implementing cisco secure access control...

ACS www.globalknowledge.com/en-ae/ [email protected] 00 971 4 446 4987

Implementing Cisco Secure Access Control System

Duration: 3 Days Course Code: ACS

Overview:

In the Implementing Cisco Secure Access Control System (ACS) course, you will learn to provide secureaccess to network resources using the Cisco Secure Access Control System (ACS) 5.2. You'll examinehow the ACS has grown by leaps and bounds since 4.x., discover new features, and learn how the 4.xconfigurations map to 5.x configurations. You will also get a look into future ACS technologies. You will learn about the role and importance of ACS in Cisco TrustSec, whether TrustSec is deployed as an appliance-based overlay solutionor as a network-integrated 802.1x solution. You will learn about user authentication and authorization, posture assessment, device profiling,guest access, data integrity and confidentiality, centralized policy, collaborative monitoring, troubleshooting, and reporting in Cisco TrustSecsolutions.

Target Audience:

This course is designed for:Security professionals, architects, and engineers and network administrators responsible for securing theirnetworks to assure authorized access only by authenticated users, with accounting of their activities Cisco channel partners who sell,implement, and maintain Cisco ACS solutions Cisco ACS solutions sales engineers

Objectives:

Upon completing this course, the learner will be able to meet Configure an external identity store with LDAPthese overall objectives:

RADIUS and TACACS+ protocolsFundamentals of LDAP

ACS solutions, including ACS Express, ACS Enterprise, ACS onVMware, and appliances such as the CSACS-1120 Series and Set up LDAP SSLCSACS-1121 Series

Set up an external identity store with Active DirectoryMajor components of ACS

Perform AAA with TACACS+ACS 5.2 installation best practices

Monitor and troubleshoot ACS (AAA with TACACS+)Configure the ACS from a default install

Using a local certificate authority to replace digital certificatesLicense requirements self-signed by ACS

How attributes, value types, and predefined values are used Introduction to IEEE 802.1x and EAP

Types of Authentication, Authorization, and Accounting (AAA) 802.1x using Windows XP, Windows 7, and AnyConnect 3.xclients and how they access network resources and other AAA supplicantsclients


802.1x single host authenticationWork with a local identity store and identity store sequence

802.1x troubleshootingUsers and identity stores

Prerequisites:

The knowledge and skills that a learner must have before attendingthis course are as follows:

CCNA certification or the equivalent knowledge and experienceWorking knowledge of Microsoft WindowsCCNA Security certification or the equivalent knowledge andexperience is recommended

To gain the prerequisite skills and knowledge, Cisco stronglyrecommends the knowledge of the following courses:

Interconnecting Cisco Networking Devices Part 1 (ICND1)Interconnecting Cisco Networking Devices Part2 (ICND2)Implementing Cisco IOS Network Security (IINS)


Content:

Identity Management Solution line line line

Identity Management Models Secure Borderless Network Architecture Secure Borderless Network ArchitectureIdentity-Enabled Network Use Case Identity-Enabled Network Use CaseSummary Summary

line RADIUS Basics RADIUS BasicsSecure Borderless Network Architecture TACACS+ Basics TACACS+ BasicsIdentity-Enabled Network Use Case RADIUS vs. TACACS+ RADIUS vs. TACACS+Summary ACS 5.2 Overview ACS 5.2 OverviewRADIUS Basics Hardware Platform Solutions Hardware Platform SolutionsTACACS+ Basics Software Platform Solutions Software Platform SolutionsRADIUS vs. TACACS+ New, Changed, and Supported Features New, Changed, and Supported FeaturesACS 5.2 Overview ACS 5.2 Installation ACS 5.2 InstallationHardware Platform Solutions Installation on the CSACS+ Series Installation on the CSACS+ SeriesSoftware Platform Solutions Appliance ApplianceNew, Changed, and Supported Features Installation with VMware ESX Server Installation with VMware ESX ServerACS 5.2 Installation Using Setup Scripts Using Setup ScriptsInstallation on the CSACS+ Series Licensing LicensingAppliance ACS Attribute Types ACS Attribute TypesInstallation with VMware ESX Server Attribute Definitions Attribute DefinitionsUsing Setup Scripts Attribute Value Types Attribute Value TypesLicensing Predefined Values Predefined ValuesACS Attribute Types Attribute Dictionaries Attribute DictionariesAttribute Definitions Attribute Aliases Attribute AliasesAttribute Value Types Availability of Attributes Based on Policy Availability of Attributes Based on PolicyPredefined Values Adding Network Devices to ACS Adding Network Devices to ACSAttribute Dictionaries Network Resources Network ResourcesAttribute Aliases Types of AAA Clients Types of AAA ClientsAvailability of Attributes Based on Policy Network Device Groups: Location Network Device Groups: LocationAdding Network Devices to ACS Network Device Groups: Device Type Network Device Groups: Device TypeNetwork Resources Network Devices and AAA Clients Network Devices and AAA ClientsTypes of AAA Clients Local Identity Store and Identity Store Local Identity Store and Identity StoreNetwork Device Groups: Location Sequence SequenceNetwork Device Groups: Device Type Users and Identity Stores Users and Identity StoresNetwork Devices and AAA Clients Internal Identity Store Internal Identity StoreLocal Identity Store and Identity Store External Identity Store External Identity StoreSequence Certificate Profile Certificate ProfileUsers and Identity Stores Internal Identity Stores Internal Identity StoresInternal Identity Store Users UsersExternal Identity Store Groups GroupsCertificate Profile Hosts Hosts Internal Identity Stores LDAP Overview LDAP OverviewUsers External Identity Stores: OpenLDAP External Identity Stores: OpenLDAPGroups Enable LDAP Diagnostics Log Enable LDAP Diagnostics LogHosts External Identity Store with Active External Identity Store with ActiveLDAP Overview Directory DirectoryExternal Identity Stores: OpenLDAP Interface with Active Directory Interface with Active DirectoryEnable LDAP Diagnostics Log DNS Considerations DNS ConsiderationsExternal Identity Store with Active Directory NTP Server Considerations NTP Server ConsiderationsInterface with Active Directory Considerations of Authenticating Considerations of AuthenticatingDNS Considerations Usernames with Domains Usernames with DomainsNTP Server Considerations Machine Access Restrictions (MAR) Machine Access Restrictions (MAR)Considerations of Authenticating Usernames Windows 2008 Compatibility and Feature Windows 2008 Compatibility and Featurewith Domains Support SupportMachine Access Restrictions (MAR) Testing Connectivity between ACS and Testing Connectivity between ACS and ADWindows 2008 Compatibility and Feature AD Group Names Differences in ACS 4.x andSupport Group Names Differences in ACS 4.x 5.xTesting Connectivity between ACS and AD and 5.x Identity Store SequencesGroup Names Differences in ACS 4.x and Identity Store Sequences PAP Authentication via Kerberos5.x PAP Authentication via Kerberos Authentication, Authorization, andIdentity Store Sequences Authentication, Authorization, and Accounting with TACACS+PAP Authentication via Kerberos Accounting with TACACS+ Shell ProfileAuthentication, Authorization, and Shell Profile Command Sets Access ServicesAccounting with TACACS+ Command Sets Access Services Service Selection Rules


Shell Profile Service Selection Rules Default Device Admin: Authorization andCommand Sets Access Services Default Device Admin: Authorization and IdentityService Selection Rules Identity Monitoring and Troubleshooting ACSDefault Device Admin: Authorization and Monitoring and Troubleshooting ACS Cisco Secure ACS ViewIdentity Cisco Secure ACS View Monitoring and Debugging RADIUSMonitoring and Troubleshooting ACS Monitoring and Debugging RADIUS AuthenticationCisco Secure ACS View Authentication Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Monitoring and Debugging RADIUS AuthorizationAuthentication Authorization Monitoring and Debugging TACACS+Monitoring and Debugging RADIUS Monitoring and Debugging TACACS+ AuthenticationAuthorization Authentication Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Monitoring and Debugging TACACS+ AuthorizationAuthentication Authorization Debugging TACACS+ Packets andMonitoring and Debugging TACACS+ Debugging TACACS+ Packets and AccountingAuthorization Accounting ACS and Certificate AuthorityDebugging TACACS+ Packets and ACS and Certificate Authority Certificate-Based AuthenticationAccounting Certificate-Based Authentication Self-Signed CertificatesACS and Certificate Authority Self-Signed Certificates Third-Party Digital Certificates Certificate-Based Authentication Third-Party Digital Certificates HistorySelf-Signed Certificates History IntroductionThird-Party Digital Certificates Introduction The PortHistory The Port EAPIntroduction EAP EAP-TLSThe Port EAP-TLS PEAPEAP PEAP 802.1x Policy Elements (RADIUS)EAP-TLS 802.1x Policy Elements (RADIUS) OverviewPEAP Overview Date and Time802.1x Policy Elements (RADIUS) Date and Time CustomOverview Custom Authorization ProfilesDate and Time Authorization Profiles Authorization: Downloadable ACLCustom Authorization: Downloadable ACL Access PoliciesAuthorization Profiles Access Policies Service Selection RulesAuthorization: Downloadable ACL Service Selection Rules Access ServicesAccess Policies Access Services IdentityService Selection Rules Identity 802.1x and Windows XPAccess Services 802.1x and Windows XP Configure 802.1xIdentity Configure 802.1x 802.1x and the Cisco Secure Services802.1x and Windows XP 802.1x and the Cisco Secure Services Client (SSC)Configure 802.1x Client (SSC) Configure 802.1x on the SSC802.1x and the Cisco Secure Services Client Configure 802.1x on the SSC Configure 802.1x Single Host(SSC) Configure 802.1x Single Host Authentication on a Cisco SwitchConfigure 802.1x on the SSC Authentication on a Cisco Switch Single Host AuthenticationConfigure 802.1x Single Host Authentication Single Host Authentication Single Host Authentication Commandson a Cisco Switch Single Host Authentication Commands Cisco Sitch 802.1x Configuration ReviewSingle Host Authentication Cisco Sitch 802.1x Configuration Review 802.1x TroubleshootingSingle Host Authentication Commands 802.1x Troubleshooting ACS, Switch, and WindowsCisco Sitch 802.1x Configuration Review ACS, Switch, and Windows Troubleshooting802.1x Troubleshooting Troubleshooting Windows XP and Switch Debug OutputACS, Switch, and Windows Troubleshooting Windows XP and Switch Debug Output ACS Monitoring and Reports Windows XP and Switch Debug Output ACS Monitoring and Reports ACS Operation ManagementACS Monitoring and Reports ACS Operation Management ACS Deployment StructureACS Operation Management ACS Deployment Structure Local OperationsACS Deployment Structure Local Operations Distributed System ManagementLocal Operations Distributed System Management Distributed Management OperationsDistributed System Management Distributed Management Operations Replication OverviewDistributed Management Operations Replication Overview Local OperationsReplication Overview Local Operations Log CollectorLocal Operations Log Collector Change PassLog Collector Change Pass ord FlowChange Pass ord Flow System Administrationord Flow System Administration AdministratorsSystem Administration Administrators UsersAdministrators Users OperationsUsers Operations ConfigurationOperations Configuration DownloadsConfiguration Downloads


Downloadsline

line Secure Borderless Network Architectureline Secure Borderless Network Architecture Identity-Enabled Network Use Case

Secure Borderless Network Architecture Identity-Enabled Network Use Case Summary Identity-Enabled Network Use Case Summary RADIUS BasicsSummary RADIUS Basics TACACS+ BasicsRADIUS Basics TACACS+ Basics RADIUS vs. TACACS+TACACS+ Basics RADIUS vs. TACACS+ ACS 5.2 OverviewRADIUS vs. TACACS+ ACS 5.2 Overview Hardware Platform SolutionsACS 5.2 Overview Hardware Platform Solutions Software Platform SolutionsHardware Platform Solutions Software Platform Solutions New, Changed, and Supported FeaturesSoftware Platform Solutions New, Changed, and Supported Features ACS 5.2 InstallationNew, Changed, and Supported Features ACS 5.2 Installation Installation on the CSACS+ SeriesACS 5.2 Installation Installation on the CSACS+ Series ApplianceInstallation on the CSACS+ Series Appliance Installation with VMware ESX ServerAppliance Installation with VMware ESX Server Using Setup ScriptsInstallation with VMware ESX Server Using Setup Scripts LicensingUsing Setup Scripts Licensing ACS Attribute TypesLicensing ACS Attribute Types Attribute DefinitionsACS Attribute Types Attribute Definitions Attribute Value TypesAttribute Definitions Attribute Value Types Predefined ValuesAttribute Value Types Predefined Values Attribute DictionariesPredefined Values Attribute Dictionaries Attribute AliasesAttribute Dictionaries Attribute Aliases Availability of Attributes Based on PolicyAttribute Aliases Availability of Attributes Based on Policy Adding Network Devices to ACSAvailability of Attributes Based on Policy Adding Network Devices to ACS Network ResourcesAdding Network Devices to ACS Network Resources Types of AAA ClientsNetwork Resources Types of AAA Clients Network Device Groups: LocationTypes of AAA Clients Network Device Groups: Location Network Device Groups: Device TypeNetwork Device Groups: Location Network Device Groups: Device Type Network Devices and AAA ClientsNetwork Device Groups: Device Type Network Devices and AAA Clients Local Identity Store and Identity StoreNetwork Devices and AAA Clients Local Identity Store and Identity Store SequenceLocal Identity Store and Identity Store Sequence Users and Identity StoresSequence Users and Identity Stores Internal Identity StoreUsers and Identity Stores Internal Identity Store External Identity StoreInternal Identity Store External Identity Store Certificate ProfileExternal Identity Store Certificate Profile Internal Identity StoresCertificate Profile Internal Identity Stores UsersInternal Identity Stores Users GroupsUsers Groups Hosts Groups Hosts LDAP OverviewHosts LDAP Overview External Identity Stores: OpenLDAPLDAP Overview External Identity Stores: OpenLDAP Enable LDAP Diagnostics LogExternal Identity Stores: OpenLDAP Enable LDAP Diagnostics Log External Identity Store with ActiveEnable LDAP Diagnostics Log External Identity Store with Active DirectoryExternal Identity Store with Active Directory Directory Interface with Active DirectoryInterface with Active Directory Interface with Active Directory DNS ConsiderationsDNS Considerations DNS Considerations NTP Server ConsiderationsNTP Server Considerations NTP Server Considerations Considerations of AuthenticatingConsiderations of Authenticating Usernames Considerations of Authenticating Usernames with Domainswith Domains Usernames with Domains Machine Access Restrictions (MAR)Machine Access Restrictions (MAR) Machine Access Restrictions (MAR) Windows 2008 Compatibility and FeatureWindows 2008 Compatibility and Feature Windows 2008 Compatibility and Feature SupportSupport Support Testing Connectivity between ACS and ADTesting Connectivity between ACS and AD Testing Connectivity between ACS and Group Names Differences in ACS 4.x andGroup Names Differences in ACS 4.x and AD 5.x5.x Group Names Differences in ACS 4.x Identity Store SequencesIdentity Store Sequences and 5.x PAP Authentication via KerberosPAP Authentication via Kerberos Identity Store Sequences Authentication, Authorization, andAuthentication, Authorization, and PAP Authentication via Kerberos Accounting with TACACS+Accounting with TACACS+ Authentication, Authorization, and Shell ProfileShell Profile Accounting with TACACS+ Command Sets Access ServicesCommand Sets Access Services Shell Profile Service Selection RulesService Selection Rules Command Sets Access Services Default Device Admin: Authorization andDefault Device Admin: Authorization and Service Selection Rules Identity


Identity Default Device Admin: Authorization and Monitoring and Troubleshooting ACSMonitoring and Troubleshooting ACS Identity Cisco Secure ACS ViewCisco Secure ACS View Monitoring and Troubleshooting ACS Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Cisco Secure ACS View AuthenticationAuthentication Monitoring and Debugging RADIUS Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Authentication AuthorizationAuthorization Monitoring and Debugging RADIUS Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Authorization AuthenticationAuthentication Monitoring and Debugging TACACS+ Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Authentication AuthorizationAuthorization Monitoring and Debugging TACACS+ Debugging TACACS+ Packets andDebugging TACACS+ Packets and Authorization AccountingAccounting Debugging TACACS+ Packets and ACS and Certificate AuthorityACS and Certificate Authority Accounting Certificate-Based AuthenticationCertificate-Based Authentication ACS and Certificate Authority Self-Signed CertificatesSelf-Signed Certificates Certificate-Based Authentication Third-Party Digital Certificates Third-Party Digital Certificates Self-Signed Certificates HistoryHistory Third-Party Digital Certificates IntroductionIntroduction History The PortThe Port Introduction EAPEAP The Port EAP-TLSEAP-TLS EAP PEAPPEAP EAP-TLS 802.1x Policy Elements (RADIUS)802.1x Policy Elements (RADIUS) PEAP OverviewOverview 802.1x Policy Elements (RADIUS) Date and TimeDate and Time Overview CustomCustom Date and Time Authorization ProfilesAuthorization Profiles Custom Authorization: Downloadable ACLAuthorization: Downloadable ACL Authorization Profiles Access PoliciesAccess Policies Authorization: Downloadable ACL Service Selection RulesService Selection Rules Access Policies Access ServicesAccess Services Service Selection Rules IdentityIdentity Access Services 802.1x and Windows XP802.1x and Windows XP Identity Configure 802.1xConfigure 802.1x 802.1x and Windows XP 802.1x and the Cisco Secure Services802.1x and the Cisco Secure Services Client Configure 802.1x Client (SSC)(SSC) 802.1x and the Cisco Secure Services Configure 802.1x on the SSCConfigure 802.1x on the SSC Client (SSC) Configure 802.1x Single HostConfigure 802.1x Single Host Authentication Configure 802.1x on the SSC Authentication on a Cisco Switchon a Cisco Switch Configure 802.1x Single Host Single Host AuthenticationSingle Host Authentication Authentication on a Cisco Switch Single Host Authentication CommandsSingle Host Authentication Commands Single Host Authentication Cisco Sitch 802.1x Configuration ReviewCisco Sitch 802.1x Configuration Review Single Host Authentication Commands 802.1x Troubleshooting802.1x Troubleshooting Cisco Sitch 802.1x Configuration Review ACS, Switch, and WindowsACS, Switch, and Windows Troubleshooting 802.1x Troubleshooting TroubleshootingWindows XP and Switch Debug Output ACS, Switch, and Windows Windows XP and Switch Debug OutputACS Monitoring and Reports Troubleshooting ACS Monitoring and Reports ACS Operation Management Windows XP and Switch Debug Output ACS Operation ManagementACS Deployment Structure ACS Monitoring and Reports ACS Deployment StructureLocal Operations ACS Operation Management Local OperationsDistributed System Management ACS Deployment Structure Distributed System ManagementDistributed Management Operations Local Operations Distributed Management OperationsReplication Overview Distributed System Management Replication OverviewLocal Operations Distributed Management Operations Local OperationsLog Collector Replication Overview Log CollectorChange Pass Local Operations Change Passord Flow Log Collector ord FlowSystem Administration Change Pass System AdministrationAdministrators ord Flow AdministratorsUsers System Administration UsersOperations Administrators OperationsConfiguration Users ConfigurationDownloads Operations Downloads

ConfigurationProduct Overview and Initial Configuration Downloadsline line


Overview of RADIUS and TACACS+ Secure Borderless Network Architectureline Identity-Enabled Network Use Case

Secure Borderless Network Architecture Summary line Identity-Enabled Network Use Case RADIUS Basics

Secure Borderless Network Architecture Summary TACACS+ BasicsIdentity-Enabled Network Use Case RADIUS Basics RADIUS vs. TACACS+Summary TACACS+ Basics ACS 5.2 OverviewRADIUS Basics RADIUS vs. TACACS+ Hardware Platform SolutionsTACACS+ Basics ACS 5.2 Overview Software Platform SolutionsRADIUS vs. TACACS+ Hardware Platform Solutions New, Changed, and Supported FeaturesACS 5.2 Overview Software Platform Solutions ACS 5.2 InstallationHardware Platform Solutions New, Changed, and Supported Features Installation on the CSACS+ SeriesSoftware Platform Solutions ACS 5.2 Installation ApplianceNew, Changed, and Supported Features Installation on the CSACS+ Series Installation with VMware ESX ServerACS 5.2 Installation Appliance Using Setup ScriptsInstallation on the CSACS+ Series Installation with VMware ESX Server LicensingAppliance Using Setup Scripts ACS Attribute TypesInstallation with VMware ESX Server Licensing Attribute DefinitionsUsing Setup Scripts ACS Attribute Types Attribute Value TypesLicensing Attribute Definitions Predefined ValuesACS Attribute Types Attribute Value Types Attribute DictionariesAttribute Definitions Predefined Values Attribute AliasesAttribute Value Types Attribute Dictionaries Availability of Attributes Based on PolicyPredefined Values Attribute Aliases Adding Network Devices to ACSAttribute Dictionaries Availability of Attributes Based on Policy Network ResourcesAttribute Aliases Adding Network Devices to ACS Types of AAA ClientsAvailability of Attributes Based on Policy Network Resources Network Device Groups: LocationAdding Network Devices to ACS Types of AAA Clients Network Device Groups: Device TypeNetwork Resources Network Device Groups: Location Network Devices and AAA ClientsTypes of AAA Clients Network Device Groups: Device Type Local Identity Store and Identity StoreNetwork Device Groups: Location Network Devices and AAA Clients SequenceNetwork Device Groups: Device Type Local Identity Store and Identity Store Users and Identity StoresNetwork Devices and AAA Clients Sequence Internal Identity StoreLocal Identity Store and Identity Store Users and Identity Stores External Identity StoreSequence Internal Identity Store Certificate ProfileUsers and Identity Stores External Identity Store Internal Identity StoresInternal Identity Store Certificate Profile UsersExternal Identity Store Internal Identity Stores GroupsCertificate Profile Users Hosts Internal Identity Stores Groups LDAP OverviewUsers Hosts External Identity Stores: OpenLDAPGroups LDAP Overview Enable LDAP Diagnostics LogHosts External Identity Stores: OpenLDAP External Identity Store with ActiveLDAP Overview Enable LDAP Diagnostics Log DirectoryExternal Identity Stores: OpenLDAP External Identity Store with Active Interface with Active DirectoryEnable LDAP Diagnostics Log Directory DNS ConsiderationsExternal Identity Store with Active Directory Interface with Active Directory NTP Server ConsiderationsInterface with Active Directory DNS Considerations Considerations of AuthenticatingDNS Considerations NTP Server Considerations Usernames with DomainsNTP Server Considerations Considerations of Authenticating Machine Access Restrictions (MAR)Considerations of Authenticating Usernames Usernames with Domains Windows 2008 Compatibility and Featurewith Domains Machine Access Restrictions (MAR) SupportMachine Access Restrictions (MAR) Windows 2008 Compatibility and Feature Testing Connectivity between ACS and ADWindows 2008 Compatibility and Feature Support Group Names Differences in ACS 4.x andSupport Testing Connectivity between ACS and 5.xTesting Connectivity between ACS and AD AD Identity Store SequencesGroup Names Differences in ACS 4.x and Group Names Differences in ACS 4.x PAP Authentication via Kerberos5.x and 5.x Authentication, Authorization, andIdentity Store Sequences Identity Store Sequences Accounting with TACACS+PAP Authentication via Kerberos PAP Authentication via Kerberos Shell ProfileAuthentication, Authorization, and Authentication, Authorization, and Command Sets Access ServicesAccounting with TACACS+ Accounting with TACACS+ Service Selection RulesShell Profile Shell Profile Default Device Admin: Authorization andCommand Sets Access Services Command Sets Access Services IdentityService Selection Rules Service Selection Rules Monitoring and Troubleshooting ACSDefault Device Admin: Authorization and Default Device Admin: Authorization and Cisco Secure ACS View


Identity Identity Monitoring and Debugging RADIUSMonitoring and Troubleshooting ACS Monitoring and Troubleshooting ACS AuthenticationCisco Secure ACS View Cisco Secure ACS View Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Monitoring and Debugging RADIUS AuthorizationAuthentication Authentication Monitoring and Debugging TACACS+Monitoring and Debugging RADIUS Monitoring and Debugging RADIUS AuthenticationAuthorization Authorization Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Monitoring and Debugging TACACS+ AuthorizationAuthentication Authentication Debugging TACACS+ Packets andMonitoring and Debugging TACACS+ Monitoring and Debugging TACACS+ AccountingAuthorization Authorization ACS and Certificate AuthorityDebugging TACACS+ Packets and Debugging TACACS+ Packets and Certificate-Based AuthenticationAccounting Accounting Self-Signed CertificatesACS and Certificate Authority ACS and Certificate Authority Third-Party Digital Certificates Certificate-Based Authentication Certificate-Based Authentication HistorySelf-Signed Certificates Self-Signed Certificates IntroductionThird-Party Digital Certificates Third-Party Digital Certificates The PortHistory History EAPIntroduction Introduction EAP-TLSThe Port The Port PEAPEAP EAP 802.1x Policy Elements (RADIUS)EAP-TLS EAP-TLS OverviewPEAP PEAP Date and Time802.1x Policy Elements (RADIUS) 802.1x Policy Elements (RADIUS) CustomOverview Overview Authorization ProfilesDate and Time Date and Time Authorization: Downloadable ACLCustom Custom Access PoliciesAuthorization Profiles Authorization Profiles Service Selection RulesAuthorization: Downloadable ACL Authorization: Downloadable ACL Access ServicesAccess Policies Access Policies IdentityService Selection Rules Service Selection Rules 802.1x and Windows XPAccess Services Access Services Configure 802.1xIdentity Identity 802.1x and the Cisco Secure Services802.1x and Windows XP 802.1x and Windows XP Client (SSC)Configure 802.1x Configure 802.1x Configure 802.1x on the SSC802.1x and the Cisco Secure Services Client 802.1x and the Cisco Secure Services Configure 802.1x Single Host(SSC) Client (SSC) Authentication on a Cisco SwitchConfigure 802.1x on the SSC Configure 802.1x on the SSC Single Host AuthenticationConfigure 802.1x Single Host Authentication Configure 802.1x Single Host Single Host Authentication Commandson a Cisco Switch Authentication on a Cisco Switch Cisco Sitch 802.1x Configuration ReviewSingle Host Authentication Single Host Authentication 802.1x TroubleshootingSingle Host Authentication Commands Single Host Authentication Commands ACS, Switch, and WindowsCisco Sitch 802.1x Configuration Review Cisco Sitch 802.1x Configuration Review Troubleshooting802.1x Troubleshooting 802.1x Troubleshooting Windows XP and Switch Debug OutputACS, Switch, and Windows Troubleshooting ACS, Switch, and Windows ACS Monitoring and Reports Windows XP and Switch Debug Output Troubleshooting ACS Operation ManagementACS Monitoring and Reports Windows XP and Switch Debug Output ACS Deployment StructureACS Operation Management ACS Monitoring and Reports Local OperationsACS Deployment Structure ACS Operation Management Distributed System ManagementLocal Operations ACS Deployment Structure Distributed Management OperationsDistributed System Management Local Operations Replication OverviewDistributed Management Operations Distributed System Management Local OperationsReplication Overview Distributed Management Operations Log CollectorLocal Operations Replication Overview Change PassLog Collector Local Operations ord FlowChange Pass Log Collector System Administrationord Flow Change Pass AdministratorsSystem Administration ord Flow UsersAdministrators System Administration OperationsUsers Administrators ConfigurationOperations Users DownloadsConfiguration OperationsDownloads Configuration

Downloads lineSecure Borderless Network Architecture

line Identity-Enabled Network Use Case


Secure Borderless Network Architecture line Summary Identity-Enabled Network Use Case Secure Borderless Network Architecture RADIUS BasicsSummary Identity-Enabled Network Use Case TACACS+ BasicsRADIUS Basics Summary RADIUS vs. TACACS+TACACS+ Basics RADIUS Basics ACS 5.2 OverviewRADIUS vs. TACACS+ TACACS+ Basics Hardware Platform SolutionsACS 5.2 Overview RADIUS vs. TACACS+ Software Platform SolutionsHardware Platform Solutions ACS 5.2 Overview New, Changed, and Supported FeaturesSoftware Platform Solutions Hardware Platform Solutions ACS 5.2 InstallationNew, Changed, and Supported Features Software Platform Solutions Installation on the CSACS+ SeriesACS 5.2 Installation New, Changed, and Supported Features ApplianceInstallation on the CSACS+ Series ACS 5.2 Installation Installation with VMware ESX ServerAppliance Installation on the CSACS+ Series Using Setup ScriptsInstallation with VMware ESX Server Appliance LicensingUsing Setup Scripts Installation with VMware ESX Server ACS Attribute TypesLicensing Using Setup Scripts Attribute DefinitionsACS Attribute Types Licensing Attribute Value TypesAttribute Definitions ACS Attribute Types Predefined ValuesAttribute Value Types Attribute Definitions Attribute DictionariesPredefined Values Attribute Value Types Attribute AliasesAttribute Dictionaries Predefined Values Availability of Attributes Based on PolicyAttribute Aliases Attribute Dictionaries Adding Network Devices to ACSAvailability of Attributes Based on Policy Attribute Aliases Network ResourcesAdding Network Devices to ACS Availability of Attributes Based on Policy Types of AAA ClientsNetwork Resources Adding Network Devices to ACS Network Device Groups: LocationTypes of AAA Clients Network Resources Network Device Groups: Device TypeNetwork Device Groups: Location Types of AAA Clients Network Devices and AAA ClientsNetwork Device Groups: Device Type Network Device Groups: Location Local Identity Store and Identity StoreNetwork Devices and AAA Clients Network Device Groups: Device Type SequenceLocal Identity Store and Identity Store Network Devices and AAA Clients Users and Identity StoresSequence Local Identity Store and Identity Store Internal Identity StoreUsers and Identity Stores Sequence External Identity StoreInternal Identity Store Users and Identity Stores Certificate ProfileExternal Identity Store Internal Identity Store Internal Identity StoresCertificate Profile External Identity Store UsersInternal Identity Stores Certificate Profile GroupsUsers Internal Identity Stores Hosts Groups Users LDAP OverviewHosts Groups External Identity Stores: OpenLDAPLDAP Overview Hosts Enable LDAP Diagnostics LogExternal Identity Stores: OpenLDAP LDAP Overview External Identity Store with ActiveEnable LDAP Diagnostics Log External Identity Stores: OpenLDAP DirectoryExternal Identity Store with Active Directory Enable LDAP Diagnostics Log Interface with Active DirectoryInterface with Active Directory External Identity Store with Active DNS ConsiderationsDNS Considerations Directory NTP Server ConsiderationsNTP Server Considerations Interface with Active Directory Considerations of AuthenticatingConsiderations of Authenticating Usernames DNS Considerations Usernames with Domainswith Domains NTP Server Considerations Machine Access Restrictions (MAR)Machine Access Restrictions (MAR) Considerations of Authenticating Windows 2008 Compatibility and FeatureWindows 2008 Compatibility and Feature Usernames with Domains SupportSupport Machine Access Restrictions (MAR) Testing Connectivity between ACS and ADTesting Connectivity between ACS and AD Windows 2008 Compatibility and Feature Group Names Differences in ACS 4.x andGroup Names Differences in ACS 4.x and Support 5.x5.x Testing Connectivity between ACS and Identity Store SequencesIdentity Store Sequences AD PAP Authentication via KerberosPAP Authentication via Kerberos Group Names Differences in ACS 4.x Authentication, Authorization, andAuthentication, Authorization, and and 5.x Accounting with TACACS+Accounting with TACACS+ Identity Store Sequences Shell ProfileShell Profile PAP Authentication via Kerberos Command Sets Access ServicesCommand Sets Access Services Authentication, Authorization, and Service Selection RulesService Selection Rules Accounting with TACACS+ Default Device Admin: Authorization andDefault Device Admin: Authorization and Shell Profile IdentityIdentity Command Sets Access Services Monitoring and Troubleshooting ACSMonitoring and Troubleshooting ACS Service Selection Rules Cisco Secure ACS ViewCisco Secure ACS View Default Device Admin: Authorization and Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Identity Authentication


