACACS Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital CertificatesHistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and ReportsACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem rationDownloadslineSecure Borderless Network ArchitectureIdentity-Enabled Network Use Casetraining@globalknowledge.ae00 971 4 446 4987
Secure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummaryRADIUS BasicsTACACS BasicsRADIUS vs. TACACS ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHostsLDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with Active DirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of Authenticating Usernameswith DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS and ADGroup Names Differences in ACS 4.x and5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization an
implement, and maintain Cisco ACS solutions Cisco ACS solutions sales engineers Objectives: Upon completing this course, the learner will be able to meet Configure an external identity store with LDAP these overall objectives: RADIUS and TACACS protocols Fundamentals of LDAP ACS solutions, including ACS Express, ACS Enterprise, ACS on