Authentication Monitoring and Troubleshooting ACS Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Cisco Secure ACS View AuthorizationAuthorization Monitoring and Debugging RADIUS Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Authentication AuthenticationAuthentication Monitoring and Debugging RADIUS Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Authorization AuthorizationAuthorization Monitoring and Debugging TACACS+ Debugging TACACS+ Packets andDebugging TACACS+ Packets and Authentication AccountingAccounting Monitoring and Debugging TACACS+ ACS and Certificate AuthorityACS and Certificate Authority Authorization Certificate-Based AuthenticationCertificate-Based Authentication Debugging TACACS+ Packets and Self-Signed CertificatesSelf-Signed Certificates Accounting Third-Party Digital Certificates Third-Party Digital Certificates ACS and Certificate Authority HistoryHistory Certificate-Based Authentication IntroductionIntroduction Self-Signed Certificates The PortThe Port Third-Party Digital Certificates EAPEAP History EAP-TLSEAP-TLS Introduction PEAPPEAP The Port 802.1x Policy Elements (RADIUS)802.1x Policy Elements (RADIUS) EAP OverviewOverview EAP-TLS Date and TimeDate and Time PEAP CustomCustom 802.1x Policy Elements (RADIUS) Authorization ProfilesAuthorization Profiles Overview Authorization: Downloadable ACLAuthorization: Downloadable ACL Date and Time Access PoliciesAccess Policies Custom Service Selection RulesService Selection Rules Authorization Profiles Access ServicesAccess Services Authorization: Downloadable ACL IdentityIdentity Access Policies 802.1x and Windows XP802.1x and Windows XP Service Selection Rules Configure 802.1xConfigure 802.1x Access Services 802.1x and the Cisco Secure Services802.1x and the Cisco Secure Services Client Identity Client (SSC)(SSC) 802.1x and Windows XP Configure 802.1x on the SSCConfigure 802.1x on the SSC Configure 802.1x Configure 802.1x Single HostConfigure 802.1x Single Host Authentication 802.1x and the Cisco Secure Services Authentication on a Cisco Switchon a Cisco Switch Client (SSC) Single Host AuthenticationSingle Host Authentication Configure 802.1x on the SSC Single Host Authentication CommandsSingle Host Authentication Commands Configure 802.1x Single Host Cisco Sitch 802.1x Configuration ReviewCisco Sitch 802.1x Configuration Review Authentication on a Cisco Switch 802.1x Troubleshooting802.1x Troubleshooting Single Host Authentication ACS, Switch, and WindowsACS, Switch, and Windows Troubleshooting Single Host Authentication Commands TroubleshootingWindows XP and Switch Debug Output Cisco Sitch 802.1x Configuration Review Windows XP and Switch Debug OutputACS Monitoring and Reports 802.1x Troubleshooting ACS Monitoring and Reports ACS Operation Management ACS, Switch, and Windows ACS Operation ManagementACS Deployment Structure Troubleshooting ACS Deployment StructureLocal Operations Windows XP and Switch Debug Output Local OperationsDistributed System Management ACS Monitoring and Reports Distributed System ManagementDistributed Management Operations ACS Operation Management Distributed Management OperationsReplication Overview ACS Deployment Structure Replication OverviewLocal Operations Local Operations Local OperationsLog Collector Distributed System Management Log CollectorChange Pass Distributed Management Operations Change Passord Flow Replication Overview ord FlowSystem Administration Local Operations System AdministrationAdministrators Log Collector AdministratorsUsers Change Pass UsersOperations ord Flow OperationsConfiguration System Administration ConfigurationDownloads Administrators Downloads

UsersOperations

line Configuration lineSecure Borderless Network Architecture Downloads Secure Borderless Network ArchitectureIdentity-Enabled Network Use Case Identity-Enabled Network Use CaseSummary Summary RADIUS Basics line RADIUS Basics


TACACS+ Basics Secure Borderless Network Architecture TACACS+ BasicsRADIUS vs. TACACS+ Identity-Enabled Network Use Case RADIUS vs. TACACS+ACS 5.2 Overview Summary ACS 5.2 OverviewHardware Platform Solutions RADIUS Basics Hardware Platform SolutionsSoftware Platform Solutions TACACS+ Basics Software Platform SolutionsNew, Changed, and Supported Features RADIUS vs. TACACS+ New, Changed, and Supported FeaturesACS 5.2 Installation ACS 5.2 Overview ACS 5.2 InstallationInstallation on the CSACS+ Series Hardware Platform Solutions Installation on the CSACS+ SeriesAppliance Software Platform Solutions ApplianceInstallation with VMware ESX Server New, Changed, and Supported Features Installation with VMware ESX ServerUsing Setup Scripts ACS 5.2 Installation Using Setup ScriptsLicensing Installation on the CSACS+ Series LicensingACS Attribute Types Appliance ACS Attribute TypesAttribute Definitions Installation with VMware ESX Server Attribute DefinitionsAttribute Value Types Using Setup Scripts Attribute Value TypesPredefined Values Licensing Predefined ValuesAttribute Dictionaries ACS Attribute Types Attribute DictionariesAttribute Aliases Attribute Definitions Attribute AliasesAvailability of Attributes Based on Policy Attribute Value Types Availability of Attributes Based on PolicyAdding Network Devices to ACS Predefined Values Adding Network Devices to ACSNetwork Resources Attribute Dictionaries Network ResourcesTypes of AAA Clients Attribute Aliases Types of AAA ClientsNetwork Device Groups: Location Availability of Attributes Based on Policy Network Device Groups: LocationNetwork Device Groups: Device Type Adding Network Devices to ACS Network Device Groups: Device TypeNetwork Devices and AAA Clients Network Resources Network Devices and AAA ClientsLocal Identity Store and Identity Store Types of AAA Clients Local Identity Store and Identity StoreSequence Network Device Groups: Location SequenceUsers and Identity Stores Network Device Groups: Device Type Users and Identity StoresInternal Identity Store Network Devices and AAA Clients Internal Identity StoreExternal Identity Store Local Identity Store and Identity Store External Identity StoreCertificate Profile Sequence Certificate ProfileInternal Identity Stores Users and Identity Stores Internal Identity StoresUsers Internal Identity Store UsersGroups External Identity Store GroupsHosts Certificate Profile Hosts LDAP Overview Internal Identity Stores LDAP OverviewExternal Identity Stores: OpenLDAP Users External Identity Stores: OpenLDAPEnable LDAP Diagnostics Log Groups Enable LDAP Diagnostics LogExternal Identity Store with Active Directory Hosts External Identity Store with ActiveInterface with Active Directory LDAP Overview DirectoryDNS Considerations External Identity Stores: OpenLDAP Interface with Active DirectoryNTP Server Considerations Enable LDAP Diagnostics Log DNS ConsiderationsConsiderations of Authenticating Usernames External Identity Store with Active NTP Server Considerationswith Domains Directory Considerations of AuthenticatingMachine Access Restrictions (MAR) Interface with Active Directory Usernames with DomainsWindows 2008 Compatibility and Feature DNS Considerations Machine Access Restrictions (MAR)Support NTP Server Considerations Windows 2008 Compatibility and FeatureTesting Connectivity between ACS and AD Considerations of Authenticating SupportGroup Names Differences in ACS 4.x and Usernames with Domains Testing Connectivity between ACS and AD5.x Machine Access Restrictions (MAR) Group Names Differences in ACS 4.x andIdentity Store Sequences Windows 2008 Compatibility and Feature 5.xPAP Authentication via Kerberos Support Identity Store SequencesAuthentication, Authorization, and Testing Connectivity between ACS and PAP Authentication via KerberosAccounting with TACACS+ AD Authentication, Authorization, andShell Profile Group Names Differences in ACS 4.x Accounting with TACACS+Command Sets Access Services and 5.x Shell ProfileService Selection Rules Identity Store Sequences Command Sets Access ServicesDefault Device Admin: Authorization and PAP Authentication via Kerberos Service Selection RulesIdentity Authentication, Authorization, and Default Device Admin: Authorization andMonitoring and Troubleshooting ACS Accounting with TACACS+ IdentityCisco Secure ACS View Shell Profile Monitoring and Troubleshooting ACSMonitoring and Debugging RADIUS Command Sets Access Services Cisco Secure ACS ViewAuthentication Service Selection Rules Monitoring and Debugging RADIUSMonitoring and Debugging RADIUS Default Device Admin: Authorization and AuthenticationAuthorization Identity Monitoring and Debugging RADIUSMonitoring and Debugging TACACS+ Monitoring and Troubleshooting ACS Authorization


Authentication Cisco Secure ACS View Monitoring and Debugging TACACS+Monitoring and Debugging TACACS+ Monitoring and Debugging RADIUS AuthenticationAuthorization Authentication Monitoring and Debugging TACACS+Debugging TACACS+ Packets and Monitoring and Debugging RADIUS AuthorizationAccounting Authorization Debugging TACACS+ Packets andACS and Certificate Authority Monitoring and Debugging TACACS+ AccountingCertificate-Based Authentication Authentication ACS and Certificate AuthoritySelf-Signed Certificates Monitoring and Debugging TACACS+ Certificate-Based AuthenticationThird-Party Digital Certificates Authorization Self-Signed CertificatesHistory Debugging TACACS+ Packets and Third-Party Digital Certificates Introduction Accounting HistoryThe Port ACS and Certificate Authority IntroductionEAP Certificate-Based Authentication The PortEAP-TLS Self-Signed Certificates EAPPEAP Third-Party Digital Certificates EAP-TLS802.1x Policy Elements (RADIUS) History PEAPOverview Introduction 802.1x Policy Elements (RADIUS)Date and Time The Port OverviewCustom EAP Date and TimeAuthorization Profiles EAP-TLS CustomAuthorization: Downloadable ACL PEAP Authorization ProfilesAccess Policies 802.1x Policy Elements (RADIUS) Authorization: Downloadable ACLService Selection Rules Overview Access PoliciesAccess Services Date and Time Service Selection RulesIdentity Custom Access Services802.1x and Windows XP Authorization Profiles IdentityConfigure 802.1x Authorization: Downloadable ACL 802.1x and Windows XP802.1x and the Cisco Secure Services Client Access Policies Configure 802.1x(SSC) Service Selection Rules 802.1x and the Cisco Secure ServicesConfigure 802.1x on the SSC Access Services Client (SSC)Configure 802.1x Single Host Authentication Identity Configure 802.1x on the SSCon a Cisco Switch 802.1x and Windows XP Configure 802.1x Single HostSingle Host Authentication Configure 802.1x Authentication on a Cisco SwitchSingle Host Authentication Commands 802.1x and the Cisco Secure Services Single Host AuthenticationCisco Sitch 802.1x Configuration Review Client (SSC) Single Host Authentication Commands802.1x Troubleshooting Configure 802.1x on the SSC Cisco Sitch 802.1x Configuration ReviewACS, Switch, and Windows Troubleshooting Configure 802.1x Single Host 802.1x TroubleshootingWindows XP and Switch Debug Output Authentication on a Cisco Switch ACS, Switch, and WindowsACS Monitoring and Reports Single Host Authentication TroubleshootingACS Operation Management Single Host Authentication Commands Windows XP and Switch Debug OutputACS Deployment Structure Cisco Sitch 802.1x Configuration Review ACS Monitoring and Reports Local Operations 802.1x Troubleshooting ACS Operation ManagementDistributed System Management ACS, Switch, and Windows ACS Deployment StructureDistributed Management Operations Troubleshooting Local OperationsReplication Overview Windows XP and Switch Debug Output Distributed System ManagementLocal Operations ACS Monitoring and Reports Distributed Management OperationsLog Collector ACS Operation Management Replication OverviewChange Pass ACS Deployment Structure Local Operationsord Flow Local Operations Log CollectorSystem Administration Distributed System Management Change PassAdministrators Distributed Management Operations ord FlowUsers Replication Overview System AdministrationOperations Local Operations AdministratorsConfiguration Log Collector UsersDownloads Change Pass Operations

ord Flow ConfigurationSystem Administration Downloads

line AdministratorsSecure Borderless Network Architecture UsersIdentity-Enabled Network Use Case Operations lineSummary Configuration Secure Borderless Network ArchitectureRADIUS Basics Downloads Identity-Enabled Network Use CaseTACACS+ Basics Summary RADIUS vs. TACACS+ RADIUS BasicsACS 5.2 Overview line TACACS+ BasicsHardware Platform Solutions Secure Borderless Network Architecture RADIUS vs. TACACS+


Software Platform Solutions Identity-Enabled Network Use Case ACS 5.2 OverviewNew, Changed, and Supported Features Summary Hardware Platform SolutionsACS 5.2 Installation RADIUS Basics Software Platform SolutionsInstallation on the CSACS+ Series TACACS+ Basics New, Changed, and Supported FeaturesAppliance RADIUS vs. TACACS+ ACS 5.2 InstallationInstallation with VMware ESX Server ACS 5.2 Overview Installation on the CSACS+ SeriesUsing Setup Scripts Hardware Platform Solutions ApplianceLicensing Software Platform Solutions Installation with VMware ESX ServerACS Attribute Types New, Changed, and Supported Features Using Setup ScriptsAttribute Definitions ACS 5.2 Installation LicensingAttribute Value Types Installation on the CSACS+ Series ACS Attribute TypesPredefined Values Appliance Attribute DefinitionsAttribute Dictionaries Installation with VMware ESX Server Attribute Value TypesAttribute Aliases Using Setup Scripts Predefined ValuesAvailability of Attributes Based on Policy Licensing Attribute DictionariesAdding Network Devices to ACS ACS Attribute Types Attribute AliasesNetwork Resources Attribute Definitions Availability of Attributes Based on PolicyTypes of AAA Clients Attribute Value Types Adding Network Devices to ACSNetwork Device Groups: Location Predefined Values Network ResourcesNetwork Device Groups: Device Type Attribute Dictionaries Types of AAA ClientsNetwork Devices and AAA Clients Attribute Aliases Network Device Groups: LocationLocal Identity Store and Identity Store Availability of Attributes Based on Policy Network Device Groups: Device TypeSequence Adding Network Devices to ACS Network Devices and AAA ClientsUsers and Identity Stores Network Resources Local Identity Store and Identity StoreInternal Identity Store Types of AAA Clients SequenceExternal Identity Store Network Device Groups: Location Users and Identity StoresCertificate Profile Network Device Groups: Device Type Internal Identity StoreInternal Identity Stores Network Devices and AAA Clients External Identity StoreUsers Local Identity Store and Identity Store Certificate ProfileGroups Sequence Internal Identity StoresHosts Users and Identity Stores UsersLDAP Overview Internal Identity Store GroupsExternal Identity Stores: OpenLDAP External Identity Store Hosts Enable LDAP Diagnostics Log Certificate Profile LDAP OverviewExternal Identity Store with Active Directory Internal Identity Stores External Identity Stores: OpenLDAPInterface with Active Directory Users Enable LDAP Diagnostics LogDNS Considerations Groups External Identity Store with ActiveNTP Server Considerations Hosts DirectoryConsiderations of Authenticating Usernames LDAP Overview Interface with Active Directorywith Domains External Identity Stores: OpenLDAP DNS ConsiderationsMachine Access Restrictions (MAR) Enable LDAP Diagnostics Log NTP Server ConsiderationsWindows 2008 Compatibility and Feature External Identity Store with Active Considerations of AuthenticatingSupport Directory Usernames with DomainsTesting Connectivity between ACS and AD Interface with Active Directory Machine Access Restrictions (MAR)Group Names Differences in ACS 4.x and DNS Considerations Windows 2008 Compatibility and Feature5.x NTP Server Considerations SupportIdentity Store Sequences Considerations of Authenticating Testing Connectivity between ACS and ADPAP Authentication via Kerberos Usernames with Domains Group Names Differences in ACS 4.x andAuthentication, Authorization, and Machine Access Restrictions (MAR) 5.xAccounting with TACACS+ Windows 2008 Compatibility and Feature Identity Store SequencesShell Profile Support PAP Authentication via KerberosCommand Sets Access Services Testing Connectivity between ACS and Authentication, Authorization, andService Selection Rules AD Accounting with TACACS+Default Device Admin: Authorization and Group Names Differences in ACS 4.x Shell ProfileIdentity and 5.x Command Sets Access ServicesMonitoring and Troubleshooting ACS Identity Store Sequences Service Selection RulesCisco Secure ACS View PAP Authentication via Kerberos Default Device Admin: Authorization andMonitoring and Debugging RADIUS Authentication, Authorization, and IdentityAuthentication Accounting with TACACS+ Monitoring and Troubleshooting ACSMonitoring and Debugging RADIUS Shell Profile Cisco Secure ACS ViewAuthorization Command Sets Access Services Monitoring and Debugging RADIUSMonitoring and Debugging TACACS+ Service Selection Rules AuthenticationAuthentication Default Device Admin: Authorization and Monitoring and Debugging RADIUSMonitoring and Debugging TACACS+ Identity AuthorizationAuthorization Monitoring and Troubleshooting ACS Monitoring and Debugging TACACS+Debugging TACACS+ Packets and Cisco Secure ACS View Authentication


Accounting Monitoring and Debugging RADIUS Monitoring and Debugging TACACS+ACS and Certificate Authority Authentication AuthorizationCertificate-Based Authentication Monitoring and Debugging RADIUS Debugging TACACS+ Packets andSelf-Signed Certificates Authorization AccountingThird-Party Digital Certificates Monitoring and Debugging TACACS+ ACS and Certificate AuthorityHistory Authentication Certificate-Based AuthenticationIntroduction Monitoring and Debugging TACACS+ Self-Signed CertificatesThe Port Authorization Third-Party Digital Certificates EAP Debugging TACACS+ Packets and HistoryEAP-TLS Accounting IntroductionPEAP ACS and Certificate Authority The Port802.1x Policy Elements (RADIUS) Certificate-Based Authentication EAPOverview Self-Signed Certificates EAP-TLSDate and Time Third-Party Digital Certificates PEAPCustom History 802.1x Policy Elements (RADIUS)Authorization Profiles Introduction OverviewAuthorization: Downloadable ACL The Port Date and TimeAccess Policies EAP CustomService Selection Rules EAP-TLS Authorization ProfilesAccess Services PEAP Authorization: Downloadable ACLIdentity 802.1x Policy Elements (RADIUS) Access Policies802.1x and Windows XP Overview Service Selection RulesConfigure 802.1x Date and Time Access Services802.1x and the Cisco Secure Services Client Custom Identity(SSC) Authorization Profiles 802.1x and Windows XPConfigure 802.1x on the SSC Authorization: Downloadable ACL Configure 802.1xConfigure 802.1x Single Host Authentication Access Policies 802.1x and the Cisco Secure Serviceson a Cisco Switch Service Selection Rules Client (SSC)Single Host Authentication Access Services Configure 802.1x on the SSCSingle Host Authentication Commands Identity Configure 802.1x Single HostCisco Sitch 802.1x Configuration Review 802.1x and Windows XP Authentication on a Cisco Switch802.1x Troubleshooting Configure 802.1x Single Host AuthenticationACS, Switch, and Windows Troubleshooting 802.1x and the Cisco Secure Services Single Host Authentication CommandsWindows XP and Switch Debug Output Client (SSC) Cisco Sitch 802.1x Configuration ReviewACS Monitoring and Reports Configure 802.1x on the SSC 802.1x TroubleshootingACS Operation Management Configure 802.1x Single Host ACS, Switch, and WindowsACS Deployment Structure Authentication on a Cisco Switch TroubleshootingLocal Operations Single Host Authentication Windows XP and Switch Debug OutputDistributed System Management Single Host Authentication Commands ACS Monitoring and Reports Distributed Management Operations Cisco Sitch 802.1x Configuration Review ACS Operation ManagementReplication Overview 802.1x Troubleshooting ACS Deployment StructureLocal Operations ACS, Switch, and Windows Local OperationsLog Collector Troubleshooting Distributed System ManagementChange Pass Windows XP and Switch Debug Output Distributed Management Operationsord Flow ACS Monitoring and Reports Replication OverviewSystem Administration ACS Operation Management Local OperationsAdministrators ACS Deployment Structure Log CollectorUsers Local Operations Change PassOperations Distributed System Management ord FlowConfiguration Distributed Management Operations System AdministrationDownloads Replication Overview Administrators

Local Operations UsersLog Collector Operations

line Change Pass ConfigurationSecure Borderless Network Architecture ord Flow DownloadsIdentity-Enabled Network Use Case System AdministrationSummary AdministratorsRADIUS Basics Users lineTACACS+ Basics Operations Secure Borderless Network ArchitectureRADIUS vs. TACACS+ Configuration Identity-Enabled Network Use CaseACS 5.2 Overview Downloads Summary Hardware Platform Solutions RADIUS BasicsSoftware Platform Solutions TACACS+ BasicsNew, Changed, and Supported Features line RADIUS vs. TACACS+ACS 5.2 Installation Secure Borderless Network Architecture ACS 5.2 OverviewInstallation on the CSACS+ Series Identity-Enabled Network Use Case Hardware Platform Solutions


Appliance Summary Software Platform SolutionsInstallation with VMware ESX Server RADIUS Basics New, Changed, and Supported FeaturesUsing Setup Scripts TACACS+ Basics ACS 5.2 InstallationLicensing RADIUS vs. TACACS+ Installation on the CSACS+ SeriesACS Attribute Types ACS 5.2 Overview ApplianceAttribute Definitions Hardware Platform Solutions Installation with VMware ESX ServerAttribute Value Types Software Platform Solutions Using Setup ScriptsPredefined Values New, Changed, and Supported Features LicensingAttribute Dictionaries ACS 5.2 Installation ACS Attribute TypesAttribute Aliases Installation on the CSACS+ Series Attribute DefinitionsAvailability of Attributes Based on Policy Appliance Attribute Value TypesAdding Network Devices to ACS Installation with VMware ESX Server Predefined ValuesNetwork Resources Using Setup Scripts Attribute DictionariesTypes of AAA Clients Licensing Attribute AliasesNetwork Device Groups: Location ACS Attribute Types Availability of Attributes Based on PolicyNetwork Device Groups: Device Type Attribute Definitions Adding Network Devices to ACSNetwork Devices and AAA Clients Attribute Value Types Network ResourcesLocal Identity Store and Identity Store Predefined Values Types of AAA ClientsSequence Attribute Dictionaries Network Device Groups: LocationUsers and Identity Stores Attribute Aliases Network Device Groups: Device TypeInternal Identity Store Availability of Attributes Based on Policy Network Devices and AAA ClientsExternal Identity Store Adding Network Devices to ACS Local Identity Store and Identity StoreCertificate Profile Network Resources SequenceInternal Identity Stores Types of AAA Clients Users and Identity StoresUsers Network Device Groups: Location Internal Identity StoreGroups Network Device Groups: Device Type External Identity StoreHosts Network Devices and AAA Clients Certificate ProfileLDAP Overview Local Identity Store and Identity Store Internal Identity StoresExternal Identity Stores: OpenLDAP Sequence UsersEnable LDAP Diagnostics Log Users and Identity Stores GroupsExternal Identity Store with Active Directory Internal Identity Store Hosts Interface with Active Directory External Identity Store LDAP OverviewDNS Considerations Certificate Profile External Identity Stores: OpenLDAPNTP Server Considerations Internal Identity Stores Enable LDAP Diagnostics LogConsiderations of Authenticating Usernames Users External Identity Store with Activewith Domains Groups DirectoryMachine Access Restrictions (MAR) Hosts Interface with Active DirectoryWindows 2008 Compatibility and Feature LDAP Overview DNS ConsiderationsSupport External Identity Stores: OpenLDAP NTP Server ConsiderationsTesting Connectivity between ACS and AD Enable LDAP Diagnostics Log Considerations of AuthenticatingGroup Names Differences in ACS 4.x and External Identity Store with Active Usernames with Domains5.x Directory Machine Access Restrictions (MAR)Identity Store Sequences Interface with Active Directory Windows 2008 Compatibility and FeaturePAP Authentication via Kerberos DNS Considerations SupportAuthentication, Authorization, and NTP Server Considerations Testing Connectivity between ACS and ADAccounting with TACACS+ Considerations of Authenticating Group Names Differences in ACS 4.x andShell Profile Usernames with Domains 5.xCommand Sets Access Services Machine Access Restrictions (MAR) Identity Store SequencesService Selection Rules Windows 2008 Compatibility and Feature PAP Authentication via KerberosDefault Device Admin: Authorization and Support Authentication, Authorization, andIdentity Testing Connectivity between ACS and Accounting with TACACS+Monitoring and Troubleshooting ACS AD Shell ProfileCisco Secure ACS View Group Names Differences in ACS 4.x Command Sets Access ServicesMonitoring and Debugging RADIUS and 5.x Service Selection RulesAuthentication Identity Store Sequences Default Device Admin: Authorization andMonitoring and Debugging RADIUS PAP Authentication via Kerberos IdentityAuthorization Authentication, Authorization, and Monitoring and Troubleshooting ACSMonitoring and Debugging TACACS+ Accounting with TACACS+ Cisco Secure ACS ViewAuthentication Shell Profile Monitoring and Debugging RADIUSMonitoring and Debugging TACACS+ Command Sets Access Services AuthenticationAuthorization Service Selection Rules Monitoring and Debugging RADIUSDebugging TACACS+ Packets and Default Device Admin: Authorization and AuthorizationAccounting Identity Monitoring and Debugging TACACS+ACS and Certificate Authority Monitoring and Troubleshooting ACS AuthenticationCertificate-Based Authentication Cisco Secure ACS View Monitoring and Debugging TACACS+Self-Signed Certificates Monitoring and Debugging RADIUS Authorization


Third-Party Digital Certificates Authentication Debugging TACACS+ Packets andHistory Monitoring and Debugging RADIUS AccountingIntroduction Authorization ACS and Certificate AuthorityThe Port Monitoring and Debugging TACACS+ Certificate-Based AuthenticationEAP Authentication Self-Signed CertificatesEAP-TLS Monitoring and Debugging TACACS+ Third-Party Digital Certificates PEAP Authorization History802.1x Policy Elements (RADIUS) Debugging TACACS+ Packets and IntroductionOverview Accounting The PortDate and Time ACS and Certificate Authority EAPCustom Certificate-Based Authentication EAP-TLSAuthorization Profiles Self-Signed Certificates PEAPAuthorization: Downloadable ACL Third-Party Digital Certificates 802.1x Policy Elements (RADIUS)Access Policies History OverviewService Selection Rules Introduction Date and TimeAccess Services The Port CustomIdentity EAP Authorization Profiles802.1x and Windows XP EAP-TLS Authorization: Downloadable ACLConfigure 802.1x PEAP Access Policies802.1x and the Cisco Secure Services Client 802.1x Policy Elements (RADIUS) Service Selection Rules(SSC) Overview Access ServicesConfigure 802.1x on the SSC Date and Time IdentityConfigure 802.1x Single Host Authentication Custom 802.1x and Windows XPon a Cisco Switch Authorization Profiles Configure 802.1xSingle Host Authentication Authorization: Downloadable ACL 802.1x and the Cisco Secure ServicesSingle Host Authentication Commands Access Policies Client (SSC)Cisco Sitch 802.1x Configuration Review Service Selection Rules Configure 802.1x on the SSC802.1x Troubleshooting Access Services Configure 802.1x Single HostACS, Switch, and Windows Troubleshooting Identity Authentication on a Cisco SwitchWindows XP and Switch Debug Output 802.1x and Windows XP Single Host AuthenticationACS Monitoring and Reports Configure 802.1x Single Host Authentication CommandsACS Operation Management 802.1x and the Cisco Secure Services Cisco Sitch 802.1x Configuration ReviewACS Deployment Structure Client (SSC) 802.1x TroubleshootingLocal Operations Configure 802.1x on the SSC ACS, Switch, and WindowsDistributed System Management Configure 802.1x Single Host TroubleshootingDistributed Management Operations Authentication on a Cisco Switch Windows XP and Switch Debug OutputReplication Overview Single Host Authentication ACS Monitoring and Reports Local Operations Single Host Authentication Commands ACS Operation ManagementLog Collector Cisco Sitch 802.1x Configuration Review ACS Deployment StructureChange Pass 802.1x Troubleshooting Local Operationsord Flow ACS, Switch, and Windows Distributed System ManagementSystem Administration Troubleshooting Distributed Management OperationsAdministrators Windows XP and Switch Debug Output Replication OverviewUsers ACS Monitoring and Reports Local OperationsOperations ACS Operation Management Log CollectorConfiguration ACS Deployment Structure Change PassDownloads Local Operations ord Flow

Distributed System Management System AdministrationDistributed Management Operations Administrators

line Replication Overview UsersSecure Borderless Network Architecture Local Operations OperationsIdentity-Enabled Network Use Case Log Collector ConfigurationSummary Change Pass DownloadsRADIUS Basics ord FlowTACACS+ Basics System AdministrationRADIUS vs. TACACS+ Administrators lineACS 5.2 Overview Users Secure Borderless Network ArchitectureHardware Platform Solutions Operations Identity-Enabled Network Use CaseSoftware Platform Solutions Configuration Summary New, Changed, and Supported Features Downloads RADIUS BasicsACS 5.2 Installation TACACS+ BasicsInstallation on the CSACS+ Series RADIUS vs. TACACS+Appliance line ACS 5.2 OverviewInstallation with VMware ESX Server Secure Borderless Network Architecture Hardware Platform SolutionsUsing Setup Scripts Identity-Enabled Network Use Case Software Platform SolutionsLicensing Summary New, Changed, and Supported Features


ACS Attribute Types RADIUS Basics ACS 5.2 InstallationAttribute Definitions TACACS+ Basics Installation on the CSACS+ SeriesAttribute Value Types RADIUS vs. TACACS+ AppliancePredefined Values ACS 5.2 Overview Installation with VMware ESX ServerAttribute Dictionaries Hardware Platform Solutions Using Setup ScriptsAttribute Aliases Software Platform Solutions LicensingAvailability of Attributes Based on Policy New, Changed, and Supported Features ACS Attribute TypesAdding Network Devices to ACS ACS 5.2 Installation Attribute DefinitionsNetwork Resources Installation on the CSACS+ Series Attribute Value TypesTypes of AAA Clients Appliance Predefined ValuesNetwork Device Groups: Location Installation with VMware ESX Server Attribute DictionariesNetwork Device Groups: Device Type Using Setup Scripts Attribute AliasesNetwork Devices and AAA Clients Licensing Availability of Attributes Based on PolicyLocal Identity Store and Identity Store ACS Attribute Types Adding Network Devices to ACSSequence Attribute Definitions Network ResourcesUsers and Identity Stores Attribute Value Types Types of AAA ClientsInternal Identity Store Predefined Values Network Device Groups: LocationExternal Identity Store Attribute Dictionaries Network Device Groups: Device TypeCertificate Profile Attribute Aliases Network Devices and AAA ClientsInternal Identity Stores Availability of Attributes Based on Policy Local Identity Store and Identity StoreUsers Adding Network Devices to ACS SequenceGroups Network Resources Users and Identity StoresHosts Types of AAA Clients Internal Identity StoreLDAP Overview Network Device Groups: Location External Identity StoreExternal Identity Stores: OpenLDAP Network Device Groups: Device Type Certificate ProfileEnable LDAP Diagnostics Log Network Devices and AAA Clients Internal Identity StoresExternal Identity Store with Active Directory Local Identity Store and Identity Store UsersInterface with Active Directory Sequence GroupsDNS Considerations Users and Identity Stores Hosts NTP Server Considerations Internal Identity Store LDAP OverviewConsiderations of Authenticating Usernames External Identity Store External Identity Stores: OpenLDAPwith Domains Certificate Profile Enable LDAP Diagnostics LogMachine Access Restrictions (MAR) Internal Identity Stores External Identity Store with ActiveWindows 2008 Compatibility and Feature Users DirectorySupport Groups Interface with Active DirectoryTesting Connectivity between ACS and AD Hosts DNS ConsiderationsGroup Names Differences in ACS 4.x and LDAP Overview NTP Server Considerations5.x External Identity Stores: OpenLDAP Considerations of AuthenticatingIdentity Store Sequences Enable LDAP Diagnostics Log Usernames with DomainsPAP Authentication via Kerberos External Identity Store with Active Machine Access Restrictions (MAR)Authentication, Authorization, and Directory Windows 2008 Compatibility and FeatureAccounting with TACACS+ Interface with Active Directory SupportShell Profile DNS Considerations Testing Connectivity between ACS and ADCommand Sets Access Services NTP Server Considerations Group Names Differences in ACS 4.x andService Selection Rules Considerations of Authenticating 5.xDefault Device Admin: Authorization and Usernames with Domains Identity Store SequencesIdentity Machine Access Restrictions (MAR) PAP Authentication via KerberosMonitoring and Troubleshooting ACS Windows 2008 Compatibility and Feature Authentication, Authorization, andCisco Secure ACS View Support Accounting with TACACS+Monitoring and Debugging RADIUS Testing Connectivity between ACS and Shell ProfileAuthentication AD Command Sets Access ServicesMonitoring and Debugging RADIUS Group Names Differences in ACS 4.x Service Selection RulesAuthorization and 5.x Default Device Admin: Authorization andMonitoring and Debugging TACACS+ Identity Store Sequences IdentityAuthentication PAP Authentication via Kerberos Monitoring and Troubleshooting ACSMonitoring and Debugging TACACS+ Authentication, Authorization, and Cisco Secure ACS ViewAuthorization Accounting with TACACS+ Monitoring and Debugging RADIUSDebugging TACACS+ Packets and Shell Profile AuthenticationAccounting Command Sets Access Services Monitoring and Debugging RADIUSACS and Certificate Authority Service Selection Rules AuthorizationCertificate-Based Authentication Default Device Admin: Authorization and Monitoring and Debugging TACACS+Self-Signed Certificates Identity AuthenticationThird-Party Digital Certificates Monitoring and Troubleshooting ACS Monitoring and Debugging TACACS+History Cisco Secure ACS View AuthorizationIntroduction Monitoring and Debugging RADIUS Debugging TACACS+ Packets andThe Port Authentication Accounting


EAP Monitoring and Debugging RADIUS ACS and Certificate AuthorityEAP-TLS Authorization Certificate-Based AuthenticationPEAP Monitoring and Debugging TACACS+ Self-Signed Certificates802.1x Policy Elements (RADIUS) Authentication Third-Party Digital Certificates Overview Monitoring and Debugging TACACS+ HistoryDate and Time Authorization IntroductionCustom Debugging TACACS+ Packets and The PortAuthorization Profiles Accounting EAPAuthorization: Downloadable ACL ACS and Certificate Authority EAP-TLSAccess Policies Certificate-Based Authentication PEAPService Selection Rules Self-Signed Certificates 802.1x Policy Elements (RADIUS)Access Services Third-Party Digital Certificates OverviewIdentity History Date and Time802.1x and Windows XP Introduction CustomConfigure 802.1x The Port Authorization Profiles802.1x and the Cisco Secure Services Client EAP Authorization: Downloadable ACL(SSC) EAP-TLS Access PoliciesConfigure 802.1x on the SSC PEAP Service Selection RulesConfigure 802.1x Single Host Authentication 802.1x Policy Elements (RADIUS) Access Serviceson a Cisco Switch Overview IdentitySingle Host Authentication Date and Time 802.1x and Windows XPSingle Host Authentication Commands Custom Configure 802.1xCisco Sitch 802.1x Configuration Review Authorization Profiles 802.1x and the Cisco Secure Services802.1x Troubleshooting Authorization: Downloadable ACL Client (SSC)ACS, Switch, and Windows Troubleshooting Access Policies Configure 802.1x on the SSCWindows XP and Switch Debug Output Service Selection Rules Configure 802.1x Single HostACS Monitoring and Reports Access Services Authentication on a Cisco SwitchACS Operation Management Identity Single Host AuthenticationACS Deployment Structure 802.1x and Windows XP Single Host Authentication CommandsLocal Operations Configure 802.1x Cisco Sitch 802.1x Configuration ReviewDistributed System Management 802.1x and the Cisco Secure Services 802.1x TroubleshootingDistributed Management Operations Client (SSC) ACS, Switch, and WindowsReplication Overview Configure 802.1x on the SSC TroubleshootingLocal Operations Configure 802.1x Single Host Windows XP and Switch Debug OutputLog Collector Authentication on a Cisco Switch ACS Monitoring and Reports Change Pass Single Host Authentication ACS Operation Managementord Flow Single Host Authentication Commands ACS Deployment StructureSystem Administration Cisco Sitch 802.1x Configuration Review Local OperationsAdministrators 802.1x Troubleshooting Distributed System ManagementUsers ACS, Switch, and Windows Distributed Management OperationsOperations Troubleshooting Replication OverviewConfiguration Windows XP and Switch Debug Output Local OperationsDownloads ACS Monitoring and Reports Log Collector

ACS Operation Management Change PassACS Deployment Structure ord Flow

line Local Operations System AdministrationSecure Borderless Network Architecture Distributed System Management AdministratorsIdentity-Enabled Network Use Case Distributed Management Operations UsersSummary Replication Overview OperationsRADIUS Basics Local Operations ConfigurationTACACS+ Basics Log Collector DownloadsRADIUS vs. TACACS+ Change PassACS 5.2 Overview ord FlowHardware Platform Solutions System Administration lineSoftware Platform Solutions Administrators Secure Borderless Network ArchitectureNew, Changed, and Supported Features Users Identity-Enabled Network Use CaseACS 5.2 Installation Operations Summary Installation on the CSACS+ Series Configuration RADIUS BasicsAppliance Downloads TACACS+ BasicsInstallation with VMware ESX Server RADIUS vs. TACACS+Using Setup Scripts ACS 5.2 OverviewLicensing line Hardware Platform SolutionsACS Attribute Types Secure Borderless Network Architecture Software Platform SolutionsAttribute Definitions Identity-Enabled Network Use Case New, Changed, and Supported FeaturesAttribute Value Types Summary ACS 5.2 InstallationPredefined Values RADIUS Basics Installation on the CSACS+ Series


Attribute Dictionaries TACACS+ Basics ApplianceAttribute Aliases RADIUS vs. TACACS+ Installation with VMware ESX ServerAvailability of Attributes Based on Policy ACS 5.2 Overview Using Setup ScriptsAdding Network Devices to ACS Hardware Platform Solutions LicensingNetwork Resources Software Platform Solutions ACS Attribute TypesTypes of AAA Clients New, Changed, and Supported Features Attribute DefinitionsNetwork Device Groups: Location ACS 5.2 Installation Attribute Value TypesNetwork Device Groups: Device Type Installation on the CSACS+ Series Predefined ValuesNetwork Devices and AAA Clients Appliance Attribute DictionariesLocal Identity Store and Identity Store Installation with VMware ESX Server Attribute AliasesSequence Using Setup Scripts Availability of Attributes Based on PolicyUsers and Identity Stores Licensing Adding Network Devices to ACSInternal Identity Store ACS Attribute Types Network ResourcesExternal Identity Store Attribute Definitions Types of AAA ClientsCertificate Profile Attribute Value Types Network Device Groups: LocationInternal Identity Stores Predefined Values Network Device Groups: Device TypeUsers Attribute Dictionaries Network Devices and AAA ClientsGroups Attribute Aliases Local Identity Store and Identity StoreHosts Availability of Attributes Based on Policy SequenceLDAP Overview Adding Network Devices to ACS Users and Identity StoresExternal Identity Stores: OpenLDAP Network Resources Internal Identity StoreEnable LDAP Diagnostics Log Types of AAA Clients External Identity StoreExternal Identity Store with Active Directory Network Device Groups: Location Certificate ProfileInterface with Active Directory Network Device Groups: Device Type Internal Identity StoresDNS Considerations Network Devices and AAA Clients UsersNTP Server Considerations Local Identity Store and Identity Store GroupsConsiderations of Authenticating Usernames Sequence Hosts with Domains Users and Identity Stores LDAP OverviewMachine Access Restrictions (MAR) Internal Identity Store External Identity Stores: OpenLDAPWindows 2008 Compatibility and Feature External Identity Store Enable LDAP Diagnostics LogSupport Certificate Profile External Identity Store with ActiveTesting Connectivity between ACS and AD Internal Identity Stores DirectoryGroup Names Differences in ACS 4.x and Users Interface with Active Directory5.x Groups DNS ConsiderationsIdentity Store Sequences Hosts NTP Server ConsiderationsPAP Authentication via Kerberos LDAP Overview Considerations of AuthenticatingAuthentication, Authorization, and External Identity Stores: OpenLDAP Usernames with DomainsAccounting with TACACS+ Enable LDAP Diagnostics Log Machine Access Restrictions (MAR)Shell Profile External Identity Store with Active Windows 2008 Compatibility and FeatureCommand Sets Access Services Directory SupportService Selection Rules Interface with Active Directory Testing Connectivity between ACS and ADDefault Device Admin: Authorization and DNS Considerations Group Names Differences in ACS 4.x andIdentity NTP Server Considerations 5.xMonitoring and Troubleshooting ACS Considerations of Authenticating Identity Store SequencesCisco Secure ACS View Usernames with Domains PAP Authentication via KerberosMonitoring and Debugging RADIUS Machine Access Restrictions (MAR) Authentication, Authorization, andAuthentication Windows 2008 Compatibility and Feature Accounting with TACACS+Monitoring and Debugging RADIUS Support Shell ProfileAuthorization Testing Connectivity between ACS and Command Sets Access ServicesMonitoring and Debugging TACACS+ AD Service Selection RulesAuthentication Group Names Differences in ACS 4.x Default Device Admin: Authorization andMonitoring and Debugging TACACS+ and 5.x IdentityAuthorization Identity Store Sequences Monitoring and Troubleshooting ACSDebugging TACACS+ Packets and PAP Authentication via Kerberos Cisco Secure ACS ViewAccounting Authentication, Authorization, and Monitoring and Debugging RADIUSACS and Certificate Authority Accounting with TACACS+ AuthenticationCertificate-Based Authentication Shell Profile Monitoring and Debugging RADIUSSelf-Signed Certificates Command Sets Access Services AuthorizationThird-Party Digital Certificates Service Selection Rules Monitoring and Debugging TACACS+History Default Device Admin: Authorization and AuthenticationIntroduction Identity Monitoring and Debugging TACACS+The Port Monitoring and Troubleshooting ACS AuthorizationEAP Cisco Secure ACS View Debugging TACACS+ Packets andEAP-TLS Monitoring and Debugging RADIUS AccountingPEAP Authentication ACS and Certificate Authority802.1x Policy Elements (RADIUS) Monitoring and Debugging RADIUS Certificate-Based Authentication


Overview Authorization Self-Signed CertificatesDate and Time Monitoring and Debugging TACACS+ Third-Party Digital Certificates Custom Authentication HistoryAuthorization Profiles Monitoring and Debugging TACACS+ IntroductionAuthorization: Downloadable ACL Authorization The PortAccess Policies Debugging TACACS+ Packets and EAPService Selection Rules Accounting EAP-TLSAccess Services ACS and Certificate Authority PEAPIdentity Certificate-Based Authentication 802.1x Policy Elements (RADIUS)802.1x and Windows XP Self-Signed Certificates OverviewConfigure 802.1x Third-Party Digital Certificates Date and Time802.1x and the Cisco Secure Services Client History Custom(SSC) Introduction Authorization ProfilesConfigure 802.1x on the SSC The Port Authorization: Downloadable ACLConfigure 802.1x Single Host Authentication EAP Access Policieson a Cisco Switch EAP-TLS Service Selection RulesSingle Host Authentication PEAP Access ServicesSingle Host Authentication Commands 802.1x Policy Elements (RADIUS) IdentityCisco Sitch 802.1x Configuration Review Overview 802.1x and Windows XP802.1x Troubleshooting Date and Time Configure 802.1xACS, Switch, and Windows Troubleshooting Custom 802.1x and the Cisco Secure ServicesWindows XP and Switch Debug Output Authorization Profiles Client (SSC)ACS Monitoring and Reports Authorization: Downloadable ACL Configure 802.1x on the SSCACS Operation Management Access Policies Configure 802.1x Single HostACS Deployment Structure Service Selection Rules Authentication on a Cisco SwitchLocal Operations Access Services Single Host AuthenticationDistributed System Management Identity Single Host Authentication CommandsDistributed Management Operations 802.1x and Windows XP Cisco Sitch 802.1x Configuration ReviewReplication Overview Configure 802.1x 802.1x TroubleshootingLocal Operations 802.1x and the Cisco Secure Services ACS, Switch, and WindowsLog Collector Client (SSC) TroubleshootingChange Pass Configure 802.1x on the SSC Windows XP and Switch Debug Outputord Flow Configure 802.1x Single Host ACS Monitoring and Reports System Administration Authentication on a Cisco Switch ACS Operation ManagementAdministrators Single Host Authentication ACS Deployment StructureUsers Single Host Authentication Commands Local OperationsOperations Cisco Sitch 802.1x Configuration Review Distributed System ManagementConfiguration 802.1x Troubleshooting Distributed Management OperationsDownloads ACS, Switch, and Windows Replication Overview

Troubleshooting Local OperationsWindows XP and Switch Debug Output Log Collector

line ACS Monitoring and Reports Change PassSecure Borderless Network Architecture ACS Operation Management ord FlowIdentity-Enabled Network Use Case ACS Deployment Structure System AdministrationSummary Local Operations AdministratorsRADIUS Basics Distributed System Management UsersTACACS+ Basics Distributed Management Operations OperationsRADIUS vs. TACACS+ Replication Overview ConfigurationACS 5.2 Overview Local Operations DownloadsHardware Platform Solutions Log CollectorSoftware Platform Solutions Change PassNew, Changed, and Supported Features ord Flow lineACS 5.2 Installation System Administration Secure Borderless Network ArchitectureInstallation on the CSACS+ Series Administrators Identity-Enabled Network Use CaseAppliance Users Summary Installation with VMware ESX Server Operations RADIUS BasicsUsing Setup Scripts Configuration TACACS+ BasicsLicensing Downloads RADIUS vs. TACACS+ACS Attribute Types ACS 5.2 OverviewAttribute Definitions Hardware Platform SolutionsAttribute Value Types line Software Platform SolutionsPredefined Values Secure Borderless Network Architecture New, Changed, and Supported FeaturesAttribute Dictionaries Identity-Enabled Network Use Case ACS 5.2 InstallationAttribute Aliases Summary Installation on the CSACS+ SeriesAvailability of Attributes Based on Policy RADIUS Basics ApplianceAdding Network Devices to ACS TACACS+ Basics Installation with VMware ESX Server


Network Resources RADIUS vs. TACACS+ Using Setup ScriptsTypes of AAA Clients ACS 5.2 Overview LicensingNetwork Device Groups: Location Hardware Platform Solutions ACS Attribute TypesNetwork Device Groups: Device Type Software Platform Solutions Attribute DefinitionsNetwork Devices and AAA Clients New, Changed, and Supported Features Attribute Value TypesLocal Identity Store and Identity Store ACS 5.2 Installation Predefined ValuesSequence Installation on the CSACS+ Series Attribute DictionariesUsers and Identity Stores Appliance Attribute AliasesInternal Identity Store Installation with VMware ESX Server Availability of Attributes Based on PolicyExternal Identity Store Using Setup Scripts Adding Network Devices to ACSCertificate Profile Licensing Network ResourcesInternal Identity Stores ACS Attribute Types Types of AAA ClientsUsers Attribute Definitions Network Device Groups: LocationGroups Attribute Value Types Network Device Groups: Device TypeHosts Predefined Values Network Devices and AAA ClientsLDAP Overview Attribute Dictionaries Local Identity Store and Identity StoreExternal Identity Stores: OpenLDAP Attribute Aliases SequenceEnable LDAP Diagnostics Log Availability of Attributes Based on Policy Users and Identity StoresExternal Identity Store with Active Directory Adding Network Devices to ACS Internal Identity StoreInterface with Active Directory Network Resources External Identity StoreDNS Considerations Types of AAA Clients Certificate ProfileNTP Server Considerations Network Device Groups: Location Internal Identity StoresConsiderations of Authenticating Usernames Network Device Groups: Device Type Userswith Domains Network Devices and AAA Clients GroupsMachine Access Restrictions (MAR) Local Identity Store and Identity Store Hosts Windows 2008 Compatibility and Feature Sequence LDAP OverviewSupport Users and Identity Stores External Identity Stores: OpenLDAPTesting Connectivity between ACS and AD Internal Identity Store Enable LDAP Diagnostics LogGroup Names Differences in ACS 4.x and External Identity Store External Identity Store with Active5.x Certificate Profile DirectoryIdentity Store Sequences Internal Identity Stores Interface with Active DirectoryPAP Authentication via Kerberos Users DNS ConsiderationsAuthentication, Authorization, and Groups NTP Server ConsiderationsAccounting with TACACS+ Hosts Considerations of AuthenticatingShell Profile LDAP Overview Usernames with DomainsCommand Sets Access Services External Identity Stores: OpenLDAP Machine Access Restrictions (MAR)Service Selection Rules Enable LDAP Diagnostics Log Windows 2008 Compatibility and FeatureDefault Device Admin: Authorization and External Identity Store with Active SupportIdentity Directory Testing Connectivity between ACS and ADMonitoring and Troubleshooting ACS Interface with Active Directory Group Names Differences in ACS 4.x andCisco Secure ACS View DNS Considerations 5.xMonitoring and Debugging RADIUS NTP Server Considerations Identity Store SequencesAuthentication Considerations of Authenticating PAP Authentication via KerberosMonitoring and Debugging RADIUS Usernames with Domains Authentication, Authorization, andAuthorization Machine Access Restrictions (MAR) Accounting with TACACS+Monitoring and Debugging TACACS+ Windows 2008 Compatibility and Feature Shell ProfileAuthentication Support Command Sets Access ServicesMonitoring and Debugging TACACS+ Testing Connectivity between ACS and Service Selection RulesAuthorization AD Default Device Admin: Authorization andDebugging TACACS+ Packets and Group Names Differences in ACS 4.x IdentityAccounting and 5.x Monitoring and Troubleshooting ACSACS and Certificate Authority Identity Store Sequences Cisco Secure ACS ViewCertificate-Based Authentication PAP Authentication via Kerberos Monitoring and Debugging RADIUSSelf-Signed Certificates Authentication, Authorization, and AuthenticationThird-Party Digital Certificates Accounting with TACACS+ Monitoring and Debugging RADIUSHistory Shell Profile AuthorizationIntroduction Command Sets Access Services Monitoring and Debugging TACACS+The Port Service Selection Rules AuthenticationEAP Default Device Admin: Authorization and Monitoring and Debugging TACACS+EAP-TLS Identity AuthorizationPEAP Monitoring and Troubleshooting ACS Debugging TACACS+ Packets and802.1x Policy Elements (RADIUS) Cisco Secure ACS View AccountingOverview Monitoring and Debugging RADIUS ACS and Certificate AuthorityDate and Time Authentication Certificate-Based AuthenticationCustom Monitoring and Debugging RADIUS Self-Signed CertificatesAuthorization Profiles Authorization Third-Party Digital Certificates


Authorization: Downloadable ACL Monitoring and Debugging TACACS+ HistoryAccess Policies Authentication IntroductionService Selection Rules Monitoring and Debugging TACACS+ The PortAccess Services Authorization EAPIdentity Debugging TACACS+ Packets and EAP-TLS802.1x and Windows XP Accounting PEAPConfigure 802.1x ACS and Certificate Authority 802.1x Policy Elements (RADIUS)802.1x and the Cisco Secure Services Client Certificate-Based Authentication Overview(SSC) Self-Signed Certificates Date and TimeConfigure 802.1x on the SSC Third-Party Digital Certificates CustomConfigure 802.1x Single Host Authentication History Authorization Profileson a Cisco Switch Introduction Authorization: Downloadable ACLSingle Host Authentication The Port Access PoliciesSingle Host Authentication Commands EAP Service Selection RulesCisco Sitch 802.1x Configuration Review EAP-TLS Access Services802.1x Troubleshooting PEAP IdentityACS, Switch, and Windows Troubleshooting 802.1x Policy Elements (RADIUS) 802.1x and Windows XPWindows XP and Switch Debug Output Overview Configure 802.1xACS Monitoring and Reports Date and Time 802.1x and the Cisco Secure ServicesACS Operation Management Custom Client (SSC)ACS Deployment Structure Authorization Profiles Configure 802.1x on the SSCLocal Operations Authorization: Downloadable ACL Configure 802.1x Single HostDistributed System Management Access Policies Authentication on a Cisco SwitchDistributed Management Operations Service Selection Rules Single Host AuthenticationReplication Overview Access Services Single Host Authentication CommandsLocal Operations Identity Cisco Sitch 802.1x Configuration ReviewLog Collector 802.1x and Windows XP 802.1x TroubleshootingChange Pass Configure 802.1x ACS, Switch, and Windowsord Flow 802.1x and the Cisco Secure Services TroubleshootingSystem Administration Client (SSC) Windows XP and Switch Debug OutputAdministrators Configure 802.1x on the SSC ACS Monitoring and Reports Users Configure 802.1x Single Host ACS Operation ManagementOperations Authentication on a Cisco Switch ACS Deployment StructureConfiguration Single Host Authentication Local OperationsDownloads Single Host Authentication Commands Distributed System Management

Cisco Sitch 802.1x Configuration Review Distributed Management Operations802.1x Troubleshooting Replication Overview

line ACS, Switch, and Windows Local OperationsSecure Borderless Network Architecture Troubleshooting Log CollectorIdentity-Enabled Network Use Case Windows XP and Switch Debug Output Change PassSummary ACS Monitoring and Reports ord FlowRADIUS Basics ACS Operation Management System AdministrationTACACS+ Basics ACS Deployment Structure AdministratorsRADIUS vs. TACACS+ Local Operations UsersACS 5.2 Overview Distributed System Management OperationsHardware Platform Solutions Distributed Management Operations ConfigurationSoftware Platform Solutions Replication Overview DownloadsNew, Changed, and Supported Features Local OperationsACS 5.2 Installation Log CollectorInstallation on the CSACS+ Series Change Pass lineAppliance ord Flow Secure Borderless Network ArchitectureInstallation with VMware ESX Server System Administration Identity-Enabled Network Use CaseUsing Setup Scripts Administrators Summary Licensing Users RADIUS BasicsACS Attribute Types Operations TACACS+ BasicsAttribute Definitions Configuration RADIUS vs. TACACS+Attribute Value Types Downloads ACS 5.2 OverviewPredefined Values Hardware Platform SolutionsAttribute Dictionaries Software Platform SolutionsAttribute Aliases line New, Changed, and Supported FeaturesAvailability of Attributes Based on Policy Secure Borderless Network Architecture ACS 5.2 InstallationAdding Network Devices to ACS Identity-Enabled Network Use Case Installation on the CSACS+ SeriesNetwork Resources Summary ApplianceTypes of AAA Clients RADIUS Basics Installation with VMware ESX ServerNetwork Device Groups: Location TACACS+ Basics Using Setup ScriptsNetwork Device Groups: Device Type RADIUS vs. TACACS+ Licensing


Network Devices and AAA Clients ACS 5.2 Overview ACS Attribute TypesLocal Identity Store and Identity Store Hardware Platform Solutions Attribute DefinitionsSequence Software Platform Solutions Attribute Value TypesUsers and Identity Stores New, Changed, and Supported Features Predefined ValuesInternal Identity Store ACS 5.2 Installation Attribute DictionariesExternal Identity Store Installation on the CSACS+ Series Attribute AliasesCertificate Profile Appliance Availability of Attributes Based on PolicyInternal Identity Stores Installation with VMware ESX Server Adding Network Devices to ACSUsers Using Setup Scripts Network ResourcesGroups Licensing Types of AAA ClientsHosts ACS Attribute Types Network Device Groups: LocationLDAP Overview Attribute Definitions Network Device Groups: Device TypeExternal Identity Stores: OpenLDAP Attribute Value Types Network Devices and AAA ClientsEnable LDAP Diagnostics Log Predefined Values Local Identity Store and Identity StoreExternal Identity Store with Active Directory Attribute Dictionaries SequenceInterface with Active Directory Attribute Aliases Users and Identity StoresDNS Considerations Availability of Attributes Based on Policy Internal Identity StoreNTP Server Considerations Adding Network Devices to ACS External Identity StoreConsiderations of Authenticating Usernames Network Resources Certificate Profilewith Domains Types of AAA Clients Internal Identity StoresMachine Access Restrictions (MAR) Network Device Groups: Location UsersWindows 2008 Compatibility and Feature Network Device Groups: Device Type GroupsSupport Network Devices and AAA Clients Hosts Testing Connectivity between ACS and AD Local Identity Store and Identity Store LDAP OverviewGroup Names Differences in ACS 4.x and Sequence External Identity Stores: OpenLDAP5.x Users and Identity Stores Enable LDAP Diagnostics LogIdentity Store Sequences Internal Identity Store External Identity Store with ActivePAP Authentication via Kerberos External Identity Store DirectoryAuthentication, Authorization, and Certificate Profile Interface with Active DirectoryAccounting with TACACS+ Internal Identity Stores DNS ConsiderationsShell Profile Users NTP Server ConsiderationsCommand Sets Access Services Groups Considerations of AuthenticatingService Selection Rules Hosts Usernames with DomainsDefault Device Admin: Authorization and LDAP Overview Machine Access Restrictions (MAR)Identity External Identity Stores: OpenLDAP Windows 2008 Compatibility and FeatureMonitoring and Troubleshooting ACS Enable LDAP Diagnostics Log SupportCisco Secure ACS View External Identity Store with Active Testing Connectivity between ACS and ADMonitoring and Debugging RADIUS Directory Group Names Differences in ACS 4.x andAuthentication Interface with Active Directory 5.xMonitoring and Debugging RADIUS DNS Considerations Identity Store SequencesAuthorization NTP Server Considerations PAP Authentication via KerberosMonitoring and Debugging TACACS+ Considerations of Authenticating Authentication, Authorization, andAuthentication Usernames with Domains Accounting with TACACS+Monitoring and Debugging TACACS+ Machine Access Restrictions (MAR) Shell ProfileAuthorization Windows 2008 Compatibility and Feature Command Sets Access ServicesDebugging TACACS+ Packets and Support Service Selection RulesAccounting Testing Connectivity between ACS and Default Device Admin: Authorization andACS and Certificate Authority AD IdentityCertificate-Based Authentication Group Names Differences in ACS 4.x Monitoring and Troubleshooting ACSSelf-Signed Certificates and 5.x Cisco Secure ACS ViewThird-Party Digital Certificates Identity Store Sequences Monitoring and Debugging RADIUSHistory PAP Authentication via Kerberos AuthenticationIntroduction Authentication, Authorization, and Monitoring and Debugging RADIUSThe Port Accounting with TACACS+ AuthorizationEAP Shell Profile Monitoring and Debugging TACACS+EAP-TLS Command Sets Access Services AuthenticationPEAP Service Selection Rules Monitoring and Debugging TACACS+802.1x Policy Elements (RADIUS) Default Device Admin: Authorization and AuthorizationOverview Identity Debugging TACACS+ Packets andDate and Time Monitoring and Troubleshooting ACS AccountingCustom Cisco Secure ACS View ACS and Certificate AuthorityAuthorization Profiles Monitoring and Debugging RADIUS Certificate-Based AuthenticationAuthorization: Downloadable ACL Authentication Self-Signed CertificatesAccess Policies Monitoring and Debugging RADIUS Third-Party Digital Certificates Service Selection Rules Authorization HistoryAccess Services Monitoring and Debugging TACACS+ Introduction


Identity Authentication The Port802.1x and Windows XP Monitoring and Debugging TACACS+ EAPConfigure 802.1x Authorization EAP-TLS802.1x and the Cisco Secure Services Client Debugging TACACS+ Packets and PEAP(SSC) Accounting 802.1x Policy Elements (RADIUS)Configure 802.1x on the SSC ACS and Certificate Authority OverviewConfigure 802.1x Single Host Authentication Certificate-Based Authentication Date and Timeon a Cisco Switch Self-Signed Certificates CustomSingle Host Authentication Third-Party Digital Certificates Authorization ProfilesSingle Host Authentication Commands History Authorization: Downloadable ACLCisco Sitch 802.1x Configuration Review Introduction Access Policies802.1x Troubleshooting The Port Service Selection RulesACS, Switch, and Windows Troubleshooting EAP Access ServicesWindows XP and Switch Debug Output EAP-TLS IdentityACS Monitoring and Reports PEAP 802.1x and Windows XPACS Operation Management 802.1x Policy Elements (RADIUS) Configure 802.1xACS Deployment Structure Overview 802.1x and the Cisco Secure ServicesLocal Operations Date and Time Client (SSC)Distributed System Management Custom Configure 802.1x on the SSCDistributed Management Operations Authorization Profiles Configure 802.1x Single HostReplication Overview Authorization: Downloadable ACL Authentication on a Cisco SwitchLocal Operations Access Policies Single Host AuthenticationLog Collector Service Selection Rules Single Host Authentication CommandsChange Pass Access Services Cisco Sitch 802.1x Configuration Revieword Flow Identity 802.1x TroubleshootingSystem Administration 802.1x and Windows XP ACS, Switch, and WindowsAdministrators Configure 802.1x TroubleshootingUsers 802.1x and the Cisco Secure Services Windows XP and Switch Debug OutputOperations Client (SSC) ACS Monitoring and Reports Configuration Configure 802.1x on the SSC ACS Operation ManagementDownloads Configure 802.1x Single Host ACS Deployment Structure

Authentication on a Cisco Switch Local OperationsSingle Host Authentication Distributed System Management

line Single Host Authentication Commands Distributed Management OperationsSecure Borderless Network Architecture Cisco Sitch 802.1x Configuration Review Replication OverviewIdentity-Enabled Network Use Case 802.1x Troubleshooting Local OperationsSummary ACS, Switch, and Windows Log CollectorRADIUS Basics Troubleshooting Change PassTACACS+ Basics Windows XP and Switch Debug Output ord FlowRADIUS vs. TACACS+ ACS Monitoring and Reports System AdministrationACS 5.2 Overview ACS Operation Management AdministratorsHardware Platform Solutions ACS Deployment Structure UsersSoftware Platform Solutions Local Operations OperationsNew, Changed, and Supported Features Distributed System Management ConfigurationACS 5.2 Installation Distributed Management Operations DownloadsInstallation on the CSACS+ Series Replication OverviewAppliance Local OperationsInstallation with VMware ESX Server Log Collector lineUsing Setup Scripts Change Pass Secure Borderless Network ArchitectureLicensing ord Flow Identity-Enabled Network Use CaseACS Attribute Types System Administration Summary Attribute Definitions Administrators RADIUS BasicsAttribute Value Types Users TACACS+ BasicsPredefined Values Operations RADIUS vs. TACACS+Attribute Dictionaries Configuration ACS 5.2 OverviewAttribute Aliases Downloads Hardware Platform SolutionsAvailability of Attributes Based on Policy Software Platform SolutionsAdding Network Devices to ACS New, Changed, and Supported FeaturesNetwork Resources line ACS 5.2 InstallationTypes of AAA Clients Secure Borderless Network Architecture Installation on the CSACS+ SeriesNetwork Device Groups: Location Identity-Enabled Network Use Case ApplianceNetwork Device Groups: Device Type Summary Installation with VMware ESX ServerNetwork Devices and AAA Clients RADIUS Basics Using Setup ScriptsLocal Identity Store and Identity Store TACACS+ Basics LicensingSequence RADIUS vs. TACACS+ ACS Attribute TypesUsers and Identity Stores ACS 5.2 Overview Attribute Definitions


Internal Identity Store Hardware Platform Solutions Attribute Value TypesExternal Identity Store Software Platform Solutions Predefined ValuesCertificate Profile New, Changed, and Supported Features Attribute DictionariesInternal Identity Stores ACS 5.2 Installation Attribute AliasesUsers Installation on the CSACS+ Series Availability of Attributes Based on PolicyGroups Appliance Adding Network Devices to ACSHosts Installation with VMware ESX Server Network ResourcesLDAP Overview Using Setup Scripts Types of AAA ClientsExternal Identity Stores: OpenLDAP Licensing Network Device Groups: LocationEnable LDAP Diagnostics Log ACS Attribute Types Network Device Groups: Device TypeExternal Identity Store with Active Directory Attribute Definitions Network Devices and AAA ClientsInterface with Active Directory Attribute Value Types Local Identity Store and Identity StoreDNS Considerations Predefined Values SequenceNTP Server Considerations Attribute Dictionaries Users and Identity StoresConsiderations of Authenticating Usernames Attribute Aliases Internal Identity Storewith Domains Availability of Attributes Based on Policy External Identity StoreMachine Access Restrictions (MAR) Adding Network Devices to ACS Certificate ProfileWindows 2008 Compatibility and Feature Network Resources Internal Identity StoresSupport Types of AAA Clients UsersTesting Connectivity between ACS and AD Network Device Groups: Location GroupsGroup Names Differences in ACS 4.x and Network Device Groups: Device Type Hosts 5.x Network Devices and AAA Clients LDAP OverviewIdentity Store Sequences Local Identity Store and Identity Store External Identity Stores: OpenLDAPPAP Authentication via Kerberos Sequence Enable LDAP Diagnostics LogAuthentication, Authorization, and Users and Identity Stores External Identity Store with ActiveAccounting with TACACS+ Internal Identity Store DirectoryShell Profile External Identity Store Interface with Active DirectoryCommand Sets Access Services Certificate Profile DNS ConsiderationsService Selection Rules Internal Identity Stores NTP Server ConsiderationsDefault Device Admin: Authorization and Users Considerations of AuthenticatingIdentity Groups Usernames with DomainsMonitoring and Troubleshooting ACS Hosts Machine Access Restrictions (MAR)Cisco Secure ACS View LDAP Overview Windows 2008 Compatibility and FeatureMonitoring and Debugging RADIUS External Identity Stores: OpenLDAP SupportAuthentication Enable LDAP Diagnostics Log Testing Connectivity between ACS and ADMonitoring and Debugging RADIUS External Identity Store with Active Group Names Differences in ACS 4.x andAuthorization Directory 5.xMonitoring and Debugging TACACS+ Interface with Active Directory Identity Store SequencesAuthentication DNS Considerations PAP Authentication via KerberosMonitoring and Debugging TACACS+ NTP Server Considerations Authentication, Authorization, andAuthorization Considerations of Authenticating Accounting with TACACS+Debugging TACACS+ Packets and Usernames with Domains Shell ProfileAccounting Machine Access Restrictions (MAR) Command Sets Access ServicesACS and Certificate Authority Windows 2008 Compatibility and Feature Service Selection RulesCertificate-Based Authentication Support Default Device Admin: Authorization andSelf-Signed Certificates Testing Connectivity between ACS and IdentityThird-Party Digital Certificates AD Monitoring and Troubleshooting ACSHistory Group Names Differences in ACS 4.x Cisco Secure ACS ViewIntroduction and 5.x Monitoring and Debugging RADIUSThe Port Identity Store Sequences AuthenticationEAP PAP Authentication via Kerberos Monitoring and Debugging RADIUSEAP-TLS Authentication, Authorization, and AuthorizationPEAP Accounting with TACACS+ Monitoring and Debugging TACACS+802.1x Policy Elements (RADIUS) Shell Profile AuthenticationOverview Command Sets Access Services Monitoring and Debugging TACACS+Date and Time Service Selection Rules AuthorizationCustom Default Device Admin: Authorization and Debugging TACACS+ Packets andAuthorization Profiles Identity AccountingAuthorization: Downloadable ACL Monitoring and Troubleshooting ACS ACS and Certificate AuthorityAccess Policies Cisco Secure ACS View Certificate-Based AuthenticationService Selection Rules Monitoring and Debugging RADIUS Self-Signed CertificatesAccess Services Authentication Third-Party Digital Certificates Identity Monitoring and Debugging RADIUS History802.1x and Windows XP Authorization IntroductionConfigure 802.1x Monitoring and Debugging TACACS+ The Port802.1x and the Cisco Secure Services Client Authentication EAP


(SSC) Monitoring and Debugging TACACS+ EAP-TLSConfigure 802.1x on the SSC Authorization PEAPConfigure 802.1x Single Host Authentication Debugging TACACS+ Packets and 802.1x Policy Elements (RADIUS)on a Cisco Switch Accounting OverviewSingle Host Authentication ACS and Certificate Authority Date and TimeSingle Host Authentication Commands Certificate-Based Authentication CustomCisco Sitch 802.1x Configuration Review Self-Signed Certificates Authorization Profiles802.1x Troubleshooting Third-Party Digital Certificates Authorization: Downloadable ACLACS, Switch, and Windows Troubleshooting History Access PoliciesWindows XP and Switch Debug Output Introduction Service Selection RulesACS Monitoring and Reports The Port Access ServicesACS Operation Management EAP IdentityACS Deployment Structure EAP-TLS 802.1x and Windows XPLocal Operations PEAP Configure 802.1xDistributed System Management 802.1x Policy Elements (RADIUS) 802.1x and the Cisco Secure ServicesDistributed Management Operations Overview Client (SSC)Replication Overview Date and Time Configure 802.1x on the SSCLocal Operations Custom Configure 802.1x Single HostLog Collector Authorization Profiles Authentication on a Cisco SwitchChange Pass Authorization: Downloadable ACL Single Host Authenticationord Flow Access Policies Single Host Authentication CommandsSystem Administration Service Selection Rules Cisco Sitch 802.1x Configuration ReviewAdministrators Access Services 802.1x TroubleshootingUsers Identity ACS, Switch, and WindowsOperations 802.1x and Windows XP TroubleshootingConfiguration Configure 802.1x Windows XP and Switch Debug OutputDownloads 802.1x and the Cisco Secure Services ACS Monitoring and Reports

Client (SSC) ACS Operation ManagementConfigure 802.1x on the SSC ACS Deployment Structure

line Configure 802.1x Single Host Local OperationsSecure Borderless Network Architecture Authentication on a Cisco Switch Distributed System ManagementIdentity-Enabled Network Use Case Single Host Authentication Distributed Management OperationsSummary Single Host Authentication Commands Replication OverviewRADIUS Basics Cisco Sitch 802.1x Configuration Review Local OperationsTACACS+ Basics 802.1x Troubleshooting Log CollectorRADIUS vs. TACACS+ ACS, Switch, and Windows Change PassACS 5.2 Overview Troubleshooting ord FlowHardware Platform Solutions Windows XP and Switch Debug Output System AdministrationSoftware Platform Solutions ACS Monitoring and Reports AdministratorsNew, Changed, and Supported Features ACS Operation Management UsersACS 5.2 Installation ACS Deployment Structure OperationsInstallation on the CSACS+ Series Local Operations ConfigurationAppliance Distributed System Management DownloadsInstallation with VMware ESX Server Distributed Management OperationsUsing Setup Scripts Replication OverviewLicensing Local Operations lineACS Attribute Types Log Collector Secure Borderless Network ArchitectureAttribute Definitions Change Pass Identity-Enabled Network Use CaseAttribute Value Types ord Flow Summary Predefined Values System Administration RADIUS BasicsAttribute Dictionaries Administrators TACACS+ BasicsAttribute Aliases Users RADIUS vs. TACACS+Availability of Attributes Based on Policy Operations ACS 5.2 OverviewAdding Network Devices to ACS Configuration Hardware Platform SolutionsNetwork Resources Downloads Software Platform SolutionsTypes of AAA Clients New, Changed, and Supported FeaturesNetwork Device Groups: Location ACS 5.2 InstallationNetwork Device Groups: Device Type line Installation on the CSACS+ SeriesNetwork Devices and AAA Clients Secure Borderless Network Architecture ApplianceLocal Identity Store and Identity Store Identity-Enabled Network Use Case Installation with VMware ESX ServerSequence Summary Using Setup ScriptsUsers and Identity Stores RADIUS Basics LicensingInternal Identity Store TACACS+ Basics ACS Attribute TypesExternal Identity Store RADIUS vs. TACACS+ Attribute DefinitionsCertificate Profile ACS 5.2 Overview Attribute Value TypesInternal Identity Stores Hardware Platform Solutions Predefined Values


Users Software Platform Solutions Attribute DictionariesGroups New, Changed, and Supported Features Attribute AliasesHosts ACS 5.2 Installation Availability of Attributes Based on PolicyLDAP Overview Installation on the CSACS+ Series Adding Network Devices to ACSExternal Identity Stores: OpenLDAP Appliance Network ResourcesEnable LDAP Diagnostics Log Installation with VMware ESX Server Types of AAA ClientsExternal Identity Store with Active Directory Using Setup Scripts Network Device Groups: LocationInterface with Active Directory Licensing Network Device Groups: Device TypeDNS Considerations ACS Attribute Types Network Devices and AAA ClientsNTP Server Considerations Attribute Definitions Local Identity Store and Identity StoreConsiderations of Authenticating Usernames Attribute Value Types Sequencewith Domains Predefined Values Users and Identity StoresMachine Access Restrictions (MAR) Attribute Dictionaries Internal Identity StoreWindows 2008 Compatibility and Feature Attribute Aliases External Identity StoreSupport Availability of Attributes Based on Policy Certificate ProfileTesting Connectivity between ACS and AD Adding Network Devices to ACS Internal Identity StoresGroup Names Differences in ACS 4.x and Network Resources Users5.x Types of AAA Clients GroupsIdentity Store Sequences Network Device Groups: Location Hosts PAP Authentication via Kerberos Network Device Groups: Device Type LDAP OverviewAuthentication, Authorization, and Network Devices and AAA Clients External Identity Stores: OpenLDAPAccounting with TACACS+ Local Identity Store and Identity Store Enable LDAP Diagnostics LogShell Profile Sequence External Identity Store with ActiveCommand Sets Access Services Users and Identity Stores DirectoryService Selection Rules Internal Identity Store Interface with Active DirectoryDefault Device Admin: Authorization and External Identity Store DNS ConsiderationsIdentity Certificate Profile NTP Server ConsiderationsMonitoring and Troubleshooting ACS Internal Identity Stores Considerations of AuthenticatingCisco Secure ACS View Users Usernames with DomainsMonitoring and Debugging RADIUS Groups Machine Access Restrictions (MAR)Authentication Hosts Windows 2008 Compatibility and FeatureMonitoring and Debugging RADIUS LDAP Overview SupportAuthorization External Identity Stores: OpenLDAP Testing Connectivity between ACS and ADMonitoring and Debugging TACACS+ Enable LDAP Diagnostics Log Group Names Differences in ACS 4.x andAuthentication External Identity Store with Active 5.xMonitoring and Debugging TACACS+ Directory Identity Store SequencesAuthorization Interface with Active Directory PAP Authentication via KerberosDebugging TACACS+ Packets and DNS Considerations Authentication, Authorization, andAccounting NTP Server Considerations Accounting with TACACS+ACS and Certificate Authority Considerations of Authenticating Shell ProfileCertificate-Based Authentication Usernames with Domains Command Sets Access ServicesSelf-Signed Certificates Machine Access Restrictions (MAR) Service Selection RulesThird-Party Digital Certificates Windows 2008 Compatibility and Feature Default Device Admin: Authorization andHistory Support IdentityIntroduction Testing Connectivity between ACS and Monitoring and Troubleshooting ACSThe Port AD Cisco Secure ACS ViewEAP Group Names Differences in ACS 4.x Monitoring and Debugging RADIUSEAP-TLS and 5.x AuthenticationPEAP Identity Store Sequences Monitoring and Debugging RADIUS802.1x Policy Elements (RADIUS) PAP Authentication via Kerberos AuthorizationOverview Authentication, Authorization, and Monitoring and Debugging TACACS+Date and Time Accounting with TACACS+ AuthenticationCustom Shell Profile Monitoring and Debugging TACACS+Authorization Profiles Command Sets Access Services AuthorizationAuthorization: Downloadable ACL Service Selection Rules Debugging TACACS+ Packets andAccess Policies Default Device Admin: Authorization and AccountingService Selection Rules Identity ACS and Certificate AuthorityAccess Services Monitoring and Troubleshooting ACS Certificate-Based AuthenticationIdentity Cisco Secure ACS View Self-Signed Certificates802.1x and Windows XP Monitoring and Debugging RADIUS Third-Party Digital Certificates Configure 802.1x Authentication History802.1x and the Cisco Secure Services Client Monitoring and Debugging RADIUS Introduction(SSC) Authorization The PortConfigure 802.1x on the SSC Monitoring and Debugging TACACS+ EAPConfigure 802.1x Single Host Authentication Authentication EAP-TLSon a Cisco Switch Monitoring and Debugging TACACS+ PEAP


Single Host Authentication Authorization 802.1x Policy Elements (RADIUS)Single Host Authentication Commands Debugging TACACS+ Packets and OverviewCisco Sitch 802.1x Configuration Review Accounting Date and Time802.1x Troubleshooting ACS and Certificate Authority CustomACS, Switch, and Windows Troubleshooting Certificate-Based Authentication Authorization ProfilesWindows XP and Switch Debug Output Self-Signed Certificates Authorization: Downloadable ACLACS Monitoring and Reports Third-Party Digital Certificates Access PoliciesACS Operation Management History Service Selection RulesACS Deployment Structure Introduction Access ServicesLocal Operations The Port IdentityDistributed System Management EAP 802.1x and Windows XPDistributed Management Operations EAP-TLS Configure 802.1xReplication Overview PEAP 802.1x and the Cisco Secure ServicesLocal Operations 802.1x Policy Elements (RADIUS) Client (SSC)Log Collector Overview Configure 802.1x on the SSCChange Pass Date and Time Configure 802.1x Single Hostord Flow Custom Authentication on a Cisco SwitchSystem Administration Authorization Profiles Single Host AuthenticationAdministrators Authorization: Downloadable ACL Single Host Authentication CommandsUsers Access Policies Cisco Sitch 802.1x Configuration ReviewOperations Service Selection Rules 802.1x TroubleshootingConfiguration Access Services ACS, Switch, and WindowsDownloads Identity Troubleshooting

802.1x and Windows XP Windows XP and Switch Debug OutputConfigure 802.1x ACS Monitoring and Reports

line 802.1x and the Cisco Secure Services ACS Operation ManagementSecure Borderless Network Architecture Client (SSC) ACS Deployment StructureIdentity-Enabled Network Use Case Configure 802.1x on the SSC Local OperationsSummary Configure 802.1x Single Host Distributed System ManagementRADIUS Basics Authentication on a Cisco Switch Distributed Management OperationsTACACS+ Basics Single Host Authentication Replication OverviewRADIUS vs. TACACS+ Single Host Authentication Commands Local OperationsACS 5.2 Overview Cisco Sitch 802.1x Configuration Review Log CollectorHardware Platform Solutions 802.1x Troubleshooting Change PassSoftware Platform Solutions ACS, Switch, and Windows ord FlowNew, Changed, and Supported Features Troubleshooting System AdministrationACS 5.2 Installation Windows XP and Switch Debug Output AdministratorsInstallation on the CSACS+ Series ACS Monitoring and Reports UsersAppliance ACS Operation Management OperationsInstallation with VMware ESX Server ACS Deployment Structure ConfigurationUsing Setup Scripts Local Operations DownloadsLicensing Distributed System ManagementACS Attribute Types Distributed Management OperationsAttribute Definitions Replication Overview lineAttribute Value Types Local Operations Secure Borderless Network ArchitecturePredefined Values Log Collector Identity-Enabled Network Use CaseAttribute Dictionaries Change Pass Summary Attribute Aliases ord Flow RADIUS BasicsAvailability of Attributes Based on Policy System Administration TACACS+ BasicsAdding Network Devices to ACS Administrators RADIUS vs. TACACS+Network Resources Users ACS 5.2 OverviewTypes of AAA Clients Operations Hardware Platform SolutionsNetwork Device Groups: Location Configuration Software Platform SolutionsNetwork Device Groups: Device Type Downloads New, Changed, and Supported FeaturesNetwork Devices and AAA Clients ACS 5.2 InstallationLocal Identity Store and Identity Store Installation on the CSACS+ SeriesSequence line ApplianceUsers and Identity Stores Secure Borderless Network Architecture Installation with VMware ESX ServerInternal Identity Store Identity-Enabled Network Use Case Using Setup ScriptsExternal Identity Store Summary LicensingCertificate Profile RADIUS Basics ACS Attribute TypesInternal Identity Stores TACACS+ Basics Attribute DefinitionsUsers RADIUS vs. TACACS+ Attribute Value TypesGroups ACS 5.2 Overview Predefined ValuesHosts Hardware Platform Solutions Attribute DictionariesLDAP Overview Software Platform Solutions Attribute Aliases


External Identity Stores: OpenLDAP New, Changed, and Supported Features Availability of Attributes Based on PolicyEnable LDAP Diagnostics Log ACS 5.2 Installation Adding Network Devices to ACSExternal Identity Store with Active Directory Installation on the CSACS+ Series Network ResourcesInterface with Active Directory Appliance Types of AAA ClientsDNS Considerations Installation with VMware ESX Server Network Device Groups: LocationNTP Server Considerations Using Setup Scripts Network Device Groups: Device TypeConsiderations of Authenticating Usernames Licensing Network Devices and AAA Clientswith Domains ACS Attribute Types Local Identity Store and Identity StoreMachine Access Restrictions (MAR) Attribute Definitions SequenceWindows 2008 Compatibility and Feature Attribute Value Types Users and Identity StoresSupport Predefined Values Internal Identity StoreTesting Connectivity between ACS and AD Attribute Dictionaries External Identity StoreGroup Names Differences in ACS 4.x and Attribute Aliases Certificate Profile5.x Availability of Attributes Based on Policy Internal Identity StoresIdentity Store Sequences Adding Network Devices to ACS UsersPAP Authentication via Kerberos Network Resources GroupsAuthentication, Authorization, and Types of AAA Clients Hosts Accounting with TACACS+ Network Device Groups: Location LDAP OverviewShell Profile Network Device Groups: Device Type External Identity Stores: OpenLDAPCommand Sets Access Services Network Devices and AAA Clients Enable LDAP Diagnostics LogService Selection Rules Local Identity Store and Identity Store External Identity Store with ActiveDefault Device Admin: Authorization and Sequence DirectoryIdentity Users and Identity Stores Interface with Active DirectoryMonitoring and Troubleshooting ACS Internal Identity Store DNS ConsiderationsCisco Secure ACS View External Identity Store NTP Server ConsiderationsMonitoring and Debugging RADIUS Certificate Profile Considerations of AuthenticatingAuthentication Internal Identity Stores Usernames with DomainsMonitoring and Debugging RADIUS Users Machine Access Restrictions (MAR)Authorization Groups Windows 2008 Compatibility and FeatureMonitoring and Debugging TACACS+ Hosts SupportAuthentication LDAP Overview Testing Connectivity between ACS and ADMonitoring and Debugging TACACS+ External Identity Stores: OpenLDAP Group Names Differences in ACS 4.x andAuthorization Enable LDAP Diagnostics Log 5.xDebugging TACACS+ Packets and External Identity Store with Active Identity Store SequencesAccounting Directory PAP Authentication via KerberosACS and Certificate Authority Interface with Active Directory Authentication, Authorization, andCertificate-Based Authentication DNS Considerations Accounting with TACACS+Self-Signed Certificates NTP Server Considerations Shell ProfileThird-Party Digital Certificates Considerations of Authenticating Command Sets Access ServicesHistory Usernames with Domains Service Selection RulesIntroduction Machine Access Restrictions (MAR) Default Device Admin: Authorization andThe Port Windows 2008 Compatibility and Feature IdentityEAP Support Monitoring and Troubleshooting ACSEAP-TLS Testing Connectivity between ACS and Cisco Secure ACS ViewPEAP AD Monitoring and Debugging RADIUS802.1x Policy Elements (RADIUS) Group Names Differences in ACS 4.x AuthenticationOverview and 5.x Monitoring and Debugging RADIUSDate and Time Identity Store Sequences AuthorizationCustom PAP Authentication via Kerberos Monitoring and Debugging TACACS+Authorization Profiles Authentication, Authorization, and AuthenticationAuthorization: Downloadable ACL Accounting with TACACS+ Monitoring and Debugging TACACS+Access Policies Shell Profile AuthorizationService Selection Rules Command Sets Access Services Debugging TACACS+ Packets andAccess Services Service Selection Rules AccountingIdentity Default Device Admin: Authorization and ACS and Certificate Authority802.1x and Windows XP Identity Certificate-Based AuthenticationConfigure 802.1x Monitoring and Troubleshooting ACS Self-Signed Certificates802.1x and the Cisco Secure Services Client Cisco Secure ACS View Third-Party Digital Certificates (SSC) Monitoring and Debugging RADIUS HistoryConfigure 802.1x on the SSC Authentication IntroductionConfigure 802.1x Single Host Authentication Monitoring and Debugging RADIUS The Porton a Cisco Switch Authorization EAPSingle Host Authentication Monitoring and Debugging TACACS+ EAP-TLSSingle Host Authentication Commands Authentication PEAPCisco Sitch 802.1x Configuration Review Monitoring and Debugging TACACS+ 802.1x Policy Elements (RADIUS)802.1x Troubleshooting Authorization Overview


ACS, Switch, and Windows Troubleshooting Debugging TACACS+ Packets and Date and TimeWindows XP and Switch Debug Output Accounting CustomACS Monitoring and Reports ACS and Certificate Authority Authorization ProfilesACS Operation Management Certificate-Based Authentication Authorization: Downloadable ACLACS Deployment Structure Self-Signed Certificates Access PoliciesLocal Operations Third-Party Digital Certificates Service Selection RulesDistributed System Management History Access ServicesDistributed Management Operations Introduction IdentityReplication Overview The Port 802.1x and Windows XPLocal Operations EAP Configure 802.1xLog Collector EAP-TLS 802.1x and the Cisco Secure ServicesChange Pass PEAP Client (SSC)ord Flow 802.1x Policy Elements (RADIUS) Configure 802.1x on the SSCSystem Administration Overview Configure 802.1x Single HostAdministrators Date and Time Authentication on a Cisco SwitchUsers Custom Single Host AuthenticationOperations Authorization Profiles Single Host Authentication CommandsConfiguration Authorization: Downloadable ACL Cisco Sitch 802.1x Configuration ReviewDownloads Access Policies 802.1x Troubleshooting

Service Selection Rules ACS, Switch, and WindowsAccess Services Troubleshooting

line Identity Windows XP and Switch Debug OutputSecure Borderless Network Architecture 802.1x and Windows XP ACS Monitoring and Reports Identity-Enabled Network Use Case Configure 802.1x ACS Operation ManagementSummary 802.1x and the Cisco Secure Services ACS Deployment StructureRADIUS Basics Client (SSC) Local OperationsTACACS+ Basics Configure 802.1x on the SSC Distributed System ManagementRADIUS vs. TACACS+ Configure 802.1x Single Host Distributed Management OperationsACS 5.2 Overview Authentication on a Cisco Switch Replication OverviewHardware Platform Solutions Single Host Authentication Local OperationsSoftware Platform Solutions Single Host Authentication Commands Log CollectorNew, Changed, and Supported Features Cisco Sitch 802.1x Configuration Review Change PassACS 5.2 Installation 802.1x Troubleshooting ord FlowInstallation on the CSACS+ Series ACS, Switch, and Windows System AdministrationAppliance Troubleshooting AdministratorsInstallation with VMware ESX Server Windows XP and Switch Debug Output UsersUsing Setup Scripts ACS Monitoring and Reports OperationsLicensing ACS Operation Management ConfigurationACS Attribute Types ACS Deployment Structure DownloadsAttribute Definitions Local OperationsAttribute Value Types Distributed System ManagementPredefined Values Distributed Management Operations lineAttribute Dictionaries Replication Overview Secure Borderless Network ArchitectureAttribute Aliases Local Operations Identity-Enabled Network Use CaseAvailability of Attributes Based on Policy Log Collector Summary Adding Network Devices to ACS Change Pass RADIUS BasicsNetwork Resources ord Flow TACACS+ BasicsTypes of AAA Clients System Administration RADIUS vs. TACACS+Network Device Groups: Location Administrators ACS 5.2 OverviewNetwork Device Groups: Device Type Users Hardware Platform SolutionsNetwork Devices and AAA Clients Operations Software Platform SolutionsLocal Identity Store and Identity Store Configuration New, Changed, and Supported FeaturesSequence Downloads ACS 5.2 InstallationUsers and Identity Stores Installation on the CSACS+ SeriesInternal Identity Store ApplianceExternal Identity Store line Installation with VMware ESX ServerCertificate Profile Secure Borderless Network Architecture Using Setup ScriptsInternal Identity Stores Identity-Enabled Network Use Case LicensingUsers Summary ACS Attribute TypesGroups RADIUS Basics Attribute DefinitionsHosts TACACS+ Basics Attribute Value TypesLDAP Overview RADIUS vs. TACACS+ Predefined ValuesExternal Identity Stores: OpenLDAP ACS 5.2 Overview Attribute DictionariesEnable LDAP Diagnostics Log Hardware Platform Solutions Attribute AliasesExternal Identity Store with Active Directory Software Platform Solutions Availability of Attributes Based on PolicyInterface with Active Directory New, Changed, and Supported Features Adding Network Devices to ACS


DNS Considerations ACS 5.2 Installation Network ResourcesNTP Server Considerations Installation on the CSACS+ Series Types of AAA ClientsConsiderations of Authenticating Usernames Appliance Network Device Groups: Locationwith Domains Installation with VMware ESX Server Network Device Groups: Device TypeMachine Access Restrictions (MAR) Using Setup Scripts Network Devices and AAA ClientsWindows 2008 Compatibility and Feature Licensing Local Identity Store and Identity StoreSupport ACS Attribute Types SequenceTesting Connectivity between ACS and AD Attribute Definitions Users and Identity StoresGroup Names Differences in ACS 4.x and Attribute Value Types Internal Identity Store5.x Predefined Values External Identity StoreIdentity Store Sequences Attribute Dictionaries Certificate ProfilePAP Authentication via Kerberos Attribute Aliases Internal Identity StoresAuthentication, Authorization, and Availability of Attributes Based on Policy UsersAccounting with TACACS+ Adding Network Devices to ACS GroupsShell Profile Network Resources Hosts Command Sets Access Services Types of AAA Clients LDAP OverviewService Selection Rules Network Device Groups: Location External Identity Stores: OpenLDAPDefault Device Admin: Authorization and Network Device Groups: Device Type Enable LDAP Diagnostics LogIdentity Network Devices and AAA Clients External Identity Store with ActiveMonitoring and Troubleshooting ACS Local Identity Store and Identity Store DirectoryCisco Secure ACS View Sequence Interface with Active DirectoryMonitoring and Debugging RADIUS Users and Identity Stores DNS ConsiderationsAuthentication Internal Identity Store NTP Server ConsiderationsMonitoring and Debugging RADIUS External Identity Store Considerations of AuthenticatingAuthorization Certificate Profile Usernames with DomainsMonitoring and Debugging TACACS+ Internal Identity Stores Machine Access Restrictions (MAR)Authentication Users Windows 2008 Compatibility and FeatureMonitoring and Debugging TACACS+ Groups SupportAuthorization Hosts Testing Connectivity between ACS and ADDebugging TACACS+ Packets and LDAP Overview Group Names Differences in ACS 4.x andAccounting External Identity Stores: OpenLDAP 5.xACS and Certificate Authority Enable LDAP Diagnostics Log Identity Store SequencesCertificate-Based Authentication External Identity Store with Active PAP Authentication via KerberosSelf-Signed Certificates Directory Authentication, Authorization, andThird-Party Digital Certificates Interface with Active Directory Accounting with TACACS+History DNS Considerations Shell ProfileIntroduction NTP Server Considerations Command Sets Access ServicesThe Port Considerations of Authenticating Service Selection RulesEAP Usernames with Domains Default Device Admin: Authorization andEAP-TLS Machine Access Restrictions (MAR) IdentityPEAP Windows 2008 Compatibility and Feature Monitoring and Troubleshooting ACS802.1x Policy Elements (RADIUS) Support Cisco Secure ACS ViewOverview Testing Connectivity between ACS and Monitoring and Debugging RADIUSDate and Time AD AuthenticationCustom Group Names Differences in ACS 4.x Monitoring and Debugging RADIUSAuthorization Profiles and 5.x AuthorizationAuthorization: Downloadable ACL Identity Store Sequences Monitoring and Debugging TACACS+Access Policies PAP Authentication via Kerberos AuthenticationService Selection Rules Authentication, Authorization, and Monitoring and Debugging TACACS+Access Services Accounting with TACACS+ AuthorizationIdentity Shell Profile Debugging TACACS+ Packets and802.1x and Windows XP Command Sets Access Services AccountingConfigure 802.1x Service Selection Rules ACS and Certificate Authority802.1x and the Cisco Secure Services Client Default Device Admin: Authorization and Certificate-Based Authentication(SSC) Identity Self-Signed CertificatesConfigure 802.1x on the SSC Monitoring and Troubleshooting ACS Third-Party Digital Certificates Configure 802.1x Single Host Authentication Cisco Secure ACS View Historyon a Cisco Switch Monitoring and Debugging RADIUS IntroductionSingle Host Authentication Authentication The PortSingle Host Authentication Commands Monitoring and Debugging RADIUS EAPCisco Sitch 802.1x Configuration Review Authorization EAP-TLS802.1x Troubleshooting Monitoring and Debugging TACACS+ PEAPACS, Switch, and Windows Troubleshooting Authentication 802.1x Policy Elements (RADIUS)Windows XP and Switch Debug Output Monitoring and Debugging TACACS+ OverviewACS Monitoring and Reports Authorization Date and TimeACS Operation Management Debugging TACACS+ Packets and Custom


ACS Deployment Structure Accounting Authorization ProfilesLocal Operations ACS and Certificate Authority Authorization: Downloadable ACLDistributed System Management Certificate-Based Authentication Access PoliciesDistributed Management Operations Self-Signed Certificates Service Selection RulesReplication Overview Third-Party Digital Certificates Access ServicesLocal Operations History IdentityLog Collector Introduction 802.1x and Windows XPChange Pass The Port Configure 802.1xord Flow EAP 802.1x and the Cisco Secure ServicesSystem Administration EAP-TLS Client (SSC)Administrators PEAP Configure 802.1x on the SSCUsers 802.1x Policy Elements (RADIUS) Configure 802.1x Single HostOperations Overview Authentication on a Cisco SwitchConfiguration Date and Time Single Host AuthenticationDownloads Custom Single Host Authentication Commands

Authorization Profiles Cisco Sitch 802.1x Configuration ReviewAuthorization: Downloadable ACL 802.1x Troubleshooting

line Access Policies ACS, Switch, and WindowsSecure Borderless Network Architecture Service Selection Rules TroubleshootingIdentity-Enabled Network Use Case Access Services Windows XP and Switch Debug OutputSummary Identity ACS Monitoring and Reports RADIUS Basics 802.1x and Windows XP ACS Operation ManagementTACACS+ Basics Configure 802.1x ACS Deployment StructureRADIUS vs. TACACS+ 802.1x and the Cisco Secure Services Local OperationsACS 5.2 Overview Client (SSC) Distributed System ManagementHardware Platform Solutions Configure 802.1x on the SSC Distributed Management OperationsSoftware Platform Solutions Configure 802.1x Single Host Replication OverviewNew, Changed, and Supported Features Authentication on a Cisco Switch Local OperationsACS 5.2 Installation Single Host Authentication Log CollectorInstallation on the CSACS+ Series Single Host Authentication Commands Change PassAppliance Cisco Sitch 802.1x Configuration Review ord FlowInstallation with VMware ESX Server 802.1x Troubleshooting System AdministrationUsing Setup Scripts ACS, Switch, and Windows AdministratorsLicensing Troubleshooting UsersACS Attribute Types Windows XP and Switch Debug Output OperationsAttribute Definitions ACS Monitoring and Reports ConfigurationAttribute Value Types ACS Operation Management DownloadsPredefined Values ACS Deployment StructureAttribute Dictionaries Local OperationsAttribute Aliases Distributed System Management lineAvailability of Attributes Based on Policy Distributed Management Operations Secure Borderless Network ArchitectureAdding Network Devices to ACS Replication Overview Identity-Enabled Network Use CaseNetwork Resources Local Operations Summary Types of AAA Clients Log Collector RADIUS BasicsNetwork Device Groups: Location Change Pass TACACS+ BasicsNetwork Device Groups: Device Type ord Flow RADIUS vs. TACACS+Network Devices and AAA Clients System Administration ACS 5.2 OverviewLocal Identity Store and Identity Store Administrators Hardware Platform SolutionsSequence Users Software Platform SolutionsUsers and Identity Stores Operations New, Changed, and Supported FeaturesInternal Identity Store Configuration ACS 5.2 InstallationExternal Identity Store Downloads Installation on the CSACS+ SeriesCertificate Profile ApplianceInternal Identity Stores Installation with VMware ESX ServerUsers line Using Setup ScriptsGroups Secure Borderless Network Architecture LicensingHosts Identity-Enabled Network Use Case ACS Attribute TypesLDAP Overview Summary Attribute DefinitionsExternal Identity Stores: OpenLDAP RADIUS Basics Attribute Value TypesEnable LDAP Diagnostics Log TACACS+ Basics Predefined ValuesExternal Identity Store with Active Directory RADIUS vs. TACACS+ Attribute DictionariesInterface with Active Directory ACS 5.2 Overview Attribute AliasesDNS Considerations Hardware Platform Solutions Availability of Attributes Based on PolicyNTP Server Considerations Software Platform Solutions Adding Network Devices to ACSConsiderations of Authenticating Usernames New, Changed, and Supported Features Network Resourceswith Domains ACS 5.2 Installation Types of AAA Clients


Machine Access Restrictions (MAR) Installation on the CSACS+ Series Network Device Groups: LocationWindows 2008 Compatibility and Feature Appliance Network Device Groups: Device TypeSupport Installation with VMware ESX Server Network Devices and AAA ClientsTesting Connectivity between ACS and AD Using Setup Scripts Local Identity Store and Identity StoreGroup Names Differences in ACS 4.x and Licensing Sequence5.x ACS Attribute Types Users and Identity StoresIdentity Store Sequences Attribute Definitions Internal Identity StorePAP Authentication via Kerberos Attribute Value Types External Identity StoreAuthentication, Authorization, and Predefined Values Certificate ProfileAccounting with TACACS+ Attribute Dictionaries Internal Identity StoresShell Profile Attribute Aliases UsersCommand Sets Access Services Availability of Attributes Based on Policy GroupsService Selection Rules Adding Network Devices to ACS Hosts Default Device Admin: Authorization and Network Resources LDAP OverviewIdentity Types of AAA Clients External Identity Stores: OpenLDAPMonitoring and Troubleshooting ACS Network Device Groups: Location Enable LDAP Diagnostics LogCisco Secure ACS View Network Device Groups: Device Type External Identity Store with ActiveMonitoring and Debugging RADIUS Network Devices and AAA Clients DirectoryAuthentication Local Identity Store and Identity Store Interface with Active DirectoryMonitoring and Debugging RADIUS Sequence DNS ConsiderationsAuthorization Users and Identity Stores NTP Server ConsiderationsMonitoring and Debugging TACACS+ Internal Identity Store Considerations of AuthenticatingAuthentication External Identity Store Usernames with DomainsMonitoring and Debugging TACACS+ Certificate Profile Machine Access Restrictions (MAR)Authorization Internal Identity Stores Windows 2008 Compatibility and FeatureDebugging TACACS+ Packets and Users SupportAccounting Groups Testing Connectivity between ACS and ADACS and Certificate Authority Hosts Group Names Differences in ACS 4.x andCertificate-Based Authentication LDAP Overview 5.xSelf-Signed Certificates External Identity Stores: OpenLDAP Identity Store SequencesThird-Party Digital Certificates Enable LDAP Diagnostics Log PAP Authentication via KerberosHistory External Identity Store with Active Authentication, Authorization, andIntroduction Directory Accounting with TACACS+The Port Interface with Active Directory Shell ProfileEAP DNS Considerations Command Sets Access ServicesEAP-TLS NTP Server Considerations Service Selection RulesPEAP Considerations of Authenticating Default Device Admin: Authorization and802.1x Policy Elements (RADIUS) Usernames with Domains IdentityOverview Machine Access Restrictions (MAR) Monitoring and Troubleshooting ACSDate and Time Windows 2008 Compatibility and Feature Cisco Secure ACS ViewCustom Support Monitoring and Debugging RADIUSAuthorization Profiles Testing Connectivity between ACS and AuthenticationAuthorization: Downloadable ACL AD Monitoring and Debugging RADIUSAccess Policies Group Names Differences in ACS 4.x AuthorizationService Selection Rules and 5.x Monitoring and Debugging TACACS+Access Services Identity Store Sequences AuthenticationIdentity PAP Authentication via Kerberos Monitoring and Debugging TACACS+802.1x and Windows XP Authentication, Authorization, and AuthorizationConfigure 802.1x Accounting with TACACS+ Debugging TACACS+ Packets and802.1x and the Cisco Secure Services Client Shell Profile Accounting(SSC) Command Sets Access Services ACS and Certificate AuthorityConfigure 802.1x on the SSC Service Selection Rules Certificate-Based AuthenticationConfigure 802.1x Single Host Authentication Default Device Admin: Authorization and Self-Signed Certificateson a Cisco Switch Identity Third-Party Digital Certificates Single Host Authentication Monitoring and Troubleshooting ACS HistorySingle Host Authentication Commands Cisco Secure ACS View IntroductionCisco Sitch 802.1x Configuration Review Monitoring and Debugging RADIUS The Port802.1x Troubleshooting Authentication EAPACS, Switch, and Windows Troubleshooting Monitoring and Debugging RADIUS EAP-TLSWindows XP and Switch Debug Output Authorization PEAPACS Monitoring and Reports Monitoring and Debugging TACACS+ 802.1x Policy Elements (RADIUS)ACS Operation Management Authentication OverviewACS Deployment Structure Monitoring and Debugging TACACS+ Date and TimeLocal Operations Authorization CustomDistributed System Management Debugging TACACS+ Packets and Authorization ProfilesDistributed Management Operations Accounting Authorization: Downloadable ACL


Replication Overview ACS and Certificate Authority Access PoliciesLocal Operations Certificate-Based Authentication Service Selection RulesLog Collector Self-Signed Certificates Access ServicesChange Pass Third-Party Digital Certificates Identityord Flow History 802.1x and Windows XPSystem Administration Introduction Configure 802.1xAdministrators The Port 802.1x and the Cisco Secure ServicesUsers EAP Client (SSC)Operations EAP-TLS Configure 802.1x on the SSCConfiguration PEAP Configure 802.1x Single HostDownloads 802.1x Policy Elements (RADIUS) Authentication on a Cisco Switch

Overview Single Host AuthenticationDate and Time Single Host Authentication Commands

line Custom Cisco Sitch 802.1x Configuration ReviewSecure Borderless Network Architecture Authorization Profiles 802.1x TroubleshootingIdentity-Enabled Network Use Case Authorization: Downloadable ACL ACS, Switch, and WindowsSummary Access Policies TroubleshootingRADIUS Basics Service Selection Rules Windows XP and Switch Debug OutputTACACS+ Basics Access Services ACS Monitoring and Reports RADIUS vs. TACACS+ Identity ACS Operation ManagementACS 5.2 Overview 802.1x and Windows XP ACS Deployment StructureHardware Platform Solutions Configure 802.1x Local OperationsSoftware Platform Solutions 802.1x and the Cisco Secure Services Distributed System ManagementNew, Changed, and Supported Features Client (SSC) Distributed Management OperationsACS 5.2 Installation Configure 802.1x on the SSC Replication OverviewInstallation on the CSACS+ Series Configure 802.1x Single Host Local OperationsAppliance Authentication on a Cisco Switch Log CollectorInstallation with VMware ESX Server Single Host Authentication Change PassUsing Setup Scripts Single Host Authentication Commands ord FlowLicensing Cisco Sitch 802.1x Configuration Review System AdministrationACS Attribute Types 802.1x Troubleshooting AdministratorsAttribute Definitions ACS, Switch, and Windows UsersAttribute Value Types Troubleshooting OperationsPredefined Values Windows XP and Switch Debug Output ConfigurationAttribute Dictionaries ACS Monitoring and Reports DownloadsAttribute Aliases ACS Operation ManagementAvailability of Attributes Based on Policy ACS Deployment StructureAdding Network Devices to ACS Local Operations lineNetwork Resources Distributed System Management Secure Borderless Network ArchitectureTypes of AAA Clients Distributed Management Operations Identity-Enabled Network Use CaseNetwork Device Groups: Location Replication Overview Summary Network Device Groups: Device Type Local Operations RADIUS BasicsNetwork Devices and AAA Clients Log Collector TACACS+ BasicsLocal Identity Store and Identity Store Change Pass RADIUS vs. TACACS+Sequence ord Flow ACS 5.2 OverviewUsers and Identity Stores System Administration Hardware Platform SolutionsInternal Identity Store Administrators Software Platform SolutionsExternal Identity Store Users New, Changed, and Supported FeaturesCertificate Profile Operations ACS 5.2 InstallationInternal Identity Stores Configuration Installation on the CSACS+ SeriesUsers Downloads ApplianceGroups Installation with VMware ESX ServerHosts Using Setup ScriptsLDAP Overview line LicensingExternal Identity Stores: OpenLDAP Secure Borderless Network Architecture ACS Attribute TypesEnable LDAP Diagnostics Log Identity-Enabled Network Use Case Attribute DefinitionsExternal Identity Store with Active Directory Summary Attribute Value TypesInterface with Active Directory RADIUS Basics Predefined ValuesDNS Considerations TACACS+ Basics Attribute DictionariesNTP Server Considerations RADIUS vs. TACACS+ Attribute AliasesConsiderations of Authenticating Usernames ACS 5.2 Overview Availability of Attributes Based on Policywith Domains Hardware Platform Solutions Adding Network Devices to ACSMachine Access Restrictions (MAR) Software Platform Solutions Network ResourcesWindows 2008 Compatibility and Feature New, Changed, and Supported Features Types of AAA ClientsSupport ACS 5.2 Installation Network Device Groups: LocationTesting Connectivity between ACS and AD Installation on the CSACS+ Series Network Device Groups: Device Type


Group Names Differences in ACS 4.x and Appliance Network Devices and AAA Clients5.x Installation with VMware ESX Server Local Identity Store and Identity StoreIdentity Store Sequences Using Setup Scripts SequencePAP Authentication via Kerberos Licensing Users and Identity StoresAuthentication, Authorization, and ACS Attribute Types Internal Identity StoreAccounting with TACACS+ Attribute Definitions External Identity StoreShell Profile Attribute Value Types Certificate ProfileCommand Sets Access Services Predefined Values Internal Identity StoresService Selection Rules Attribute Dictionaries UsersDefault Device Admin: Authorization and Attribute Aliases GroupsIdentity Availability of Attributes Based on Policy Hosts Monitoring and Troubleshooting ACS Adding Network Devices to ACS LDAP OverviewCisco Secure ACS View Network Resources External Identity Stores: OpenLDAPMonitoring and Debugging RADIUS Types of AAA Clients Enable LDAP Diagnostics LogAuthentication Network Device Groups: Location External Identity Store with ActiveMonitoring and Debugging RADIUS Network Device Groups: Device Type DirectoryAuthorization Network Devices and AAA Clients Interface with Active DirectoryMonitoring and Debugging TACACS+ Local Identity Store and Identity Store DNS ConsiderationsAuthentication Sequence NTP Server ConsiderationsMonitoring and Debugging TACACS+ Users and Identity Stores Considerations of AuthenticatingAuthorization Internal Identity Store Usernames with DomainsDebugging TACACS+ Packets and External Identity Store Machine Access Restrictions (MAR)Accounting Certificate Profile Windows 2008 Compatibility and FeatureACS and Certificate Authority Internal Identity Stores SupportCertificate-Based Authentication Users Testing Connectivity between ACS and ADSelf-Signed Certificates Groups Group Names Differences in ACS 4.x andThird-Party Digital Certificates Hosts 5.xHistory LDAP Overview Identity Store SequencesIntroduction External Identity Stores: OpenLDAP PAP Authentication via KerberosThe Port Enable LDAP Diagnostics Log Authentication, Authorization, andEAP External Identity Store with Active Accounting with TACACS+EAP-TLS Directory Shell ProfilePEAP Interface with Active Directory Command Sets Access Services802.1x Policy Elements (RADIUS) DNS Considerations Service Selection RulesOverview NTP Server Considerations Default Device Admin: Authorization andDate and Time Considerations of Authenticating IdentityCustom Usernames with Domains Monitoring and Troubleshooting ACSAuthorization Profiles Machine Access Restrictions (MAR) Cisco Secure ACS ViewAuthorization: Downloadable ACL Windows 2008 Compatibility and Feature Monitoring and Debugging RADIUSAccess Policies Support AuthenticationService Selection Rules Testing Connectivity between ACS and Monitoring and Debugging RADIUSAccess Services AD AuthorizationIdentity Group Names Differences in ACS 4.x Monitoring and Debugging TACACS+802.1x and Windows XP and 5.x AuthenticationConfigure 802.1x Identity Store Sequences Monitoring and Debugging TACACS+802.1x and the Cisco Secure Services Client PAP Authentication via Kerberos Authorization(SSC) Authentication, Authorization, and Debugging TACACS+ Packets andConfigure 802.1x on the SSC Accounting with TACACS+ AccountingConfigure 802.1x Single Host Authentication Shell Profile ACS and Certificate Authorityon a Cisco Switch Command Sets Access Services Certificate-Based AuthenticationSingle Host Authentication Service Selection Rules Self-Signed CertificatesSingle Host Authentication Commands Default Device Admin: Authorization and Third-Party Digital Certificates Cisco Sitch 802.1x Configuration Review Identity History802.1x Troubleshooting Monitoring and Troubleshooting ACS IntroductionACS, Switch, and Windows Troubleshooting Cisco Secure ACS View The PortWindows XP and Switch Debug Output Monitoring and Debugging RADIUS EAPACS Monitoring and Reports Authentication EAP-TLSACS Operation Management Monitoring and Debugging RADIUS PEAPACS Deployment Structure Authorization 802.1x Policy Elements (RADIUS)Local Operations Monitoring and Debugging TACACS+ OverviewDistributed System Management Authentication Date and TimeDistributed Management Operations Monitoring and Debugging TACACS+ CustomReplication Overview Authorization Authorization ProfilesLocal Operations Debugging TACACS+ Packets and Authorization: Downloadable ACLLog Collector Accounting Access PoliciesChange Pass ACS and Certificate Authority Service Selection Rules


ord Flow Certificate-Based Authentication Access ServicesSystem Administration Self-Signed Certificates IdentityAdministrators Third-Party Digital Certificates 802.1x and Windows XPUsers History Configure 802.1xOperations Introduction 802.1x and the Cisco Secure ServicesConfiguration The Port Client (SSC)Downloads EAP Configure 802.1x on the SSC

EAP-TLS Configure 802.1x Single HostPEAP Authentication on a Cisco Switch

line 802.1x Policy Elements (RADIUS) Single Host AuthenticationSecure Borderless Network Architecture Overview Single Host Authentication CommandsIdentity-Enabled Network Use Case Date and Time Cisco Sitch 802.1x Configuration ReviewSummary Custom 802.1x TroubleshootingRADIUS Basics Authorization Profiles ACS, Switch, and WindowsTACACS+ Basics Authorization: Downloadable ACL TroubleshootingRADIUS vs. TACACS+ Access Policies Windows XP and Switch Debug OutputACS 5.2 Overview Service Selection Rules ACS Monitoring and Reports Hardware Platform Solutions Access Services ACS Operation ManagementSoftware Platform Solutions Identity ACS Deployment StructureNew, Changed, and Supported Features 802.1x and Windows XP Local OperationsACS 5.2 Installation Configure 802.1x Distributed System ManagementInstallation on the CSACS+ Series 802.1x and the Cisco Secure Services Distributed Management OperationsAppliance Client (SSC) Replication OverviewInstallation with VMware ESX Server Configure 802.1x on the SSC Local OperationsUsing Setup Scripts Configure 802.1x Single Host Log CollectorLicensing Authentication on a Cisco Switch Change PassACS Attribute Types Single Host Authentication ord FlowAttribute Definitions Single Host Authentication Commands System AdministrationAttribute Value Types Cisco Sitch 802.1x Configuration Review AdministratorsPredefined Values 802.1x Troubleshooting UsersAttribute Dictionaries ACS, Switch, and Windows OperationsAttribute Aliases Troubleshooting ConfigurationAvailability of Attributes Based on Policy Windows XP and Switch Debug Output DownloadsAdding Network Devices to ACS ACS Monitoring and Reports Network Resources ACS Operation ManagementTypes of AAA Clients ACS Deployment Structure lineNetwork Device Groups: Location Local Operations Secure Borderless Network ArchitectureNetwork Device Groups: Device Type Distributed System Management Identity-Enabled Network Use CaseNetwork Devices and AAA Clients Distributed Management Operations Summary Local Identity Store and Identity Store Replication Overview RADIUS BasicsSequence Local Operations TACACS+ BasicsUsers and Identity Stores Log Collector RADIUS vs. TACACS+Internal Identity Store Change Pass ACS 5.2 OverviewExternal Identity Store ord Flow Hardware Platform SolutionsCertificate Profile System Administration Software Platform SolutionsInternal Identity Stores Administrators New, Changed, and Supported FeaturesUsers Users ACS 5.2 InstallationGroups Operations Installation on the CSACS+ SeriesHosts Configuration ApplianceLDAP Overview Downloads Installation with VMware ESX ServerExternal Identity Stores: OpenLDAP Using Setup ScriptsEnable LDAP Diagnostics Log LicensingExternal Identity Store with Active Directory line ACS Attribute TypesInterface with Active Directory Secure Borderless Network Architecture Attribute DefinitionsDNS Considerations Identity-Enabled Network Use Case Attribute Value TypesNTP Server Considerations Summary Predefined ValuesConsiderations of Authenticating Usernames RADIUS Basics Attribute Dictionarieswith Domains TACACS+ Basics Attribute AliasesMachine Access Restrictions (MAR) RADIUS vs. TACACS+ Availability of Attributes Based on PolicyWindows 2008 Compatibility and Feature ACS 5.2 Overview Adding Network Devices to ACSSupport Hardware Platform Solutions Network ResourcesTesting Connectivity between ACS and AD Software Platform Solutions Types of AAA ClientsGroup Names Differences in ACS 4.x and New, Changed, and Supported Features Network Device Groups: Location5.x ACS 5.2 Installation Network Device Groups: Device TypeIdentity Store Sequences Installation on the CSACS+ Series Network Devices and AAA ClientsPAP Authentication via Kerberos Appliance Local Identity Store and Identity Store


Authentication, Authorization, and Installation with VMware ESX Server SequenceAccounting with TACACS+ Using Setup Scripts Users and Identity StoresShell Profile Licensing Internal Identity StoreCommand Sets Access Services ACS Attribute Types External Identity StoreService Selection Rules Attribute Definitions Certificate ProfileDefault Device Admin: Authorization and Attribute Value Types Internal Identity StoresIdentity Predefined Values UsersMonitoring and Troubleshooting ACS Attribute Dictionaries GroupsCisco Secure ACS View Attribute Aliases Hosts Monitoring and Debugging RADIUS Availability of Attributes Based on Policy LDAP OverviewAuthentication Adding Network Devices to ACS External Identity Stores: OpenLDAPMonitoring and Debugging RADIUS Network Resources Enable LDAP Diagnostics LogAuthorization Types of AAA Clients External Identity Store with ActiveMonitoring and Debugging TACACS+ Network Device Groups: Location DirectoryAuthentication Network Device Groups: Device Type Interface with Active DirectoryMonitoring and Debugging TACACS+ Network Devices and AAA Clients DNS ConsiderationsAuthorization Local Identity Store and Identity Store NTP Server ConsiderationsDebugging TACACS+ Packets and Sequence Considerations of AuthenticatingAccounting Users and Identity Stores Usernames with DomainsACS and Certificate Authority Internal Identity Store Machine Access Restrictions (MAR)Certificate-Based Authentication External Identity Store Windows 2008 Compatibility and FeatureSelf-Signed Certificates Certificate Profile SupportThird-Party Digital Certificates Internal Identity Stores Testing Connectivity between ACS and ADHistory Users Group Names Differences in ACS 4.x andIntroduction Groups 5.xThe Port Hosts Identity Store SequencesEAP LDAP Overview PAP Authentication via KerberosEAP-TLS External Identity Stores: OpenLDAP Authentication, Authorization, andPEAP Enable LDAP Diagnostics Log Accounting with TACACS+802.1x Policy Elements (RADIUS) External Identity Store with Active Shell ProfileOverview Directory Command Sets Access ServicesDate and Time Interface with Active Directory Service Selection RulesCustom DNS Considerations Default Device Admin: Authorization andAuthorization Profiles NTP Server Considerations IdentityAuthorization: Downloadable ACL Considerations of Authenticating Monitoring and Troubleshooting ACSAccess Policies Usernames with Domains Cisco Secure ACS ViewService Selection Rules Machine Access Restrictions (MAR) Monitoring and Debugging RADIUSAccess Services Windows 2008 Compatibility and Feature AuthenticationIdentity Support Monitoring and Debugging RADIUS802.1x and Windows XP Testing Connectivity between ACS and AuthorizationConfigure 802.1x AD Monitoring and Debugging TACACS+802.1x and the Cisco Secure Services Client Group Names Differences in ACS 4.x Authentication(SSC) and 5.x Monitoring and Debugging TACACS+Configure 802.1x on the SSC Identity Store Sequences AuthorizationConfigure 802.1x Single Host Authentication PAP Authentication via Kerberos Debugging TACACS+ Packets andon a Cisco Switch Authentication, Authorization, and AccountingSingle Host Authentication Accounting with TACACS+ ACS and Certificate AuthoritySingle Host Authentication Commands Shell Profile Certificate-Based AuthenticationCisco Sitch 802.1x Configuration Review Command Sets Access Services Self-Signed Certificates802.1x Troubleshooting Service Selection Rules Third-Party Digital Certificates ACS, Switch, and Windows Troubleshooting Default Device Admin: Authorization and HistoryWindows XP and Switch Debug Output Identity IntroductionACS Monitoring and Reports Monitoring and Troubleshooting ACS The PortACS Operation Management Cisco Secure ACS View EAPACS Deployment Structure Monitoring and Debugging RADIUS EAP-TLSLocal Operations Authentication PEAPDistributed System Management Monitoring and Debugging RADIUS 802.1x Policy Elements (RADIUS)Distributed Management Operations Authorization OverviewReplication Overview Monitoring and Debugging TACACS+ Date and TimeLocal Operations Authentication CustomLog Collector Monitoring and Debugging TACACS+ Authorization ProfilesChange Pass Authorization Authorization: Downloadable ACLord Flow Debugging TACACS+ Packets and Access PoliciesSystem Administration Accounting Service Selection RulesAdministrators ACS and Certificate Authority Access ServicesUsers Certificate-Based Authentication Identity


Operations Self-Signed Certificates 802.1x and Windows XPConfiguration Third-Party Digital Certificates Configure 802.1xDownloads History 802.1x and the Cisco Secure Services

Introduction Client (SSC)The Port Configure 802.1x on the SSC

line EAP Configure 802.1x Single HostSecure Borderless Network Architecture EAP-TLS Authentication on a Cisco SwitchIdentity-Enabled Network Use Case PEAP Single Host AuthenticationSummary 802.1x Policy Elements (RADIUS) Single Host Authentication CommandsRADIUS Basics Overview Cisco Sitch 802.1x Configuration ReviewTACACS+ Basics Date and Time 802.1x TroubleshootingRADIUS vs. TACACS+ Custom ACS, Switch, and WindowsACS 5.2 Overview Authorization Profiles TroubleshootingHardware Platform Solutions Authorization: Downloadable ACL Windows XP and Switch Debug OutputSoftware Platform Solutions Access Policies ACS Monitoring and Reports New, Changed, and Supported Features Service Selection Rules ACS Operation ManagementACS 5.2 Installation Access Services ACS Deployment StructureInstallation on the CSACS+ Series Identity Local OperationsAppliance 802.1x and Windows XP Distributed System ManagementInstallation with VMware ESX Server Configure 802.1x Distributed Management OperationsUsing Setup Scripts 802.1x and the Cisco Secure Services Replication OverviewLicensing Client (SSC) Local OperationsACS Attribute Types Configure 802.1x on the SSC Log CollectorAttribute Definitions Configure 802.1x Single Host Change PassAttribute Value Types Authentication on a Cisco Switch ord FlowPredefined Values Single Host Authentication System AdministrationAttribute Dictionaries Single Host Authentication Commands AdministratorsAttribute Aliases Cisco Sitch 802.1x Configuration Review UsersAvailability of Attributes Based on Policy 802.1x Troubleshooting OperationsAdding Network Devices to ACS ACS, Switch, and Windows ConfigurationNetwork Resources Troubleshooting DownloadsTypes of AAA Clients Windows XP and Switch Debug OutputNetwork Device Groups: Location ACS Monitoring and Reports Network Device Groups: Device Type ACS Operation Management lineNetwork Devices and AAA Clients ACS Deployment Structure Secure Borderless Network ArchitectureLocal Identity Store and Identity Store Local Operations Identity-Enabled Network Use CaseSequence Distributed System Management Summary Users and Identity Stores Distributed Management Operations RADIUS BasicsInternal Identity Store Replication Overview TACACS+ BasicsExternal Identity Store Local Operations RADIUS vs. TACACS+Certificate Profile Log Collector ACS 5.2 OverviewInternal Identity Stores Change Pass Hardware Platform SolutionsUsers ord Flow Software Platform SolutionsGroups System Administration New, Changed, and Supported FeaturesHosts Administrators ACS 5.2 InstallationLDAP Overview Users Installation on the CSACS+ SeriesExternal Identity Stores: OpenLDAP Operations ApplianceEnable LDAP Diagnostics Log Configuration Installation with VMware ESX ServerExternal Identity Store with Active Directory Downloads Using Setup ScriptsInterface with Active Directory LicensingDNS Considerations ACS Attribute TypesNTP Server Considerations line Attribute DefinitionsConsiderations of Authenticating Usernames Secure Borderless Network Architecture Attribute Value Typeswith Domains Identity-Enabled Network Use Case Predefined ValuesMachine Access Restrictions (MAR) Summary Attribute DictionariesWindows 2008 Compatibility and Feature RADIUS Basics Attribute AliasesSupport TACACS+ Basics Availability of Attributes Based on PolicyTesting Connectivity between ACS and AD RADIUS vs. TACACS+ Adding Network Devices to ACSGroup Names Differences in ACS 4.x and ACS 5.2 Overview Network Resources5.x Hardware Platform Solutions Types of AAA ClientsIdentity Store Sequences Software Platform Solutions Network Device Groups: LocationPAP Authentication via Kerberos New, Changed, and Supported Features Network Device Groups: Device TypeAuthentication, Authorization, and ACS 5.2 Installation Network Devices and AAA ClientsAccounting with TACACS+ Installation on the CSACS+ Series Local Identity Store and Identity StoreShell Profile Appliance SequenceCommand Sets Access Services Installation with VMware ESX Server Users and Identity Stores


Service Selection Rules Using Setup Scripts Internal Identity StoreDefault Device Admin: Authorization and Licensing External Identity StoreIdentity ACS Attribute Types Certificate ProfileMonitoring and Troubleshooting ACS Attribute Definitions Internal Identity StoresCisco Secure ACS View Attribute Value Types UsersMonitoring and Debugging RADIUS Predefined Values GroupsAuthentication Attribute Dictionaries Hosts Monitoring and Debugging RADIUS Attribute Aliases LDAP OverviewAuthorization Availability of Attributes Based on Policy External Identity Stores: OpenLDAPMonitoring and Debugging TACACS+ Adding Network Devices to ACS Enable LDAP Diagnostics LogAuthentication Network Resources External Identity Store with ActiveMonitoring and Debugging TACACS+ Types of AAA Clients DirectoryAuthorization Network Device Groups: Location Interface with Active DirectoryDebugging TACACS+ Packets and Network Device Groups: Device Type DNS ConsiderationsAccounting Network Devices and AAA Clients NTP Server ConsiderationsACS and Certificate Authority Local Identity Store and Identity Store Considerations of AuthenticatingCertificate-Based Authentication Sequence Usernames with DomainsSelf-Signed Certificates Users and Identity Stores Machine Access Restrictions (MAR)Third-Party Digital Certificates Internal Identity Store Windows 2008 Compatibility and FeatureHistory External Identity Store SupportIntroduction Certificate Profile Testing Connectivity between ACS and ADThe Port Internal Identity Stores Group Names Differences in ACS 4.x andEAP Users 5.xEAP-TLS Groups Identity Store SequencesPEAP Hosts PAP Authentication via Kerberos802.1x Policy Elements (RADIUS) LDAP Overview Authentication, Authorization, andOverview External Identity Stores: OpenLDAP Accounting with TACACS+Date and Time Enable LDAP Diagnostics Log Shell ProfileCustom External Identity Store with Active Command Sets Access ServicesAuthorization Profiles Directory Service Selection RulesAuthorization: Downloadable ACL Interface with Active Directory Default Device Admin: Authorization andAccess Policies DNS Considerations IdentityService Selection Rules NTP Server Considerations Monitoring and Troubleshooting ACSAccess Services Considerations of Authenticating Cisco Secure ACS ViewIdentity Usernames with Domains Monitoring and Debugging RADIUS802.1x and Windows XP Machine Access Restrictions (MAR) AuthenticationConfigure 802.1x Windows 2008 Compatibility and Feature Monitoring and Debugging RADIUS802.1x and the Cisco Secure Services Client Support Authorization(SSC) Testing Connectivity between ACS and Monitoring and Debugging TACACS+Configure 802.1x on the SSC AD AuthenticationConfigure 802.1x Single Host Authentication Group Names Differences in ACS 4.x Monitoring and Debugging TACACS+on a Cisco Switch and 5.x AuthorizationSingle Host Authentication Identity Store Sequences Debugging TACACS+ Packets andSingle Host Authentication Commands PAP Authentication via Kerberos AccountingCisco Sitch 802.1x Configuration Review Authentication, Authorization, and ACS and Certificate Authority802.1x Troubleshooting Accounting with TACACS+ Certificate-Based AuthenticationACS, Switch, and Windows Troubleshooting Shell Profile Self-Signed CertificatesWindows XP and Switch Debug Output Command Sets Access Services Third-Party Digital Certificates ACS Monitoring and Reports Service Selection Rules HistoryACS Operation Management Default Device Admin: Authorization and IntroductionACS Deployment Structure Identity The PortLocal Operations Monitoring and Troubleshooting ACS EAPDistributed System Management Cisco Secure ACS View EAP-TLSDistributed Management Operations Monitoring and Debugging RADIUS PEAPReplication Overview Authentication 802.1x Policy Elements (RADIUS)Local Operations Monitoring and Debugging RADIUS OverviewLog Collector Authorization Date and TimeChange Pass Monitoring and Debugging TACACS+ Customord Flow Authentication Authorization ProfilesSystem Administration Monitoring and Debugging TACACS+ Authorization: Downloadable ACLAdministrators Authorization Access PoliciesUsers Debugging TACACS+ Packets and Service Selection RulesOperations Accounting Access ServicesConfiguration ACS and Certificate Authority IdentityDownloads Certificate-Based Authentication 802.1x and Windows XP

Self-Signed Certificates Configure 802.1x


Third-Party Digital Certificates 802.1x and the Cisco Secure Servicesline History Client (SSC)

Secure Borderless Network Architecture Introduction Configure 802.1x on the SSCIdentity-Enabled Network Use Case The Port Configure 802.1x Single HostSummary EAP Authentication on a Cisco SwitchRADIUS Basics EAP-TLS Single Host AuthenticationTACACS+ Basics PEAP Single Host Authentication CommandsRADIUS vs. TACACS+ 802.1x Policy Elements (RADIUS) Cisco Sitch 802.1x Configuration ReviewACS 5.2 Overview Overview 802.1x TroubleshootingHardware Platform Solutions Date and Time ACS, Switch, and WindowsSoftware Platform Solutions Custom TroubleshootingNew, Changed, and Supported Features Authorization Profiles Windows XP and Switch Debug OutputACS 5.2 Installation Authorization: Downloadable ACL ACS Monitoring and Reports Installation on the CSACS+ Series Access Policies ACS Operation ManagementAppliance Service Selection Rules ACS Deployment StructureInstallation with VMware ESX Server Access Services Local OperationsUsing Setup Scripts Identity Distributed System ManagementLicensing 802.1x and Windows XP Distributed Management OperationsACS Attribute Types Configure 802.1x Replication OverviewAttribute Definitions 802.1x and the Cisco Secure Services Local OperationsAttribute Value Types Client (SSC) Log CollectorPredefined Values Configure 802.1x on the SSC Change PassAttribute Dictionaries Configure 802.1x Single Host ord FlowAttribute Aliases Authentication on a Cisco Switch System AdministrationAvailability of Attributes Based on Policy Single Host Authentication AdministratorsAdding Network Devices to ACS Single Host Authentication Commands UsersNetwork Resources Cisco Sitch 802.1x Configuration Review OperationsTypes of AAA Clients 802.1x Troubleshooting ConfigurationNetwork Device Groups: Location ACS, Switch, and Windows DownloadsNetwork Device Groups: Device Type TroubleshootingNetwork Devices and AAA Clients Windows XP and Switch Debug OutputLocal Identity Store and Identity Store ACS Monitoring and Reports lineSequence ACS Operation Management Secure Borderless Network ArchitectureUsers and Identity Stores ACS Deployment Structure Identity-Enabled Network Use CaseInternal Identity Store Local Operations Summary External Identity Store Distributed System Management RADIUS BasicsCertificate Profile Distributed Management Operations TACACS+ BasicsInternal Identity Stores Replication Overview RADIUS vs. TACACS+Users Local Operations ACS 5.2 OverviewGroups Log Collector Hardware Platform SolutionsHosts Change Pass Software Platform SolutionsLDAP Overview ord Flow New, Changed, and Supported FeaturesExternal Identity Stores: OpenLDAP System Administration ACS 5.2 InstallationEnable LDAP Diagnostics Log Administrators Installation on the CSACS+ SeriesExternal Identity Store with Active Directory Users ApplianceInterface with Active Directory Operations Installation with VMware ESX ServerDNS Considerations Configuration Using Setup ScriptsNTP Server Considerations Downloads LicensingConsiderations of Authenticating Usernames ACS Attribute Typeswith Domains Attribute DefinitionsMachine Access Restrictions (MAR) line Attribute Value TypesWindows 2008 Compatibility and Feature Secure Borderless Network Architecture Predefined ValuesSupport Identity-Enabled Network Use Case Attribute DictionariesTesting Connectivity between ACS and AD Summary Attribute AliasesGroup Names Differences in ACS 4.x and RADIUS Basics Availability of Attributes Based on Policy5.x TACACS+ Basics Adding Network Devices to ACSIdentity Store Sequences RADIUS vs. TACACS+ Network ResourcesPAP Authentication via Kerberos ACS 5.2 Overview Types of AAA ClientsAuthentication, Authorization, and Hardware Platform Solutions Network Device Groups: LocationAccounting with TACACS+ Software Platform Solutions Network Device Groups: Device TypeShell Profile New, Changed, and Supported Features Network Devices and AAA ClientsCommand Sets Access Services ACS 5.2 Installation Local Identity Store and Identity StoreService Selection Rules Installation on the CSACS+ Series SequenceDefault Device Admin: Authorization and Appliance Users and Identity StoresIdentity Installation with VMware ESX Server Internal Identity StoreMonitoring and Troubleshooting ACS Using Setup Scripts External Identity Store


Cisco Secure ACS View Licensing Certificate ProfileMonitoring and Debugging RADIUS ACS Attribute Types Internal Identity StoresAuthentication Attribute Definitions UsersMonitoring and Debugging RADIUS Attribute Value Types GroupsAuthorization Predefined Values Hosts Monitoring and Debugging TACACS+ Attribute Dictionaries LDAP OverviewAuthentication Attribute Aliases External Identity Stores: OpenLDAPMonitoring and Debugging TACACS+ Availability of Attributes Based on Policy Enable LDAP Diagnostics LogAuthorization Adding Network Devices to ACS External Identity Store with ActiveDebugging TACACS+ Packets and Network Resources DirectoryAccounting Types of AAA Clients Interface with Active DirectoryACS and Certificate Authority Network Device Groups: Location DNS ConsiderationsCertificate-Based Authentication Network Device Groups: Device Type NTP Server ConsiderationsSelf-Signed Certificates Network Devices and AAA Clients Considerations of AuthenticatingThird-Party Digital Certificates Local Identity Store and Identity Store Usernames with DomainsHistory Sequence Machine Access Restrictions (MAR)Introduction Users and Identity Stores Windows 2008 Compatibility and FeatureThe Port Internal Identity Store SupportEAP External Identity Store Testing Connectivity between ACS and ADEAP-TLS Certificate Profile Group Names Differences in ACS 4.x andPEAP Internal Identity Stores 5.x802.1x Policy Elements (RADIUS) Users Identity Store SequencesOverview Groups PAP Authentication via KerberosDate and Time Hosts Authentication, Authorization, andCustom LDAP Overview Accounting with TACACS+Authorization Profiles External Identity Stores: OpenLDAP Shell ProfileAuthorization: Downloadable ACL Enable LDAP Diagnostics Log Command Sets Access ServicesAccess Policies External Identity Store with Active Service Selection RulesService Selection Rules Directory Default Device Admin: Authorization andAccess Services Interface with Active Directory IdentityIdentity DNS Considerations Monitoring and Troubleshooting ACS802.1x and Windows XP NTP Server Considerations Cisco Secure ACS ViewConfigure 802.1x Considerations of Authenticating Monitoring and Debugging RADIUS802.1x and the Cisco Secure Services Client Usernames with Domains Authentication(SSC) Machine Access Restrictions (MAR) Monitoring and Debugging RADIUSConfigure 802.1x on the SSC Windows 2008 Compatibility and Feature AuthorizationConfigure 802.1x Single Host Authentication Support Monitoring and Debugging TACACS+on a Cisco Switch Testing Connectivity between ACS and AuthenticationSingle Host Authentication AD Monitoring and Debugging TACACS+Single Host Authentication Commands Group Names Differences in ACS 4.x AuthorizationCisco Sitch 802.1x Configuration Review and 5.x Debugging TACACS+ Packets and802.1x Troubleshooting Identity Store Sequences AccountingACS, Switch, and Windows Troubleshooting PAP Authentication via Kerberos ACS and Certificate AuthorityWindows XP and Switch Debug Output Authentication, Authorization, and Certificate-Based AuthenticationACS Monitoring and Reports Accounting with TACACS+ Self-Signed CertificatesACS Operation Management Shell Profile Third-Party Digital Certificates ACS Deployment Structure Command Sets Access Services HistoryLocal Operations Service Selection Rules IntroductionDistributed System Management Default Device Admin: Authorization and The PortDistributed Management Operations Identity EAPReplication Overview Monitoring and Troubleshooting ACS EAP-TLSLocal Operations Cisco Secure ACS View PEAPLog Collector Monitoring and Debugging RADIUS 802.1x Policy Elements (RADIUS)Change Pass Authentication Overvieword Flow Monitoring and Debugging RADIUS Date and TimeSystem Administration Authorization CustomAdministrators Monitoring and Debugging TACACS+ Authorization ProfilesUsers Authentication Authorization: Downloadable ACLOperations Monitoring and Debugging TACACS+ Access PoliciesConfiguration Authorization Service Selection RulesDownloads Debugging TACACS+ Packets and Access Services

Accounting IdentityACS and Certificate Authority 802.1x and Windows XP

line Certificate-Based Authentication Configure 802.1xSecure Borderless Network Architecture Self-Signed Certificates 802.1x and the Cisco Secure ServicesIdentity-Enabled Network Use Case Third-Party Digital Certificates Client (SSC)


Summary History Configure 802.1x on the SSCRADIUS Basics Introduction Configure 802.1x Single HostTACACS+ Basics The Port Authentication on a Cisco SwitchRADIUS vs. TACACS+ EAP Single Host AuthenticationACS 5.2 Overview EAP-TLS Single Host Authentication CommandsHardware Platform Solutions PEAP Cisco Sitch 802.1x Configuration ReviewSoftware Platform Solutions 802.1x Policy Elements (RADIUS) 802.1x TroubleshootingNew, Changed, and Supported Features Overview ACS, Switch, and WindowsACS 5.2 Installation Date and Time TroubleshootingInstallation on the CSACS+ Series Custom Windows XP and Switch Debug OutputAppliance Authorization Profiles ACS Monitoring and Reports Installation with VMware ESX Server Authorization: Downloadable ACL ACS Operation ManagementUsing Setup Scripts Access Policies ACS Deployment StructureLicensing Service Selection Rules Local OperationsACS Attribute Types Access Services Distributed System ManagementAttribute Definitions Identity Distributed Management OperationsAttribute Value Types 802.1x and Windows XP Replication OverviewPredefined Values Configure 802.1x Local OperationsAttribute Dictionaries 802.1x and the Cisco Secure Services Log CollectorAttribute Aliases Client (SSC) Change PassAvailability of Attributes Based on Policy Configure 802.1x on the SSC ord FlowAdding Network Devices to ACS Configure 802.1x Single Host System AdministrationNetwork Resources Authentication on a Cisco Switch AdministratorsTypes of AAA Clients Single Host Authentication UsersNetwork Device Groups: Location Single Host Authentication Commands OperationsNetwork Device Groups: Device Type Cisco Sitch 802.1x Configuration Review ConfigurationNetwork Devices and AAA Clients 802.1x Troubleshooting DownloadsLocal Identity Store and Identity Store ACS, Switch, and WindowsSequence Troubleshooting System Operations Users and Identity Stores Windows XP and Switch Debug Output lineInternal Identity Store ACS Monitoring and Reports Distributed DeploymentExternal Identity Store ACS Operation ManagementCertificate Profile ACS Deployment StructureInternal Identity Stores Local Operations lineUsers Distributed System Management Secure Borderless Network ArchitectureGroups Distributed Management Operations Identity-Enabled Network Use CaseHosts Replication Overview Summary LDAP Overview Local Operations RADIUS BasicsExternal Identity Stores: OpenLDAP Log Collector TACACS+ BasicsEnable LDAP Diagnostics Log Change Pass RADIUS vs. TACACS+External Identity Store with Active Directory ord Flow ACS 5.2 OverviewInterface with Active Directory System Administration Hardware Platform SolutionsDNS Considerations Administrators Software Platform SolutionsNTP Server Considerations Users New, Changed, and Supported FeaturesConsiderations of Authenticating Usernames Operations ACS 5.2 Installationwith Domains Configuration Installation on the CSACS+ SeriesMachine Access Restrictions (MAR) Downloads ApplianceWindows 2008 Compatibility and Feature Installation with VMware ESX ServerSupport Using Setup ScriptsTesting Connectivity between ACS and AD line LicensingGroup Names Differences in ACS 4.x and Secure Borderless Network Architecture ACS Attribute Types5.x Identity-Enabled Network Use Case Attribute DefinitionsIdentity Store Sequences Summary Attribute Value TypesPAP Authentication via Kerberos RADIUS Basics Predefined ValuesAuthentication, Authorization, and TACACS+ Basics Attribute DictionariesAccounting with TACACS+ RADIUS vs. TACACS+ Attribute AliasesShell Profile ACS 5.2 Overview Availability of Attributes Based on PolicyCommand Sets Access Services Hardware Platform Solutions Adding Network Devices to ACSService Selection Rules Software Platform Solutions Network ResourcesDefault Device Admin: Authorization and New, Changed, and Supported Features Types of AAA ClientsIdentity ACS 5.2 Installation Network Device Groups: LocationMonitoring and Troubleshooting ACS Installation on the CSACS+ Series Network Device Groups: Device TypeCisco Secure ACS View Appliance Network Devices and AAA ClientsMonitoring and Debugging RADIUS Installation with VMware ESX Server Local Identity Store and Identity StoreAuthentication Using Setup Scripts SequenceMonitoring and Debugging RADIUS Licensing Users and Identity Stores


Authorization ACS Attribute Types Internal Identity StoreMonitoring and Debugging TACACS+ Attribute Definitions External Identity StoreAuthentication Attribute Value Types Certificate ProfileMonitoring and Debugging TACACS+ Predefined Values Internal Identity StoresAuthorization Attribute Dictionaries UsersDebugging TACACS+ Packets and Attribute Aliases GroupsAccounting Availability of Attributes Based on Policy Hosts ACS and Certificate Authority Adding Network Devices to ACS LDAP OverviewCertificate-Based Authentication Network Resources External Identity Stores: OpenLDAPSelf-Signed Certificates Types of AAA Clients Enable LDAP Diagnostics LogThird-Party Digital Certificates Network Device Groups: Location External Identity Store with ActiveHistory Network Device Groups: Device Type DirectoryIntroduction Network Devices and AAA Clients Interface with Active DirectoryThe Port Local Identity Store and Identity Store DNS ConsiderationsEAP Sequence NTP Server ConsiderationsEAP-TLS Users and Identity Stores Considerations of AuthenticatingPEAP Internal Identity Store Usernames with Domains802.1x Policy Elements (RADIUS) External Identity Store Machine Access Restrictions (MAR)Overview Certificate Profile Windows 2008 Compatibility and FeatureDate and Time Internal Identity Stores SupportCustom Users Testing Connectivity between ACS and ADAuthorization Profiles Groups Group Names Differences in ACS 4.x andAuthorization: Downloadable ACL Hosts 5.xAccess Policies LDAP Overview Identity Store SequencesService Selection Rules External Identity Stores: OpenLDAP PAP Authentication via KerberosAccess Services Enable LDAP Diagnostics Log Authentication, Authorization, andIdentity External Identity Store with Active Accounting with TACACS+802.1x and Windows XP Directory Shell ProfileConfigure 802.1x Interface with Active Directory Command Sets Access Services802.1x and the Cisco Secure Services Client DNS Considerations Service Selection Rules(SSC) NTP Server Considerations Default Device Admin: Authorization andConfigure 802.1x on the SSC Considerations of Authenticating IdentityConfigure 802.1x Single Host Authentication Usernames with Domains Monitoring and Troubleshooting ACSon a Cisco Switch Machine Access Restrictions (MAR) Cisco Secure ACS ViewSingle Host Authentication Windows 2008 Compatibility and Feature Monitoring and Debugging RADIUSSingle Host Authentication Commands Support AuthenticationCisco Sitch 802.1x Configuration Review Testing Connectivity between ACS and Monitoring and Debugging RADIUS802.1x Troubleshooting AD AuthorizationACS, Switch, and Windows Troubleshooting Group Names Differences in ACS 4.x Monitoring and Debugging TACACS+Windows XP and Switch Debug Output and 5.x AuthenticationACS Monitoring and Reports Identity Store Sequences Monitoring and Debugging TACACS+ACS Operation Management PAP Authentication via Kerberos AuthorizationACS Deployment Structure Authentication, Authorization, and Debugging TACACS+ Packets andLocal Operations Accounting with TACACS+ AccountingDistributed System Management Shell Profile ACS and Certificate AuthorityDistributed Management Operations Command Sets Access Services Certificate-Based AuthenticationReplication Overview Service Selection Rules Self-Signed CertificatesLocal Operations Default Device Admin: Authorization and Third-Party Digital Certificates Log Collector Identity HistoryChange Pass Monitoring and Troubleshooting ACS Introductionord Flow Cisco Secure ACS View The PortSystem Administration Monitoring and Debugging RADIUS EAPAdministrators Authentication EAP-TLSUsers Monitoring and Debugging RADIUS PEAPOperations Authorization 802.1x Policy Elements (RADIUS)Configuration Monitoring and Debugging TACACS+ OverviewDownloads Authentication Date and Time

Monitoring and Debugging TACACS+ CustomAuthorization Authorization Profiles

line Debugging TACACS+ Packets and Authorization: Downloadable ACLSecure Borderless Network Architecture Accounting Access PoliciesIdentity-Enabled Network Use Case ACS and Certificate Authority Service Selection RulesSummary Certificate-Based Authentication Access ServicesRADIUS Basics Self-Signed Certificates IdentityTACACS+ Basics Third-Party Digital Certificates 802.1x and Windows XPRADIUS vs. TACACS+ History Configure 802.1x


ACS 5.2 Overview Introduction 802.1x and the Cisco Secure ServicesHardware Platform Solutions The Port Client (SSC)Software Platform Solutions EAP Configure 802.1x on the SSCNew, Changed, and Supported Features EAP-TLS Configure 802.1x Single HostACS 5.2 Installation PEAP Authentication on a Cisco SwitchInstallation on the CSACS+ Series 802.1x Policy Elements (RADIUS) Single Host AuthenticationAppliance Overview Single Host Authentication CommandsInstallation with VMware ESX Server Date and Time Cisco Sitch 802.1x Configuration ReviewUsing Setup Scripts Custom 802.1x TroubleshootingLicensing Authorization Profiles ACS, Switch, and WindowsACS Attribute Types Authorization: Downloadable ACL TroubleshootingAttribute Definitions Access Policies Windows XP and Switch Debug OutputAttribute Value Types Service Selection Rules ACS Monitoring and Reports Predefined Values Access Services ACS Operation ManagementAttribute Dictionaries Identity ACS Deployment StructureAttribute Aliases 802.1x and Windows XP Local OperationsAvailability of Attributes Based on Policy Configure 802.1x Distributed System ManagementAdding Network Devices to ACS 802.1x and the Cisco Secure Services Distributed Management OperationsNetwork Resources Client (SSC) Replication OverviewTypes of AAA Clients Configure 802.1x on the SSC Local OperationsNetwork Device Groups: Location Configure 802.1x Single Host Log CollectorNetwork Device Groups: Device Type Authentication on a Cisco Switch Change PassNetwork Devices and AAA Clients Single Host Authentication ord FlowLocal Identity Store and Identity Store Single Host Authentication Commands System AdministrationSequence Cisco Sitch 802.1x Configuration Review AdministratorsUsers and Identity Stores 802.1x Troubleshooting UsersInternal Identity Store ACS, Switch, and Windows OperationsExternal Identity Store Troubleshooting ConfigurationCertificate Profile Windows XP and Switch Debug Output DownloadsInternal Identity Stores ACS Monitoring and Reports Users ACS Operation ManagementGroups ACS Deployment Structure lineHosts Local Operations Secure Borderless Network ArchitectureLDAP Overview Distributed System Management Identity-Enabled Network Use CaseExternal Identity Stores: OpenLDAP Distributed Management Operations Summary Enable LDAP Diagnostics Log Replication Overview RADIUS BasicsExternal Identity Store with Active Directory Local Operations TACACS+ BasicsInterface with Active Directory Log Collector RADIUS vs. TACACS+DNS Considerations Change Pass ACS 5.2 OverviewNTP Server Considerations ord Flow Hardware Platform SolutionsConsiderations of Authenticating Usernames System Administration Software Platform Solutionswith Domains Administrators New, Changed, and Supported FeaturesMachine Access Restrictions (MAR) Users ACS 5.2 InstallationWindows 2008 Compatibility and Feature Operations Installation on the CSACS+ SeriesSupport Configuration ApplianceTesting Connectivity between ACS and AD Downloads Installation with VMware ESX ServerGroup Names Differences in ACS 4.x and Using Setup Scripts5.x LicensingIdentity Store Sequences line ACS Attribute TypesPAP Authentication via Kerberos Secure Borderless Network Architecture Attribute DefinitionsAuthentication, Authorization, and Identity-Enabled Network Use Case Attribute Value TypesAccounting with TACACS+ Summary Predefined ValuesShell Profile RADIUS Basics Attribute DictionariesCommand Sets Access Services TACACS+ Basics Attribute AliasesService Selection Rules RADIUS vs. TACACS+ Availability of Attributes Based on PolicyDefault Device Admin: Authorization and ACS 5.2 Overview Adding Network Devices to ACSIdentity Hardware Platform Solutions Network ResourcesMonitoring and Troubleshooting ACS Software Platform Solutions Types of AAA ClientsCisco Secure ACS View New, Changed, and Supported Features Network Device Groups: LocationMonitoring and Debugging RADIUS ACS 5.2 Installation Network Device Groups: Device TypeAuthentication Installation on the CSACS+ Series Network Devices and AAA ClientsMonitoring and Debugging RADIUS Appliance Local Identity Store and Identity StoreAuthorization Installation with VMware ESX Server SequenceMonitoring and Debugging TACACS+ Using Setup Scripts Users and Identity StoresAuthentication Licensing Internal Identity StoreMonitoring and Debugging TACACS+ ACS Attribute Types External Identity Store


Authorization Attribute Definitions Certificate ProfileDebugging TACACS+ Packets and Attribute Value Types Internal Identity StoresAccounting Predefined Values UsersACS and Certificate Authority Attribute Dictionaries GroupsCertificate-Based Authentication Attribute Aliases Hosts Self-Signed Certificates Availability of Attributes Based on Policy LDAP OverviewThird-Party Digital Certificates Adding Network Devices to ACS External Identity Stores: OpenLDAPHistory Network Resources Enable LDAP Diagnostics LogIntroduction Types of AAA Clients External Identity Store with ActiveThe Port Network Device Groups: Location DirectoryEAP Network Device Groups: Device Type Interface with Active DirectoryEAP-TLS Network Devices and AAA Clients DNS ConsiderationsPEAP Local Identity Store and Identity Store NTP Server Considerations802.1x Policy Elements (RADIUS) Sequence Considerations of AuthenticatingOverview Users and Identity Stores Usernames with DomainsDate and Time Internal Identity Store Machine Access Restrictions (MAR)Custom External Identity Store Windows 2008 Compatibility and FeatureAuthorization Profiles Certificate Profile SupportAuthorization: Downloadable ACL Internal Identity Stores Testing Connectivity between ACS and ADAccess Policies Users Group Names Differences in ACS 4.x andService Selection Rules Groups 5.xAccess Services Hosts Identity Store SequencesIdentity LDAP Overview PAP Authentication via Kerberos802.1x and Windows XP External Identity Stores: OpenLDAP Authentication, Authorization, andConfigure 802.1x Enable LDAP Diagnostics Log Accounting with TACACS+802.1x and the Cisco Secure Services Client External Identity Store with Active Shell Profile(SSC) Directory Command Sets Access ServicesConfigure 802.1x on the SSC Interface with Active Directory Service Selection RulesConfigure 802.1x Single Host Authentication DNS Considerations Default Device Admin: Authorization andon a Cisco Switch NTP Server Considerations IdentitySingle Host Authentication Considerations of Authenticating Monitoring and Troubleshooting ACSSingle Host Authentication Commands Usernames with Domains Cisco Secure ACS ViewCisco Sitch 802.1x Configuration Review Machine Access Restrictions (MAR) Monitoring and Debugging RADIUS802.1x Troubleshooting Windows 2008 Compatibility and Feature AuthenticationACS, Switch, and Windows Troubleshooting Support Monitoring and Debugging RADIUSWindows XP and Switch Debug Output Testing Connectivity between ACS and AuthorizationACS Monitoring and Reports AD Monitoring and Debugging TACACS+ACS Operation Management Group Names Differences in ACS 4.x AuthenticationACS Deployment Structure and 5.x Monitoring and Debugging TACACS+Local Operations Identity Store Sequences AuthorizationDistributed System Management PAP Authentication via Kerberos Debugging TACACS+ Packets andDistributed Management Operations Authentication, Authorization, and AccountingReplication Overview Accounting with TACACS+ ACS and Certificate AuthorityLocal Operations Shell Profile Certificate-Based AuthenticationLog Collector Command Sets Access Services Self-Signed CertificatesChange Pass Service Selection Rules Third-Party Digital Certificates ord Flow Default Device Admin: Authorization and HistorySystem Administration Identity IntroductionAdministrators Monitoring and Troubleshooting ACS The PortUsers Cisco Secure ACS View EAPOperations Monitoring and Debugging RADIUS EAP-TLSConfiguration Authentication PEAPDownloads Monitoring and Debugging RADIUS 802.1x Policy Elements (RADIUS)

Authorization OverviewMonitoring and Debugging TACACS+ Date and Time

line Authentication CustomSecure Borderless Network Architecture Monitoring and Debugging TACACS+ Authorization ProfilesIdentity-Enabled Network Use Case Authorization Authorization: Downloadable ACLSummary Debugging TACACS+ Packets and Access PoliciesRADIUS Basics Accounting Service Selection RulesTACACS+ Basics ACS and Certificate Authority Access ServicesRADIUS vs. TACACS+ Certificate-Based Authentication IdentityACS 5.2 Overview Self-Signed Certificates 802.1x and Windows XPHardware Platform Solutions Third-Party Digital Certificates Configure 802.1xSoftware Platform Solutions History 802.1x and the Cisco Secure ServicesNew, Changed, and Supported Features Introduction Client (SSC)


ACS 5.2 Installation The Port Configure 802.1x on the SSCInstallation on the CSACS+ Series EAP Configure 802.1x Single HostAppliance EAP-TLS Authentication on a Cisco SwitchInstallation with VMware ESX Server PEAP Single Host AuthenticationUsing Setup Scripts 802.1x Policy Elements (RADIUS) Single Host Authentication CommandsLicensing Overview Cisco Sitch 802.1x Configuration ReviewACS Attribute Types Date and Time 802.1x TroubleshootingAttribute Definitions Custom ACS, Switch, and WindowsAttribute Value Types Authorization Profiles TroubleshootingPredefined Values Authorization: Downloadable ACL Windows XP and Switch Debug OutputAttribute Dictionaries Access Policies ACS Monitoring and Reports Attribute Aliases Service Selection Rules ACS Operation ManagementAvailability of Attributes Based on Policy Access Services ACS Deployment StructureAdding Network Devices to ACS Identity Local OperationsNetwork Resources 802.1x and Windows XP Distributed System ManagementTypes of AAA Clients Configure 802.1x Distributed Management OperationsNetwork Device Groups: Location 802.1x and the Cisco Secure Services Replication OverviewNetwork Device Groups: Device Type Client (SSC) Local OperationsNetwork Devices and AAA Clients Configure 802.1x on the SSC Log CollectorLocal Identity Store and Identity Store Configure 802.1x Single Host Change PassSequence Authentication on a Cisco Switch ord FlowUsers and Identity Stores Single Host Authentication System AdministrationInternal Identity Store Single Host Authentication Commands AdministratorsExternal Identity Store Cisco Sitch 802.1x Configuration Review UsersCertificate Profile 802.1x Troubleshooting OperationsInternal Identity Stores ACS, Switch, and Windows ConfigurationUsers Troubleshooting DownloadsGroups Windows XP and Switch Debug OutputHosts ACS Monitoring and Reports LDAP Overview ACS Operation Management lineExternal Identity Stores: OpenLDAP ACS Deployment Structure Secure Borderless Network ArchitectureEnable LDAP Diagnostics Log Local Operations Identity-Enabled Network Use CaseExternal Identity Store with Active Directory Distributed System Management Summary Interface with Active Directory Distributed Management Operations RADIUS BasicsDNS Considerations Replication Overview TACACS+ BasicsNTP Server Considerations Local Operations RADIUS vs. TACACS+Considerations of Authenticating Usernames Log Collector ACS 5.2 Overviewwith Domains Change Pass Hardware Platform SolutionsMachine Access Restrictions (MAR) ord Flow Software Platform SolutionsWindows 2008 Compatibility and Feature System Administration New, Changed, and Supported FeaturesSupport Administrators ACS 5.2 InstallationTesting Connectivity between ACS and AD Users Installation on the CSACS+ SeriesGroup Names Differences in ACS 4.x and Operations Appliance5.x Configuration Installation with VMware ESX ServerIdentity Store Sequences Downloads Using Setup ScriptsPAP Authentication via Kerberos LicensingAuthentication, Authorization, and ACS Attribute TypesAccounting with TACACS+ line Attribute DefinitionsShell Profile Secure Borderless Network Architecture Attribute Value TypesCommand Sets Access Services Identity-Enabled Network Use Case Predefined ValuesService Selection Rules Summary Attribute DictionariesDefault Device Admin: Authorization and RADIUS Basics Attribute AliasesIdentity TACACS+ Basics Availability of Attributes Based on PolicyMonitoring and Troubleshooting ACS RADIUS vs. TACACS+ Adding Network Devices to ACSCisco Secure ACS View ACS 5.2 Overview Network ResourcesMonitoring and Debugging RADIUS Hardware Platform Solutions Types of AAA ClientsAuthentication Software Platform Solutions Network Device Groups: LocationMonitoring and Debugging RADIUS New, Changed, and Supported Features Network Device Groups: Device TypeAuthorization ACS 5.2 Installation Network Devices and AAA ClientsMonitoring and Debugging TACACS+ Installation on the CSACS+ Series Local Identity Store and Identity StoreAuthentication Appliance SequenceMonitoring and Debugging TACACS+ Installation with VMware ESX Server Users and Identity StoresAuthorization Using Setup Scripts Internal Identity StoreDebugging TACACS+ Packets and Licensing External Identity StoreAccounting ACS Attribute Types Certificate ProfileACS and Certificate Authority Attribute Definitions Internal Identity Stores


Certificate-Based Authentication Attribute Value Types UsersSelf-Signed Certificates Predefined Values GroupsThird-Party Digital Certificates Attribute Dictionaries Hosts History Attribute Aliases LDAP OverviewIntroduction Availability of Attributes Based on Policy External Identity Stores: OpenLDAPThe Port Adding Network Devices to ACS Enable LDAP Diagnostics LogEAP Network Resources External Identity Store with ActiveEAP-TLS Types of AAA Clients DirectoryPEAP Network Device Groups: Location Interface with Active Directory802.1x Policy Elements (RADIUS) Network Device Groups: Device Type DNS ConsiderationsOverview Network Devices and AAA Clients NTP Server ConsiderationsDate and Time Local Identity Store and Identity Store Considerations of AuthenticatingCustom Sequence Usernames with DomainsAuthorization Profiles Users and Identity Stores Machine Access Restrictions (MAR)Authorization: Downloadable ACL Internal Identity Store Windows 2008 Compatibility and FeatureAccess Policies External Identity Store SupportService Selection Rules Certificate Profile Testing Connectivity between ACS and ADAccess Services Internal Identity Stores Group Names Differences in ACS 4.x andIdentity Users 5.x802.1x and Windows XP Groups Identity Store SequencesConfigure 802.1x Hosts PAP Authentication via Kerberos802.1x and the Cisco Secure Services Client LDAP Overview Authentication, Authorization, and(SSC) External Identity Stores: OpenLDAP Accounting with TACACS+Configure 802.1x on the SSC Enable LDAP Diagnostics Log Shell ProfileConfigure 802.1x Single Host Authentication External Identity Store with Active Command Sets Access Serviceson a Cisco Switch Directory Service Selection RulesSingle Host Authentication Interface with Active Directory Default Device Admin: Authorization andSingle Host Authentication Commands DNS Considerations IdentityCisco Sitch 802.1x Configuration Review NTP Server Considerations Monitoring and Troubleshooting ACS802.1x Troubleshooting Considerations of Authenticating Cisco Secure ACS ViewACS, Switch, and Windows Troubleshooting Usernames with Domains Monitoring and Debugging RADIUSWindows XP and Switch Debug Output Machine Access Restrictions (MAR) AuthenticationACS Monitoring and Reports Windows 2008 Compatibility and Feature Monitoring and Debugging RADIUSACS Operation Management Support AuthorizationACS Deployment Structure Testing Connectivity between ACS and Monitoring and Debugging TACACS+Local Operations AD AuthenticationDistributed System Management Group Names Differences in ACS 4.x Monitoring and Debugging TACACS+Distributed Management Operations and 5.x AuthorizationReplication Overview Identity Store Sequences Debugging TACACS+ Packets andLocal Operations PAP Authentication via Kerberos AccountingLog Collector Authentication, Authorization, and ACS and Certificate AuthorityChange Pass Accounting with TACACS+ Certificate-Based Authenticationord Flow Shell Profile Self-Signed CertificatesSystem Administration Command Sets Access Services Third-Party Digital Certificates Administrators Service Selection Rules HistoryUsers Default Device Admin: Authorization and IntroductionOperations Identity The PortConfiguration Monitoring and Troubleshooting ACS EAPDownloads Cisco Secure ACS View EAP-TLS

Monitoring and Debugging RADIUS PEAPAuthentication 802.1x Policy Elements (RADIUS)

line Monitoring and Debugging RADIUS OverviewSecure Borderless Network Architecture Authorization Date and TimeIdentity-Enabled Network Use Case Monitoring and Debugging TACACS+ CustomSummary Authentication Authorization ProfilesRADIUS Basics Monitoring and Debugging TACACS+ Authorization: Downloadable ACLTACACS+ Basics Authorization Access PoliciesRADIUS vs. TACACS+ Debugging TACACS+ Packets and Service Selection RulesACS 5.2 Overview Accounting Access ServicesHardware Platform Solutions ACS and Certificate Authority IdentitySoftware Platform Solutions Certificate-Based Authentication 802.1x and Windows XPNew, Changed, and Supported Features Self-Signed Certificates Configure 802.1xACS 5.2 Installation Third-Party Digital Certificates 802.1x and the Cisco Secure ServicesInstallation on the CSACS+ Series History Client (SSC)Appliance Introduction Configure 802.1x on the SSCInstallation with VMware ESX Server The Port Configure 802.1x Single Host


Using Setup Scripts EAP Authentication on a Cisco SwitchLicensing EAP-TLS Single Host AuthenticationACS Attribute Types PEAP Single Host Authentication CommandsAttribute Definitions 802.1x Policy Elements (RADIUS) Cisco Sitch 802.1x Configuration ReviewAttribute Value Types Overview 802.1x TroubleshootingPredefined Values Date and Time ACS, Switch, and WindowsAttribute Dictionaries Custom TroubleshootingAttribute Aliases Authorization Profiles Windows XP and Switch Debug OutputAvailability of Attributes Based on Policy Authorization: Downloadable ACL ACS Monitoring and Reports Adding Network Devices to ACS Access Policies ACS Operation ManagementNetwork Resources Service Selection Rules ACS Deployment StructureTypes of AAA Clients Access Services Local OperationsNetwork Device Groups: Location Identity Distributed System ManagementNetwork Device Groups: Device Type 802.1x and Windows XP Distributed Management OperationsNetwork Devices and AAA Clients Configure 802.1x Replication OverviewLocal Identity Store and Identity Store 802.1x and the Cisco Secure Services Local OperationsSequence Client (SSC) Log CollectorUsers and Identity Stores Configure 802.1x on the SSC Change PassInternal Identity Store Configure 802.1x Single Host ord FlowExternal Identity Store Authentication on a Cisco Switch System AdministrationCertificate Profile Single Host Authentication AdministratorsInternal Identity Stores Single Host Authentication Commands UsersUsers Cisco Sitch 802.1x Configuration Review OperationsGroups 802.1x Troubleshooting ConfigurationHosts ACS, Switch, and Windows DownloadsLDAP Overview TroubleshootingExternal Identity Stores: OpenLDAP Windows XP and Switch Debug OutputEnable LDAP Diagnostics Log ACS Monitoring and Reports lineExternal Identity Store with Active Directory ACS Operation Management Secure Borderless Network ArchitectureInterface with Active Directory ACS Deployment Structure Identity-Enabled Network Use CaseDNS Considerations Local Operations Summary NTP Server Considerations Distributed System Management RADIUS BasicsConsiderations of Authenticating Usernames Distributed Management Operations TACACS+ Basicswith Domains Replication Overview RADIUS vs. TACACS+Machine Access Restrictions (MAR) Local Operations ACS 5.2 OverviewWindows 2008 Compatibility and Feature Log Collector Hardware Platform SolutionsSupport Change Pass Software Platform SolutionsTesting Connectivity between ACS and AD ord Flow New, Changed, and Supported FeaturesGroup Names Differences in ACS 4.x and System Administration ACS 5.2 Installation5.x Administrators Installation on the CSACS+ SeriesIdentity Store Sequences Users AppliancePAP Authentication via Kerberos Operations Installation with VMware ESX ServerAuthentication, Authorization, and Configuration Using Setup ScriptsAccounting with TACACS+ Downloads LicensingShell Profile ACS Attribute TypesCommand Sets Access Services Attribute DefinitionsService Selection Rules line Attribute Value TypesDefault Device Admin: Authorization and Secure Borderless Network Architecture Predefined ValuesIdentity Identity-Enabled Network Use Case Attribute DictionariesMonitoring and Troubleshooting ACS Summary Attribute AliasesCisco Secure ACS View RADIUS Basics Availability of Attributes Based on PolicyMonitoring and Debugging RADIUS TACACS+ Basics Adding Network Devices to ACSAuthentication RADIUS vs. TACACS+ Network ResourcesMonitoring and Debugging RADIUS ACS 5.2 Overview Types of AAA ClientsAuthorization Hardware Platform Solutions Network Device Groups: LocationMonitoring and Debugging TACACS+ Software Platform Solutions Network Device Groups: Device TypeAuthentication New, Changed, and Supported Features Network Devices and AAA ClientsMonitoring and Debugging TACACS+ ACS 5.2 Installation Local Identity Store and Identity StoreAuthorization Installation on the CSACS+ Series SequenceDebugging TACACS+ Packets and Appliance Users and Identity StoresAccounting Installation with VMware ESX Server Internal Identity StoreACS and Certificate Authority Using Setup Scripts External Identity StoreCertificate-Based Authentication Licensing Certificate ProfileSelf-Signed Certificates ACS Attribute Types Internal Identity StoresThird-Party Digital Certificates Attribute Definitions UsersHistory Attribute Value Types Groups


Introduction Predefined Values Hosts The Port Attribute Dictionaries LDAP OverviewEAP Attribute Aliases External Identity Stores: OpenLDAPEAP-TLS Availability of Attributes Based on Policy Enable LDAP Diagnostics LogPEAP Adding Network Devices to ACS External Identity Store with Active802.1x Policy Elements (RADIUS) Network Resources DirectoryOverview Types of AAA Clients Interface with Active DirectoryDate and Time Network Device Groups: Location DNS ConsiderationsCustom Network Device Groups: Device Type NTP Server ConsiderationsAuthorization Profiles Network Devices and AAA Clients Considerations of AuthenticatingAuthorization: Downloadable ACL Local Identity Store and Identity Store Usernames with DomainsAccess Policies Sequence Machine Access Restrictions (MAR)Service Selection Rules Users and Identity Stores Windows 2008 Compatibility and FeatureAccess Services Internal Identity Store SupportIdentity External Identity Store Testing Connectivity between ACS and AD802.1x and Windows XP Certificate Profile Group Names Differences in ACS 4.x andConfigure 802.1x Internal Identity Stores 5.x802.1x and the Cisco Secure Services Client Users Identity Store Sequences(SSC) Groups PAP Authentication via KerberosConfigure 802.1x on the SSC Hosts Authentication, Authorization, andConfigure 802.1x Single Host Authentication LDAP Overview Accounting with TACACS+on a Cisco Switch External Identity Stores: OpenLDAP Shell ProfileSingle Host Authentication Enable LDAP Diagnostics Log Command Sets Access ServicesSingle Host Authentication Commands External Identity Store with Active Service Selection RulesCisco Sitch 802.1x Configuration Review Directory Default Device Admin: Authorization and802.1x Troubleshooting Interface with Active Directory IdentityACS, Switch, and Windows Troubleshooting DNS Considerations Monitoring and Troubleshooting ACSWindows XP and Switch Debug Output NTP Server Considerations Cisco Secure ACS ViewACS Monitoring and Reports Considerations of Authenticating Monitoring and Debugging RADIUSACS Operation Management Usernames with Domains AuthenticationACS Deployment Structure Machine Access Restrictions (MAR) Monitoring and Debugging RADIUSLocal Operations Windows 2008 Compatibility and Feature AuthorizationDistributed System Management Support Monitoring and Debugging TACACS+Distributed Management Operations Testing Connectivity between ACS and AuthenticationReplication Overview AD Monitoring and Debugging TACACS+Local Operations Group Names Differences in ACS 4.x AuthorizationLog Collector and 5.x Debugging TACACS+ Packets andChange Pass Identity Store Sequences Accountingord Flow PAP Authentication via Kerberos ACS and Certificate AuthoritySystem Administration Authentication, Authorization, and Certificate-Based AuthenticationAdministrators Accounting with TACACS+ Self-Signed CertificatesUsers Shell Profile Third-Party Digital Certificates Operations Command Sets Access Services HistoryConfiguration Service Selection Rules IntroductionDownloads Default Device Admin: Authorization and The Port

Identity EAPMonitoring and Troubleshooting ACS EAP-TLS

line Cisco Secure ACS View PEAPSecure Borderless Network Architecture Monitoring and Debugging RADIUS 802.1x Policy Elements (RADIUS)Identity-Enabled Network Use Case Authentication OverviewSummary Monitoring and Debugging RADIUS Date and TimeRADIUS Basics Authorization CustomTACACS+ Basics Monitoring and Debugging TACACS+ Authorization ProfilesRADIUS vs. TACACS+ Authentication Authorization: Downloadable ACLACS 5.2 Overview Monitoring and Debugging TACACS+ Access PoliciesHardware Platform Solutions Authorization Service Selection RulesSoftware Platform Solutions Debugging TACACS+ Packets and Access ServicesNew, Changed, and Supported Features Accounting IdentityACS 5.2 Installation ACS and Certificate Authority 802.1x and Windows XPInstallation on the CSACS+ Series Certificate-Based Authentication Configure 802.1xAppliance Self-Signed Certificates 802.1x and the Cisco Secure ServicesInstallation with VMware ESX Server Third-Party Digital Certificates Client (SSC)Using Setup Scripts History Configure 802.1x on the SSCLicensing Introduction Configure 802.1x Single HostACS Attribute Types The Port Authentication on a Cisco SwitchAttribute Definitions EAP Single Host Authentication


Attribute Value Types EAP-TLS Single Host Authentication CommandsPredefined Values PEAP Cisco Sitch 802.1x Configuration ReviewAttribute Dictionaries 802.1x Policy Elements (RADIUS) 802.1x TroubleshootingAttribute Aliases Overview ACS, Switch, and WindowsAvailability of Attributes Based on Policy Date and Time TroubleshootingAdding Network Devices to ACS Custom Windows XP and Switch Debug OutputNetwork Resources Authorization Profiles ACS Monitoring and Reports Types of AAA Clients Authorization: Downloadable ACL ACS Operation ManagementNetwork Device Groups: Location Access Policies ACS Deployment StructureNetwork Device Groups: Device Type Service Selection Rules Local OperationsNetwork Devices and AAA Clients Access Services Distributed System ManagementLocal Identity Store and Identity Store Identity Distributed Management OperationsSequence 802.1x and Windows XP Replication OverviewUsers and Identity Stores Configure 802.1x Local OperationsInternal Identity Store 802.1x and the Cisco Secure Services Log CollectorExternal Identity Store Client (SSC) Change PassCertificate Profile Configure 802.1x on the SSC ord FlowInternal Identity Stores Configure 802.1x Single Host System AdministrationUsers Authentication on a Cisco Switch AdministratorsGroups Single Host Authentication UsersHosts Single Host Authentication Commands OperationsLDAP Overview Cisco Sitch 802.1x Configuration Review ConfigurationExternal Identity Stores: OpenLDAP 802.1x Troubleshooting DownloadsEnable LDAP Diagnostics Log ACS, Switch, and WindowsExternal Identity Store with Active Directory TroubleshootingInterface with Active Directory Windows XP and Switch Debug Output lineDNS Considerations ACS Monitoring and Reports Secure Borderless Network ArchitectureNTP Server Considerations ACS Operation Management Identity-Enabled Network Use CaseConsiderations of Authenticating Usernames ACS Deployment Structure Summary with Domains Local Operations RADIUS BasicsMachine Access Restrictions (MAR) Distributed System Management TACACS+ BasicsWindows 2008 Compatibility and Feature Distributed Management Operations RADIUS vs. TACACS+Support Replication Overview ACS 5.2 OverviewTesting Connectivity between ACS and AD Local Operations Hardware Platform SolutionsGroup Names Differences in ACS 4.x and Log Collector Software Platform Solutions5.x Change Pass New, Changed, and Supported FeaturesIdentity Store Sequences ord Flow ACS 5.2 InstallationPAP Authentication via Kerberos System Administration Installation on the CSACS+ SeriesAuthentication, Authorization, and Administrators ApplianceAccounting with TACACS+ Users Installation with VMware ESX ServerShell Profile Operations Using Setup ScriptsCommand Sets Access Services Configuration LicensingService Selection Rules Downloads ACS Attribute TypesDefault Device Admin: Authorization and Attribute DefinitionsIdentity Attribute Value TypesMonitoring and Troubleshooting ACS line Predefined ValuesCisco Secure ACS View Secure Borderless Network Architecture Attribute DictionariesMonitoring and Debugging RADIUS Identity-Enabled Network Use Case Attribute AliasesAuthentication Summary Availability of Attributes Based on PolicyMonitoring and Debugging RADIUS RADIUS Basics Adding Network Devices to ACSAuthorization TACACS+ Basics Network ResourcesMonitoring and Debugging TACACS+ RADIUS vs. TACACS+ Types of AAA ClientsAuthentication ACS 5.2 Overview Network Device Groups: LocationMonitoring and Debugging TACACS+ Hardware Platform Solutions Network Device Groups: Device TypeAuthorization Software Platform Solutions Network Devices and AAA ClientsDebugging TACACS+ Packets and New, Changed, and Supported Features Local Identity Store and Identity StoreAccounting ACS 5.2 Installation SequenceACS and Certificate Authority Installation on the CSACS+ Series Users and Identity StoresCertificate-Based Authentication Appliance Internal Identity StoreSelf-Signed Certificates Installation with VMware ESX Server External Identity StoreThird-Party Digital Certificates Using Setup Scripts Certificate ProfileHistory Licensing Internal Identity StoresIntroduction ACS Attribute Types UsersThe Port Attribute Definitions GroupsEAP Attribute Value Types Hosts EAP-TLS Predefined Values LDAP Overview


PEAP Attribute Dictionaries External Identity Stores: OpenLDAP802.1x Policy Elements (RADIUS) Attribute Aliases Enable LDAP Diagnostics LogOverview Availability of Attributes Based on Policy External Identity Store with ActiveDate and Time Adding Network Devices to ACS DirectoryCustom Network Resources Interface with Active DirectoryAuthorization Profiles Types of AAA Clients DNS ConsiderationsAuthorization: Downloadable ACL Network Device Groups: Location NTP Server ConsiderationsAccess Policies Network Device Groups: Device Type Considerations of AuthenticatingService Selection Rules Network Devices and AAA Clients Usernames with DomainsAccess Services Local Identity Store and Identity Store Machine Access Restrictions (MAR)Identity Sequence Windows 2008 Compatibility and Feature802.1x and Windows XP Users and Identity Stores SupportConfigure 802.1x Internal Identity Store Testing Connectivity between ACS and AD802.1x and the Cisco Secure Services Client External Identity Store Group Names Differences in ACS 4.x and(SSC) Certificate Profile 5.xConfigure 802.1x on the SSC Internal Identity Stores Identity Store SequencesConfigure 802.1x Single Host Authentication Users PAP Authentication via Kerberoson a Cisco Switch Groups Authentication, Authorization, andSingle Host Authentication Hosts Accounting with TACACS+Single Host Authentication Commands LDAP Overview Shell ProfileCisco Sitch 802.1x Configuration Review External Identity Stores: OpenLDAP Command Sets Access Services802.1x Troubleshooting Enable LDAP Diagnostics Log Service Selection RulesACS, Switch, and Windows Troubleshooting External Identity Store with Active Default Device Admin: Authorization andWindows XP and Switch Debug Output Directory IdentityACS Monitoring and Reports Interface with Active Directory Monitoring and Troubleshooting ACSACS Operation Management DNS Considerations Cisco Secure ACS ViewACS Deployment Structure NTP Server Considerations Monitoring and Debugging RADIUSLocal Operations Considerations of Authenticating AuthenticationDistributed System Management Usernames with Domains Monitoring and Debugging RADIUSDistributed Management Operations Machine Access Restrictions (MAR) AuthorizationReplication Overview Windows 2008 Compatibility and Feature Monitoring and Debugging TACACS+Local Operations Support AuthenticationLog Collector Testing Connectivity between ACS and Monitoring and Debugging TACACS+Change Pass AD Authorizationord Flow Group Names Differences in ACS 4.x Debugging TACACS+ Packets andSystem Administration and 5.x AccountingAdministrators Identity Store Sequences ACS and Certificate AuthorityUsers PAP Authentication via Kerberos Certificate-Based AuthenticationOperations Authentication, Authorization, and Self-Signed CertificatesConfiguration Accounting with TACACS+ Third-Party Digital Certificates Downloads Shell Profile History

Command Sets Access Services IntroductionService Selection Rules The Port

line Default Device Admin: Authorization and EAPSecure Borderless Network Architecture Identity EAP-TLSIdentity-Enabled Network Use Case Monitoring and Troubleshooting ACS PEAPSummary Cisco Secure ACS View 802.1x Policy Elements (RADIUS)RADIUS Basics Monitoring and Debugging RADIUS OverviewTACACS+ Basics Authentication Date and TimeRADIUS vs. TACACS+ Monitoring and Debugging RADIUS CustomACS 5.2 Overview Authorization Authorization ProfilesHardware Platform Solutions Monitoring and Debugging TACACS+ Authorization: Downloadable ACLSoftware Platform Solutions Authentication Access PoliciesNew, Changed, and Supported Features Monitoring and Debugging TACACS+ Service Selection RulesACS 5.2 Installation Authorization Access ServicesInstallation on the CSACS+ Series Debugging TACACS+ Packets and IdentityAppliance Accounting 802.1x and Windows XPInstallation with VMware ESX Server ACS and Certificate Authority Configure 802.1xUsing Setup Scripts Certificate-Based Authentication 802.1x and the Cisco Secure ServicesLicensing Self-Signed Certificates Client (SSC)ACS Attribute Types Third-Party Digital Certificates Configure 802.1x on the SSCAttribute Definitions History Configure 802.1x Single HostAttribute Value Types Introduction Authentication on a Cisco SwitchPredefined Values The Port Single Host AuthenticationAttribute Dictionaries EAP Single Host Authentication CommandsAttribute Aliases EAP-TLS Cisco Sitch 802.1x Configuration Review


Availability of Attributes Based on Policy PEAP 802.1x TroubleshootingAdding Network Devices to ACS 802.1x Policy Elements (RADIUS) ACS, Switch, and WindowsNetwork Resources Overview TroubleshootingTypes of AAA Clients Date and Time Windows XP and Switch Debug OutputNetwork Device Groups: Location Custom ACS Monitoring and Reports Network Device Groups: Device Type Authorization Profiles ACS Operation ManagementNetwork Devices and AAA Clients Authorization: Downloadable ACL ACS Deployment StructureLocal Identity Store and Identity Store Access Policies Local OperationsSequence Service Selection Rules Distributed System ManagementUsers and Identity Stores Access Services Distributed Management OperationsInternal Identity Store Identity Replication OverviewExternal Identity Store 802.1x and Windows XP Local OperationsCertificate Profile Configure 802.1x Log CollectorInternal Identity Stores 802.1x and the Cisco Secure Services Change PassUsers Client (SSC) ord FlowGroups Configure 802.1x on the SSC System AdministrationHosts Configure 802.1x Single Host AdministratorsLDAP Overview Authentication on a Cisco Switch UsersExternal Identity Stores: OpenLDAP Single Host Authentication OperationsEnable LDAP Diagnostics Log Single Host Authentication Commands ConfigurationExternal Identity Store with Active Directory Cisco Sitch 802.1x Configuration Review DownloadsInterface with Active Directory 802.1x TroubleshootingDNS Considerations ACS, Switch, and WindowsNTP Server Considerations Troubleshooting lineConsiderations of Authenticating Usernames Windows XP and Switch Debug Output Secure Borderless Network Architecturewith Domains ACS Monitoring and Reports Identity-Enabled Network Use CaseMachine Access Restrictions (MAR) ACS Operation Management Summary Windows 2008 Compatibility and Feature ACS Deployment Structure RADIUS BasicsSupport Local Operations TACACS+ BasicsTesting Connectivity between ACS and AD Distributed System Management RADIUS vs. TACACS+Group Names Differences in ACS 4.x and Distributed Management Operations ACS 5.2 Overview5.x Replication Overview Hardware Platform SolutionsIdentity Store Sequences Local Operations Software Platform SolutionsPAP Authentication via Kerberos Log Collector New, Changed, and Supported FeaturesAuthentication, Authorization, and Change Pass ACS 5.2 InstallationAccounting with TACACS+ ord Flow Installation on the CSACS+ SeriesShell Profile System Administration ApplianceCommand Sets Access Services Administrators Installation with VMware ESX ServerService Selection Rules Users Using Setup ScriptsDefault Device Admin: Authorization and Operations LicensingIdentity Configuration ACS Attribute TypesMonitoring and Troubleshooting ACS Downloads Attribute DefinitionsCisco Secure ACS View Attribute Value TypesMonitoring and Debugging RADIUS Predefined ValuesAuthentication line Attribute DictionariesMonitoring and Debugging RADIUS Secure Borderless Network Architecture Attribute AliasesAuthorization Identity-Enabled Network Use Case Availability of Attributes Based on PolicyMonitoring and Debugging TACACS+ Summary Adding Network Devices to ACSAuthentication RADIUS Basics Network ResourcesMonitoring and Debugging TACACS+ TACACS+ Basics Types of AAA ClientsAuthorization RADIUS vs. TACACS+ Network Device Groups: LocationDebugging TACACS+ Packets and ACS 5.2 Overview Network Device Groups: Device TypeAccounting Hardware Platform Solutions Network Devices and AAA ClientsACS and Certificate Authority Software Platform Solutions Local Identity Store and Identity StoreCertificate-Based Authentication New, Changed, and Supported Features SequenceSelf-Signed Certificates ACS 5.2 Installation Users and Identity StoresThird-Party Digital Certificates Installation on the CSACS+ Series Internal Identity StoreHistory Appliance External Identity StoreIntroduction Installation with VMware ESX Server Certificate ProfileThe Port Using Setup Scripts Internal Identity StoresEAP Licensing UsersEAP-TLS ACS Attribute Types GroupsPEAP Attribute Definitions Hosts 802.1x Policy Elements (RADIUS) Attribute Value Types LDAP OverviewOverview Predefined Values External Identity Stores: OpenLDAPDate and Time Attribute Dictionaries Enable LDAP Diagnostics Log


Custom Attribute Aliases External Identity Store with ActiveAuthorization Profiles Availability of Attributes Based on Policy DirectoryAuthorization: Downloadable ACL Adding Network Devices to ACS Interface with Active DirectoryAccess Policies Network Resources DNS ConsiderationsService Selection Rules Types of AAA Clients NTP Server ConsiderationsAccess Services Network Device Groups: Location Considerations of AuthenticatingIdentity Network Device Groups: Device Type Usernames with Domains802.1x and Windows XP Network Devices and AAA Clients Machine Access Restrictions (MAR)Configure 802.1x Local Identity Store and Identity Store Windows 2008 Compatibility and Feature802.1x and the Cisco Secure Services Client Sequence Support(SSC) Users and Identity Stores Testing Connectivity between ACS and ADConfigure 802.1x on the SSC Internal Identity Store Group Names Differences in ACS 4.x andConfigure 802.1x Single Host Authentication External Identity Store 5.xon a Cisco Switch Certificate Profile Identity Store SequencesSingle Host Authentication Internal Identity Stores PAP Authentication via KerberosSingle Host Authentication Commands Users Authentication, Authorization, andCisco Sitch 802.1x Configuration Review Groups Accounting with TACACS+802.1x Troubleshooting Hosts Shell ProfileACS, Switch, and Windows Troubleshooting LDAP Overview Command Sets Access ServicesWindows XP and Switch Debug Output External Identity Stores: OpenLDAP Service Selection RulesACS Monitoring and Reports Enable LDAP Diagnostics Log Default Device Admin: Authorization andACS Operation Management External Identity Store with Active IdentityACS Deployment Structure Directory Monitoring and Troubleshooting ACSLocal Operations Interface with Active Directory Cisco Secure ACS ViewDistributed System Management DNS Considerations Monitoring and Debugging RADIUSDistributed Management Operations NTP Server Considerations AuthenticationReplication Overview Considerations of Authenticating Monitoring and Debugging RADIUSLocal Operations Usernames with Domains AuthorizationLog Collector Machine Access Restrictions (MAR) Monitoring and Debugging TACACS+Change Pass Windows 2008 Compatibility and Feature Authenticationord Flow Support Monitoring and Debugging TACACS+System Administration Testing Connectivity between ACS and AuthorizationAdministrators AD Debugging TACACS+ Packets andUsers Group Names Differences in ACS 4.x AccountingOperations and 5.x ACS and Certificate AuthorityConfiguration Identity Store Sequences Certificate-Based AuthenticationDownloads PAP Authentication via Kerberos Self-Signed Certificates

Authentication, Authorization, and Third-Party Digital Certificates Accounting with TACACS+ History

line Shell Profile IntroductionSecure Borderless Network Architecture Command Sets Access Services The PortIdentity-Enabled Network Use Case Service Selection Rules EAPSummary Default Device Admin: Authorization and EAP-TLSRADIUS Basics Identity PEAPTACACS+ Basics Monitoring and Troubleshooting ACS 802.1x Policy Elements (RADIUS)RADIUS vs. TACACS+ Cisco Secure ACS View OverviewACS 5.2 Overview Monitoring and Debugging RADIUS Date and TimeHardware Platform Solutions Authentication CustomSoftware Platform Solutions Monitoring and Debugging RADIUS Authorization ProfilesNew, Changed, and Supported Features Authorization Authorization: Downloadable ACLACS 5.2 Installation Monitoring and Debugging TACACS+ Access PoliciesInstallation on the CSACS+ Series Authentication Service Selection RulesAppliance Monitoring and Debugging TACACS+ Access ServicesInstallation with VMware ESX Server Authorization IdentityUsing Setup Scripts Debugging TACACS+ Packets and 802.1x and Windows XPLicensing Accounting Configure 802.1xACS Attribute Types ACS and Certificate Authority 802.1x and the Cisco Secure ServicesAttribute Definitions Certificate-Based Authentication Client (SSC)Attribute Value Types Self-Signed Certificates Configure 802.1x on the SSCPredefined Values Third-Party Digital Certificates Configure 802.1x Single HostAttribute Dictionaries History Authentication on a Cisco SwitchAttribute Aliases Introduction Single Host AuthenticationAvailability of Attributes Based on Policy The Port Single Host Authentication CommandsAdding Network Devices to ACS EAP Cisco Sitch 802.1x Configuration ReviewNetwork Resources EAP-TLS 802.1x TroubleshootingTypes of AAA Clients PEAP ACS, Switch, and Windows


Network Device Groups: Location 802.1x Policy Elements (RADIUS) TroubleshootingNetwork Device Groups: Device Type Overview Windows XP and Switch Debug OutputNetwork Devices and AAA Clients Date and Time ACS Monitoring and Reports Local Identity Store and Identity Store Custom ACS Operation ManagementSequence Authorization Profiles ACS Deployment StructureUsers and Identity Stores Authorization: Downloadable ACL Local OperationsInternal Identity Store Access Policies Distributed System ManagementExternal Identity Store Service Selection Rules Distributed Management OperationsCertificate Profile Access Services Replication OverviewInternal Identity Stores Identity Local OperationsUsers 802.1x and Windows XP Log CollectorGroups Configure 802.1x Change PassHosts 802.1x and the Cisco Secure Services ord FlowLDAP Overview Client (SSC) System AdministrationExternal Identity Stores: OpenLDAP Configure 802.1x on the SSC AdministratorsEnable LDAP Diagnostics Log Configure 802.1x Single Host UsersExternal Identity Store with Active Directory Authentication on a Cisco Switch OperationsInterface with Active Directory Single Host Authentication ConfigurationDNS Considerations Single Host Authentication Commands DownloadsNTP Server Considerations Cisco Sitch 802.1x Configuration ReviewConsiderations of Authenticating Usernames 802.1x Troubleshootingwith Domains ACS, Switch, and Windows lineMachine Access Restrictions (MAR) Troubleshooting Secure Borderless Network ArchitectureWindows 2008 Compatibility and Feature Windows XP and Switch Debug Output Identity-Enabled Network Use CaseSupport ACS Monitoring and Reports Summary Testing Connectivity between ACS and AD ACS Operation Management RADIUS BasicsGroup Names Differences in ACS 4.x and ACS Deployment Structure TACACS+ Basics5.x Local Operations RADIUS vs. TACACS+Identity Store Sequences Distributed System Management ACS 5.2 OverviewPAP Authentication via Kerberos Distributed Management Operations Hardware Platform SolutionsAuthentication, Authorization, and Replication Overview Software Platform SolutionsAccounting with TACACS+ Local Operations New, Changed, and Supported FeaturesShell Profile Log Collector ACS 5.2 InstallationCommand Sets Access Services Change Pass Installation on the CSACS+ SeriesService Selection Rules ord Flow ApplianceDefault Device Admin: Authorization and System Administration Installation with VMware ESX ServerIdentity Administrators Using Setup ScriptsMonitoring and Troubleshooting ACS Users LicensingCisco Secure ACS View Operations ACS Attribute TypesMonitoring and Debugging RADIUS Configuration Attribute DefinitionsAuthentication Downloads Attribute Value TypesMonitoring and Debugging RADIUS Predefined ValuesAuthorization Attribute DictionariesMonitoring and Debugging TACACS+ line Attribute AliasesAuthentication Secure Borderless Network Architecture Availability of Attributes Based on PolicyMonitoring and Debugging TACACS+ Identity-Enabled Network Use Case Adding Network Devices to ACSAuthorization Summary Network ResourcesDebugging TACACS+ Packets and RADIUS Basics Types of AAA ClientsAccounting TACACS+ Basics Network Device Groups: LocationACS and Certificate Authority RADIUS vs. TACACS+ Network Device Groups: Device TypeCertificate-Based Authentication ACS 5.2 Overview Network Devices and AAA ClientsSelf-Signed Certificates Hardware Platform Solutions Local Identity Store and Identity StoreThird-Party Digital Certificates Software Platform Solutions SequenceHistory New, Changed, and Supported Features Users and Identity StoresIntroduction ACS 5.2 Installation Internal Identity StoreThe Port Installation on the CSACS+ Series External Identity StoreEAP Appliance Certificate ProfileEAP-TLS Installation with VMware ESX Server Internal Identity StoresPEAP Using Setup Scripts Users802.1x Policy Elements (RADIUS) Licensing GroupsOverview ACS Attribute Types Hosts Date and Time Attribute Definitions LDAP OverviewCustom Attribute Value Types External Identity Stores: OpenLDAPAuthorization Profiles Predefined Values Enable LDAP Diagnostics LogAuthorization: Downloadable ACL Attribute Dictionaries External Identity Store with ActiveAccess Policies Attribute Aliases Directory


Service Selection Rules Availability of Attributes Based on Policy Interface with Active DirectoryAccess Services Adding Network Devices to ACS DNS ConsiderationsIdentity Network Resources NTP Server Considerations802.1x and Windows XP Types of AAA Clients Considerations of AuthenticatingConfigure 802.1x Network Device Groups: Location Usernames with Domains802.1x and the Cisco Secure Services Client Network Device Groups: Device Type Machine Access Restrictions (MAR)(SSC) Network Devices and AAA Clients Windows 2008 Compatibility and FeatureConfigure 802.1x on the SSC Local Identity Store and Identity Store SupportConfigure 802.1x Single Host Authentication Sequence Testing Connectivity between ACS and ADon a Cisco Switch Users and Identity Stores Group Names Differences in ACS 4.x andSingle Host Authentication Internal Identity Store 5.xSingle Host Authentication Commands External Identity Store Identity Store SequencesCisco Sitch 802.1x Configuration Review Certificate Profile PAP Authentication via Kerberos802.1x Troubleshooting Internal Identity Stores Authentication, Authorization, andACS, Switch, and Windows Troubleshooting Users Accounting with TACACS+Windows XP and Switch Debug Output Groups Shell ProfileACS Monitoring and Reports Hosts Command Sets Access ServicesACS Operation Management LDAP Overview Service Selection RulesACS Deployment Structure External Identity Stores: OpenLDAP Default Device Admin: Authorization andLocal Operations Enable LDAP Diagnostics Log IdentityDistributed System Management External Identity Store with Active Monitoring and Troubleshooting ACSDistributed Management Operations Directory Cisco Secure ACS ViewReplication Overview Interface with Active Directory Monitoring and Debugging RADIUSLocal Operations DNS Considerations AuthenticationLog Collector NTP Server Considerations Monitoring and Debugging RADIUSChange Pass Considerations of Authenticating Authorizationord Flow Usernames with Domains Monitoring and Debugging TACACS+System Administration Machine Access Restrictions (MAR) AuthenticationAdministrators Windows 2008 Compatibility and Feature Monitoring and Debugging TACACS+Users Support AuthorizationOperations Testing Connectivity between ACS and Debugging TACACS+ Packets andConfiguration AD AccountingDownloads Group Names Differences in ACS 4.x ACS and Certificate Authority

and 5.x Certificate-Based AuthenticationIdentity Store Sequences Self-Signed Certificates

line PAP Authentication via Kerberos Third-Party Digital Certificates Secure Borderless Network Architecture Authentication, Authorization, and HistoryIdentity-Enabled Network Use Case Accounting with TACACS+ IntroductionSummary Shell Profile The PortRADIUS Basics Command Sets Access Services EAPTACACS+ Basics Service Selection Rules EAP-TLSRADIUS vs. TACACS+ Default Device Admin: Authorization and PEAPACS 5.2 Overview Identity 802.1x Policy Elements (RADIUS)Hardware Platform Solutions Monitoring and Troubleshooting ACS OverviewSoftware Platform Solutions Cisco Secure ACS View Date and TimeNew, Changed, and Supported Features Monitoring and Debugging RADIUS CustomACS 5.2 Installation Authentication Authorization ProfilesInstallation on the CSACS+ Series Monitoring and Debugging RADIUS Authorization: Downloadable ACLAppliance Authorization Access PoliciesInstallation with VMware ESX Server Monitoring and Debugging TACACS+ Service Selection RulesUsing Setup Scripts Authentication Access ServicesLicensing Monitoring and Debugging TACACS+ IdentityACS Attribute Types Authorization 802.1x and Windows XPAttribute Definitions Debugging TACACS+ Packets and Configure 802.1xAttribute Value Types Accounting 802.1x and the Cisco Secure ServicesPredefined Values ACS and Certificate Authority Client (SSC)Attribute Dictionaries Certificate-Based Authentication Configure 802.1x on the SSCAttribute Aliases Self-Signed Certificates Configure 802.1x Single HostAvailability of Attributes Based on Policy Third-Party Digital Certificates Authentication on a Cisco SwitchAdding Network Devices to ACS History Single Host AuthenticationNetwork Resources Introduction Single Host Authentication CommandsTypes of AAA Clients The Port Cisco Sitch 802.1x Configuration ReviewNetwork Device Groups: Location EAP 802.1x TroubleshootingNetwork Device Groups: Device Type EAP-TLS ACS, Switch, and WindowsNetwork Devices and AAA Clients PEAP TroubleshootingLocal Identity Store and Identity Store 802.1x Policy Elements (RADIUS) Windows XP and Switch Debug Output


Sequence Overview ACS Monitoring and Reports Users and Identity Stores Date and Time ACS Operation ManagementInternal Identity Store Custom ACS Deployment StructureExternal Identity Store Authorization Profiles Local OperationsCertificate Profile Authorization: Downloadable ACL Distributed System ManagementInternal Identity Stores Access Policies Distributed Management OperationsUsers Service Selection Rules Replication OverviewGroups Access Services Local OperationsHosts Identity Log CollectorLDAP Overview 802.1x and Windows XP Change PassExternal Identity Stores: OpenLDAP Configure 802.1x ord FlowEnable LDAP Diagnostics Log 802.1x and the Cisco Secure Services System AdministrationExternal Identity Store with Active Directory Client (SSC) AdministratorsInterface with Active Directory Configure 802.1x on the SSC UsersDNS Considerations Configure 802.1x Single Host OperationsNTP Server Considerations Authentication on a Cisco Switch ConfigurationConsiderations of Authenticating Usernames Single Host Authentication Downloadswith Domains Single Host Authentication CommandsMachine Access Restrictions (MAR) Cisco Sitch 802.1x Configuration ReviewWindows 2008 Compatibility and Feature 802.1x Troubleshooting lineSupport ACS, Switch, and Windows Secure Borderless Network ArchitectureTesting Connectivity between ACS and AD Troubleshooting Identity-Enabled Network Use CaseGroup Names Differences in ACS 4.x and Windows XP and Switch Debug Output Summary 5.x ACS Monitoring and Reports RADIUS BasicsIdentity Store Sequences ACS Operation Management TACACS+ BasicsPAP Authentication via Kerberos ACS Deployment Structure RADIUS vs. TACACS+Authentication, Authorization, and Local Operations ACS 5.2 OverviewAccounting with TACACS+ Distributed System Management Hardware Platform SolutionsShell Profile Distributed Management Operations Software Platform SolutionsCommand Sets Access Services Replication Overview New, Changed, and Supported FeaturesService Selection Rules Local Operations ACS 5.2 InstallationDefault Device Admin: Authorization and Log Collector Installation on the CSACS+ SeriesIdentity Change Pass ApplianceMonitoring and Troubleshooting ACS ord Flow Installation with VMware ESX ServerCisco Secure ACS View System Administration Using Setup ScriptsMonitoring and Debugging RADIUS Administrators LicensingAuthentication Users ACS Attribute TypesMonitoring and Debugging RADIUS Operations Attribute DefinitionsAuthorization Configuration Attribute Value TypesMonitoring and Debugging TACACS+ Downloads Predefined ValuesAuthentication Attribute DictionariesMonitoring and Debugging TACACS+ Attribute AliasesAuthorization line Availability of Attributes Based on PolicyDebugging TACACS+ Packets and Secure Borderless Network Architecture Adding Network Devices to ACSAccounting Identity-Enabled Network Use Case Network ResourcesACS and Certificate Authority Summary Types of AAA ClientsCertificate-Based Authentication RADIUS Basics Network Device Groups: LocationSelf-Signed Certificates TACACS+ Basics Network Device Groups: Device TypeThird-Party Digital Certificates RADIUS vs. TACACS+ Network Devices and AAA ClientsHistory ACS 5.2 Overview Local Identity Store and Identity StoreIntroduction Hardware Platform Solutions SequenceThe Port Software Platform Solutions Users and Identity StoresEAP New, Changed, and Supported Features Internal Identity StoreEAP-TLS ACS 5.2 Installation External Identity StorePEAP Installation on the CSACS+ Series Certificate Profile802.1x Policy Elements (RADIUS) Appliance Internal Identity StoresOverview Installation with VMware ESX Server UsersDate and Time Using Setup Scripts GroupsCustom Licensing Hosts Authorization Profiles ACS Attribute Types LDAP OverviewAuthorization: Downloadable ACL Attribute Definitions External Identity Stores: OpenLDAPAccess Policies Attribute Value Types Enable LDAP Diagnostics LogService Selection Rules Predefined Values External Identity Store with ActiveAccess Services Attribute Dictionaries DirectoryIdentity Attribute Aliases Interface with Active Directory802.1x and Windows XP Availability of Attributes Based on Policy DNS Considerations


Configure 802.1x Adding Network Devices to ACS NTP Server Considerations802.1x and the Cisco Secure Services Client Network Resources Considerations of Authenticating(SSC) Types of AAA Clients Usernames with DomainsConfigure 802.1x on the SSC Network Device Groups: Location Machine Access Restrictions (MAR)Configure 802.1x Single Host Authentication Network Device Groups: Device Type Windows 2008 Compatibility and Featureon a Cisco Switch Network Devices and AAA Clients SupportSingle Host Authentication Local Identity Store and Identity Store Testing Connectivity between ACS and ADSingle Host Authentication Commands Sequence Group Names Differences in ACS 4.x andCisco Sitch 802.1x Configuration Review Users and Identity Stores 5.x802.1x Troubleshooting Internal Identity Store Identity Store SequencesACS, Switch, and Windows Troubleshooting External Identity Store PAP Authentication via KerberosWindows XP and Switch Debug Output Certificate Profile Authentication, Authorization, andACS Monitoring and Reports Internal Identity Stores Accounting with TACACS+ACS Operation Management Users Shell ProfileACS Deployment Structure Groups Command Sets Access ServicesLocal Operations Hosts Service Selection RulesDistributed System Management LDAP Overview Default Device Admin: Authorization andDistributed Management Operations External Identity Stores: OpenLDAP IdentityReplication Overview Enable LDAP Diagnostics Log Monitoring and Troubleshooting ACSLocal Operations External Identity Store with Active Cisco Secure ACS ViewLog Collector Directory Monitoring and Debugging RADIUSChange Pass Interface with Active Directory Authenticationord Flow DNS Considerations Monitoring and Debugging RADIUSSystem Administration NTP Server Considerations AuthorizationAdministrators Considerations of Authenticating Monitoring and Debugging TACACS+Users Usernames with Domains AuthenticationOperations Machine Access Restrictions (MAR) Monitoring and Debugging TACACS+Configuration Windows 2008 Compatibility and Feature AuthorizationDownloads Support Debugging TACACS+ Packets and

Testing Connectivity between ACS and AccountingAD ACS and Certificate Authority

line Group Names Differences in ACS 4.x Certificate-Based AuthenticationSecure Borderless Network Architecture and 5.x Self-Signed CertificatesIdentity-Enabled Network Use Case Identity Store Sequences Third-Party Digital Certificates Summary PAP Authentication via Kerberos HistoryRADIUS Basics Authentication, Authorization, and IntroductionTACACS+ Basics Accounting with TACACS+ The PortRADIUS vs. TACACS+ Shell Profile EAPACS 5.2 Overview Command Sets Access Services EAP-TLSHardware Platform Solutions Service Selection Rules PEAPSoftware Platform Solutions Default Device Admin: Authorization and 802.1x Policy Elements (RADIUS)New, Changed, and Supported Features Identity OverviewACS 5.2 Installation Monitoring and Troubleshooting ACS Date and TimeInstallation on the CSACS+ Series Cisco Secure ACS View CustomAppliance Monitoring and Debugging RADIUS Authorization ProfilesInstallation with VMware ESX Server Authentication Authorization: Downloadable ACLUsing Setup Scripts Monitoring and Debugging RADIUS Access PoliciesLicensing Authorization Service Selection RulesACS Attribute Types Monitoring and Debugging TACACS+ Access ServicesAttribute Definitions Authentication IdentityAttribute Value Types Monitoring and Debugging TACACS+ 802.1x and Windows XPPredefined Values Authorization Configure 802.1xAttribute Dictionaries Debugging TACACS+ Packets and 802.1x and the Cisco Secure ServicesAttribute Aliases Accounting Client (SSC)Availability of Attributes Based on Policy ACS and Certificate Authority Configure 802.1x on the SSCAdding Network Devices to ACS Certificate-Based Authentication Configure 802.1x Single HostNetwork Resources Self-Signed Certificates Authentication on a Cisco SwitchTypes of AAA Clients Third-Party Digital Certificates Single Host AuthenticationNetwork Device Groups: Location History Single Host Authentication CommandsNetwork Device Groups: Device Type Introduction Cisco Sitch 802.1x Configuration ReviewNetwork Devices and AAA Clients The Port 802.1x TroubleshootingLocal Identity Store and Identity Store EAP ACS, Switch, and WindowsSequence EAP-TLS TroubleshootingUsers and Identity Stores PEAP Windows XP and Switch Debug OutputInternal Identity Store 802.1x Policy Elements (RADIUS) ACS Monitoring and Reports External Identity Store Overview ACS Operation Management


Certificate Profile Date and Time ACS Deployment StructureInternal Identity Stores Custom Local OperationsUsers Authorization Profiles Distributed System ManagementGroups Authorization: Downloadable ACL Distributed Management OperationsHosts Access Policies Replication OverviewLDAP Overview Service Selection Rules Local OperationsExternal Identity Stores: OpenLDAP Access Services Log CollectorEnable LDAP Diagnostics Log Identity Change PassExternal Identity Store with Active Directory 802.1x and Windows XP ord FlowInterface with Active Directory Configure 802.1x System AdministrationDNS Considerations 802.1x and the Cisco Secure Services AdministratorsNTP Server Considerations Client (SSC) UsersConsiderations of Authenticating Usernames Configure 802.1x on the SSC Operationswith Domains Configure 802.1x Single Host ConfigurationMachine Access Restrictions (MAR) Authentication on a Cisco Switch DownloadsWindows 2008 Compatibility and Feature Single Host AuthenticationSupport Single Host Authentication CommandsTesting Connectivity between ACS and AD Cisco Sitch 802.1x Configuration Review lineGroup Names Differences in ACS 4.x and 802.1x Troubleshooting Secure Borderless Network Architecture5.x ACS, Switch, and Windows Identity-Enabled Network Use CaseIdentity Store Sequences Troubleshooting Summary PAP Authentication via Kerberos Windows XP and Switch Debug Output RADIUS BasicsAuthentication, Authorization, and ACS Monitoring and Reports TACACS+ BasicsAccounting with TACACS+ ACS Operation Management RADIUS vs. TACACS+Shell Profile ACS Deployment Structure ACS 5.2 OverviewCommand Sets Access Services Local Operations Hardware Platform SolutionsService Selection Rules Distributed System Management Software Platform SolutionsDefault Device Admin: Authorization and Distributed Management Operations New, Changed, and Supported FeaturesIdentity Replication Overview ACS 5.2 InstallationMonitoring and Troubleshooting ACS Local Operations Installation on the CSACS+ SeriesCisco Secure ACS View Log Collector ApplianceMonitoring and Debugging RADIUS Change Pass Installation with VMware ESX ServerAuthentication ord Flow Using Setup ScriptsMonitoring and Debugging RADIUS System Administration LicensingAuthorization Administrators ACS Attribute TypesMonitoring and Debugging TACACS+ Users Attribute DefinitionsAuthentication Operations Attribute Value TypesMonitoring and Debugging TACACS+ Configuration Predefined ValuesAuthorization Downloads Attribute DictionariesDebugging TACACS+ Packets and Attribute AliasesAccounting Availability of Attributes Based on PolicyACS and Certificate Authority line Adding Network Devices to ACSCertificate-Based Authentication Secure Borderless Network Architecture Network ResourcesSelf-Signed Certificates Identity-Enabled Network Use Case Types of AAA ClientsThird-Party Digital Certificates Summary Network Device Groups: LocationHistory RADIUS Basics Network Device Groups: Device TypeIntroduction TACACS+ Basics Network Devices and AAA ClientsThe Port RADIUS vs. TACACS+ Local Identity Store and Identity StoreEAP ACS 5.2 Overview SequenceEAP-TLS Hardware Platform Solutions Users and Identity StoresPEAP Software Platform Solutions Internal Identity Store802.1x Policy Elements (RADIUS) New, Changed, and Supported Features External Identity StoreOverview ACS 5.2 Installation Certificate ProfileDate and Time Installation on the CSACS+ Series Internal Identity StoresCustom Appliance UsersAuthorization Profiles Installation with VMware ESX Server GroupsAuthorization: Downloadable ACL Using Setup Scripts Hosts Access Policies Licensing LDAP OverviewService Selection Rules ACS Attribute Types External Identity Stores: OpenLDAPAccess Services Attribute Definitions Enable LDAP Diagnostics LogIdentity Attribute Value Types External Identity Store with Active802.1x and Windows XP Predefined Values DirectoryConfigure 802.1x Attribute Dictionaries Interface with Active Directory802.1x and the Cisco Secure Services Client Attribute Aliases DNS Considerations(SSC) Availability of Attributes Based on Policy NTP Server ConsiderationsConfigure 802.1x on the SSC Adding Network Devices to ACS Considerations of Authenticating


Configure 802.1x Single Host Authentication Network Resources Usernames with Domainson a Cisco Switch Types of AAA Clients Machine Access Restrictions (MAR)Single Host Authentication Network Device Groups: Location Windows 2008 Compatibility and FeatureSingle Host Authentication Commands Network Device Groups: Device Type SupportCisco Sitch 802.1x Configuration Review Network Devices and AAA Clients Testing Connectivity between ACS and AD802.1x Troubleshooting Local Identity Store and Identity Store Group Names Differences in ACS 4.x andACS, Switch, and Windows Troubleshooting Sequence 5.xWindows XP and Switch Debug Output Users and Identity Stores Identity Store SequencesACS Monitoring and Reports Internal Identity Store PAP Authentication via KerberosACS Operation Management External Identity Store Authentication, Authorization, andACS Deployment Structure Certificate Profile Accounting with TACACS+Local Operations Internal Identity Stores Shell ProfileDistributed System Management Users Command Sets Access ServicesDistributed Management Operations Groups Service Selection RulesReplication Overview Hosts Default Device Admin: Authorization andLocal Operations LDAP Overview IdentityLog Collector External Identity Stores: OpenLDAP Monitoring and Troubleshooting ACSChange Pass Enable LDAP Diagnostics Log Cisco Secure ACS Vieword Flow External Identity Store with Active Monitoring and Debugging RADIUSSystem Administration Directory AuthenticationAdministrators Interface with Active Directory Monitoring and Debugging RADIUSUsers DNS Considerations AuthorizationOperations NTP Server Considerations Monitoring and Debugging TACACS+Configuration Considerations of Authenticating AuthenticationDownloads Usernames with Domains Monitoring and Debugging TACACS+

Machine Access Restrictions (MAR) AuthorizationWindows 2008 Compatibility and Feature Debugging TACACS+ Packets and

line Support AccountingSecure Borderless Network Architecture Testing Connectivity between ACS and ACS and Certificate AuthorityIdentity-Enabled Network Use Case AD Certificate-Based AuthenticationSummary Group Names Differences in ACS 4.x Self-Signed CertificatesRADIUS Basics and 5.x Third-Party Digital Certificates TACACS+ Basics Identity Store Sequences HistoryRADIUS vs. TACACS+ PAP Authentication via Kerberos IntroductionACS 5.2 Overview Authentication, Authorization, and The PortHardware Platform Solutions Accounting with TACACS+ EAPSoftware Platform Solutions Shell Profile EAP-TLSNew, Changed, and Supported Features Command Sets Access Services PEAPACS 5.2 Installation Service Selection Rules 802.1x Policy Elements (RADIUS)Installation on the CSACS+ Series Default Device Admin: Authorization and OverviewAppliance Identity Date and TimeInstallation with VMware ESX Server Monitoring and Troubleshooting ACS CustomUsing Setup Scripts Cisco Secure ACS View Authorization ProfilesLicensing Monitoring and Debugging RADIUS Authorization: Downloadable ACLACS Attribute Types Authentication Access PoliciesAttribute Definitions Monitoring and Debugging RADIUS Service Selection RulesAttribute Value Types Authorization Access ServicesPredefined Values Monitoring and Debugging TACACS+ IdentityAttribute Dictionaries Authentication 802.1x and Windows XPAttribute Aliases Monitoring and Debugging TACACS+ Configure 802.1xAvailability of Attributes Based on Policy Authorization 802.1x and the Cisco Secure ServicesAdding Network Devices to ACS Debugging TACACS+ Packets and Client (SSC)Network Resources Accounting Configure 802.1x on the SSCTypes of AAA Clients ACS and Certificate Authority Configure 802.1x Single HostNetwork Device Groups: Location Certificate-Based Authentication Authentication on a Cisco SwitchNetwork Device Groups: Device Type Self-Signed Certificates Single Host AuthenticationNetwork Devices and AAA Clients Third-Party Digital Certificates Single Host Authentication CommandsLocal Identity Store and Identity Store History Cisco Sitch 802.1x Configuration ReviewSequence Introduction 802.1x TroubleshootingUsers and Identity Stores The Port ACS, Switch, and WindowsInternal Identity Store EAP TroubleshootingExternal Identity Store EAP-TLS Windows XP and Switch Debug OutputCertificate Profile PEAP ACS Monitoring and Reports Internal Identity Stores 802.1x Policy Elements (RADIUS) ACS Operation ManagementUsers Overview ACS Deployment StructureGroups Date and Time Local Operations


Hosts Custom Distributed System ManagementLDAP Overview Authorization Profiles Distributed Management OperationsExternal Identity Stores: OpenLDAP Authorization: Downloadable ACL Replication OverviewEnable LDAP Diagnostics Log Access Policies Local OperationsExternal Identity Store with Active Directory Service Selection Rules Log CollectorInterface with Active Directory Access Services Change PassDNS Considerations Identity ord FlowNTP Server Considerations 802.1x and Windows XP System AdministrationConsiderations of Authenticating Usernames Configure 802.1x Administratorswith Domains 802.1x and the Cisco Secure Services UsersMachine Access Restrictions (MAR) Client (SSC) OperationsWindows 2008 Compatibility and Feature Configure 802.1x on the SSC ConfigurationSupport Configure 802.1x Single Host DownloadsTesting Connectivity between ACS and AD Authentication on a Cisco SwitchGroup Names Differences in ACS 4.x and Single Host Authentication5.x Single Host Authentication Commands lineIdentity Store Sequences Cisco Sitch 802.1x Configuration Review Secure Borderless Network ArchitecturePAP Authentication via Kerberos 802.1x Troubleshooting Identity-Enabled Network Use CaseAuthentication, Authorization, and ACS, Switch, and Windows Summary Accounting with TACACS+ Troubleshooting RADIUS BasicsShell Profile Windows XP and Switch Debug Output TACACS+ BasicsCommand Sets Access Services ACS Monitoring and Reports RADIUS vs. TACACS+Service Selection Rules ACS Operation Management ACS 5.2 OverviewDefault Device Admin: Authorization and ACS Deployment Structure Hardware Platform SolutionsIdentity Local Operations Software Platform SolutionsMonitoring and Troubleshooting ACS Distributed System Management New, Changed, and Supported FeaturesCisco Secure ACS View Distributed Management Operations ACS 5.2 InstallationMonitoring and Debugging RADIUS Replication Overview Installation on the CSACS+ SeriesAuthentication Local Operations ApplianceMonitoring and Debugging RADIUS Log Collector Installation with VMware ESX ServerAuthorization Change Pass Using Setup ScriptsMonitoring and Debugging TACACS+ ord Flow LicensingAuthentication System Administration ACS Attribute TypesMonitoring and Debugging TACACS+ Administrators Attribute DefinitionsAuthorization Users Attribute Value TypesDebugging TACACS+ Packets and Operations Predefined ValuesAccounting Configuration Attribute DictionariesACS and Certificate Authority Downloads Attribute AliasesCertificate-Based Authentication Availability of Attributes Based on PolicySelf-Signed Certificates Adding Network Devices to ACSThird-Party Digital Certificates line Network ResourcesHistory Secure Borderless Network Architecture Types of AAA ClientsIntroduction Identity-Enabled Network Use Case Network Device Groups: LocationThe Port Summary Network Device Groups: Device TypeEAP RADIUS Basics Network Devices and AAA ClientsEAP-TLS TACACS+ Basics Local Identity Store and Identity StorePEAP RADIUS vs. TACACS+ Sequence802.1x Policy Elements (RADIUS) ACS 5.2 Overview Users and Identity StoresOverview Hardware Platform Solutions Internal Identity StoreDate and Time Software Platform Solutions External Identity StoreCustom New, Changed, and Supported Features Certificate ProfileAuthorization Profiles ACS 5.2 Installation Internal Identity StoresAuthorization: Downloadable ACL Installation on the CSACS+ Series UsersAccess Policies Appliance GroupsService Selection Rules Installation with VMware ESX Server Hosts Access Services Using Setup Scripts LDAP OverviewIdentity Licensing External Identity Stores: OpenLDAP802.1x and Windows XP ACS Attribute Types Enable LDAP Diagnostics LogConfigure 802.1x Attribute Definitions External Identity Store with Active802.1x and the Cisco Secure Services Client Attribute Value Types Directory(SSC) Predefined Values Interface with Active DirectoryConfigure 802.1x on the SSC Attribute Dictionaries DNS ConsiderationsConfigure 802.1x Single Host Authentication Attribute Aliases NTP Server Considerationson a Cisco Switch Availability of Attributes Based on Policy Considerations of AuthenticatingSingle Host Authentication Adding Network Devices to ACS Usernames with DomainsSingle Host Authentication Commands Network Resources Machine Access Restrictions (MAR)


Cisco Sitch 802.1x Configuration Review Types of AAA Clients Windows 2008 Compatibility and Feature802.1x Troubleshooting Network Device Groups: Location SupportACS, Switch, and Windows Troubleshooting Network Device Groups: Device Type Testing Connectivity between ACS and ADWindows XP and Switch Debug Output Network Devices and AAA Clients Group Names Differences in ACS 4.x andACS Monitoring and Reports Local Identity Store and Identity Store 5.xACS Operation Management Sequence Identity Store SequencesACS Deployment Structure Users and Identity Stores PAP Authentication via KerberosLocal Operations Internal Identity Store Authentication, Authorization, andDistributed System Management External Identity Store Accounting with TACACS+Distributed Management Operations Certificate Profile Shell ProfileReplication Overview Internal Identity Stores Command Sets Access ServicesLocal Operations Users Service Selection RulesLog Collector Groups Default Device Admin: Authorization andChange Pass Hosts Identityord Flow LDAP Overview Monitoring and Troubleshooting ACSSystem Administration External Identity Stores: OpenLDAP Cisco Secure ACS ViewAdministrators Enable LDAP Diagnostics Log Monitoring and Debugging RADIUSUsers External Identity Store with Active AuthenticationOperations Directory Monitoring and Debugging RADIUSConfiguration Interface with Active Directory AuthorizationDownloads DNS Considerations Monitoring and Debugging TACACS+

NTP Server Considerations AuthenticationConsiderations of Authenticating Monitoring and Debugging TACACS+

line Usernames with Domains AuthorizationSecure Borderless Network Architecture Machine Access Restrictions (MAR) Debugging TACACS+ Packets andIdentity-Enabled Network Use Case Windows 2008 Compatibility and Feature AccountingSummary Support ACS and Certificate AuthorityRADIUS Basics Testing Connectivity between ACS and Certificate-Based AuthenticationTACACS+ Basics AD Self-Signed CertificatesRADIUS vs. TACACS+ Group Names Differences in ACS 4.x Third-Party Digital Certificates ACS 5.2 Overview and 5.x HistoryHardware Platform Solutions Identity Store Sequences IntroductionSoftware Platform Solutions PAP Authentication via Kerberos The PortNew, Changed, and Supported Features Authentication, Authorization, and EAPACS 5.2 Installation Accounting with TACACS+ EAP-TLSInstallation on the CSACS+ Series Shell Profile PEAPAppliance Command Sets Access Services 802.1x Policy Elements (RADIUS)Installation with VMware ESX Server Service Selection Rules OverviewUsing Setup Scripts Default Device Admin: Authorization and Date and TimeLicensing Identity CustomACS Attribute Types Monitoring and Troubleshooting ACS Authorization ProfilesAttribute Definitions Cisco Secure ACS View Authorization: Downloadable ACLAttribute Value Types Monitoring and Debugging RADIUS Access PoliciesPredefined Values Authentication Service Selection RulesAttribute Dictionaries Monitoring and Debugging RADIUS Access ServicesAttribute Aliases Authorization IdentityAvailability of Attributes Based on Policy Monitoring and Debugging TACACS+ 802.1x and Windows XPAdding Network Devices to ACS Authentication Configure 802.1xNetwork Resources Monitoring and Debugging TACACS+ 802.1x and the Cisco Secure ServicesTypes of AAA Clients Authorization Client (SSC)Network Device Groups: Location Debugging TACACS+ Packets and Configure 802.1x on the SSCNetwork Device Groups: Device Type Accounting Configure 802.1x Single HostNetwork Devices and AAA Clients ACS and Certificate Authority Authentication on a Cisco SwitchLocal Identity Store and Identity Store Certificate-Based Authentication Single Host AuthenticationSequence Self-Signed Certificates Single Host Authentication CommandsUsers and Identity Stores Third-Party Digital Certificates Cisco Sitch 802.1x Configuration ReviewInternal Identity Store History 802.1x TroubleshootingExternal Identity Store Introduction ACS, Switch, and WindowsCertificate Profile The Port TroubleshootingInternal Identity Stores EAP Windows XP and Switch Debug OutputUsers EAP-TLS ACS Monitoring and Reports Groups PEAP ACS Operation ManagementHosts 802.1x Policy Elements (RADIUS) ACS Deployment StructureLDAP Overview Overview Local OperationsExternal Identity Stores: OpenLDAP Date and Time Distributed System ManagementEnable LDAP Diagnostics Log Custom Distributed Management Operations


External Identity Store with Active Directory Authorization Profiles Replication OverviewInterface with Active Directory Authorization: Downloadable ACL Local OperationsDNS Considerations Access Policies Log CollectorNTP Server Considerations Service Selection Rules Change PassConsiderations of Authenticating Usernames Access Services ord Flowwith Domains Identity System AdministrationMachine Access Restrictions (MAR) 802.1x and Windows XP AdministratorsWindows 2008 Compatibility and Feature Configure 802.1x UsersSupport 802.1x and the Cisco Secure Services OperationsTesting Connectivity between ACS and AD Client (SSC) ConfigurationGroup Names Differences in ACS 4.x and Configure 802.1x on the SSC Downloads5.x Configure 802.1x Single HostIdentity Store Sequences Authentication on a Cisco SwitchPAP Authentication via Kerberos Single Host Authentication lineAuthentication, Authorization, and Single Host Authentication Commands Secure Borderless Network ArchitectureAccounting with TACACS+ Cisco Sitch 802.1x Configuration Review Identity-Enabled Network Use CaseShell Profile 802.1x Troubleshooting Summary Command Sets Access Services ACS, Switch, and Windows RADIUS BasicsService Selection Rules Troubleshooting TACACS+ BasicsDefault Device Admin: Authorization and Windows XP and Switch Debug Output RADIUS vs. TACACS+Identity ACS Monitoring and Reports ACS 5.2 OverviewMonitoring and Troubleshooting ACS ACS Operation Management Hardware Platform SolutionsCisco Secure ACS View ACS Deployment Structure Software Platform SolutionsMonitoring and Debugging RADIUS Local Operations New, Changed, and Supported FeaturesAuthentication Distributed System Management ACS 5.2 InstallationMonitoring and Debugging RADIUS Distributed Management Operations Installation on the CSACS+ SeriesAuthorization Replication Overview ApplianceMonitoring and Debugging TACACS+ Local Operations Installation with VMware ESX ServerAuthentication Log Collector Using Setup ScriptsMonitoring and Debugging TACACS+ Change Pass LicensingAuthorization ord Flow ACS Attribute TypesDebugging TACACS+ Packets and System Administration Attribute DefinitionsAccounting Administrators Attribute Value TypesACS and Certificate Authority Users Predefined ValuesCertificate-Based Authentication Operations Attribute DictionariesSelf-Signed Certificates Configuration Attribute AliasesThird-Party Digital Certificates Downloads Availability of Attributes Based on PolicyHistory Adding Network Devices to ACSIntroduction IEEE 802.1x with ACS 5.2 Network ResourcesThe Port line Types of AAA ClientsEAP IEEE 802.1xOverview Network Device Groups: LocationEAP-TLS Network Device Groups: Device TypePEAP Network Devices and AAA Clients802.1x Policy Elements (RADIUS) line Local Identity Store and Identity StoreOverview Secure Borderless Network Architecture SequenceDate and Time Identity-Enabled Network Use Case Users and Identity StoresCustom Summary Internal Identity StoreAuthorization Profiles RADIUS Basics External Identity StoreAuthorization: Downloadable ACL TACACS+ Basics Certificate ProfileAccess Policies RADIUS vs. TACACS+ Internal Identity StoresService Selection Rules ACS 5.2 Overview UsersAccess Services Hardware Platform Solutions GroupsIdentity Software Platform Solutions Hosts 802.1x and Windows XP New, Changed, and Supported Features LDAP OverviewConfigure 802.1x ACS 5.2 Installation External Identity Stores: OpenLDAP802.1x and the Cisco Secure Services Client Installation on the CSACS+ Series Enable LDAP Diagnostics Log(SSC) Appliance External Identity Store with ActiveConfigure 802.1x on the SSC Installation with VMware ESX Server DirectoryConfigure 802.1x Single Host Authentication Using Setup Scripts Interface with Active Directoryon a Cisco Switch Licensing DNS ConsiderationsSingle Host Authentication ACS Attribute Types NTP Server ConsiderationsSingle Host Authentication Commands Attribute Definitions Considerations of AuthenticatingCisco Sitch 802.1x Configuration Review Attribute Value Types Usernames with Domains802.1x Troubleshooting Predefined Values Machine Access Restrictions (MAR)ACS, Switch, and Windows Troubleshooting Attribute Dictionaries Windows 2008 Compatibility and FeatureWindows XP and Switch Debug Output Attribute Aliases Support


ACS Monitoring and Reports Availability of Attributes Based on Policy Testing Connectivity between ACS and ADACS Operation Management Adding Network Devices to ACS Group Names Differences in ACS 4.x andACS Deployment Structure Network Resources 5.xLocal Operations Types of AAA Clients Identity Store SequencesDistributed System Management Network Device Groups: Location PAP Authentication via KerberosDistributed Management Operations Network Device Groups: Device Type Authentication, Authorization, andReplication Overview Network Devices and AAA Clients Accounting with TACACS+Local Operations Local Identity Store and Identity Store Shell ProfileLog Collector Sequence Command Sets Access ServicesChange Pass Users and Identity Stores Service Selection Rulesord Flow Internal Identity Store Default Device Admin: Authorization andSystem Administration External Identity Store IdentityAdministrators Certificate Profile Monitoring and Troubleshooting ACSUsers Internal Identity Stores Cisco Secure ACS ViewOperations Users Monitoring and Debugging RADIUSConfiguration Groups AuthenticationDownloads Hosts Monitoring and Debugging RADIUS

LDAP Overview AuthorizationExternal Identity Stores: OpenLDAP Monitoring and Debugging TACACS+

line Enable LDAP Diagnostics Log AuthenticationSecure Borderless Network Architecture External Identity Store with Active Monitoring and Debugging TACACS+Identity-Enabled Network Use Case Directory AuthorizationSummary Interface with Active Directory Debugging TACACS+ Packets andRADIUS Basics DNS Considerations AccountingTACACS+ Basics NTP Server Considerations ACS and Certificate AuthorityRADIUS vs. TACACS+ Considerations of Authenticating Certificate-Based AuthenticationACS 5.2 Overview Usernames with Domains Self-Signed CertificatesHardware Platform Solutions Machine Access Restrictions (MAR) Third-Party Digital Certificates Software Platform Solutions Windows 2008 Compatibility and Feature HistoryNew, Changed, and Supported Features Support IntroductionACS 5.2 Installation Testing Connectivity between ACS and The PortInstallation on the CSACS+ Series AD EAPAppliance Group Names Differences in ACS 4.x EAP-TLSInstallation with VMware ESX Server and 5.x PEAPUsing Setup Scripts Identity Store Sequences 802.1x Policy Elements (RADIUS)Licensing PAP Authentication via Kerberos OverviewACS Attribute Types Authentication, Authorization, and Date and TimeAttribute Definitions Accounting with TACACS+ CustomAttribute Value Types Shell Profile Authorization ProfilesPredefined Values Command Sets Access Services Authorization: Downloadable ACLAttribute Dictionaries Service Selection Rules Access PoliciesAttribute Aliases Default Device Admin: Authorization and Service Selection RulesAvailability of Attributes Based on Policy Identity Access ServicesAdding Network Devices to ACS Monitoring and Troubleshooting ACS IdentityNetwork Resources Cisco Secure ACS View 802.1x and Windows XPTypes of AAA Clients Monitoring and Debugging RADIUS Configure 802.1xNetwork Device Groups: Location Authentication 802.1x and the Cisco Secure ServicesNetwork Device Groups: Device Type Monitoring and Debugging RADIUS Client (SSC)Network Devices and AAA Clients Authorization Configure 802.1x on the SSCLocal Identity Store and Identity Store Monitoring and Debugging TACACS+ Configure 802.1x Single HostSequence Authentication Authentication on a Cisco SwitchUsers and Identity Stores Monitoring and Debugging TACACS+ Single Host AuthenticationInternal Identity Store Authorization Single Host Authentication CommandsExternal Identity Store Debugging TACACS+ Packets and Cisco Sitch 802.1x Configuration ReviewCertificate Profile Accounting 802.1x TroubleshootingInternal Identity Stores ACS and Certificate Authority ACS, Switch, and WindowsUsers Certificate-Based Authentication TroubleshootingGroups Self-Signed Certificates Windows XP and Switch Debug OutputHosts Third-Party Digital Certificates ACS Monitoring and Reports LDAP Overview History ACS Operation ManagementExternal Identity Stores: OpenLDAP Introduction ACS Deployment StructureEnable LDAP Diagnostics Log The Port Local OperationsExternal Identity Store with Active Directory EAP Distributed System ManagementInterface with Active Directory EAP-TLS Distributed Management OperationsDNS Considerations PEAP Replication OverviewNTP Server Considerations 802.1x Policy Elements (RADIUS) Local Operations


Considerations of Authenticating Usernames Overview Log Collectorwith Domains Date and Time Change PassMachine Access Restrictions (MAR) Custom ord FlowWindows 2008 Compatibility and Feature Authorization Profiles System AdministrationSupport Authorization: Downloadable ACL AdministratorsTesting Connectivity between ACS and AD Access Policies UsersGroup Names Differences in ACS 4.x and Service Selection Rules Operations5.x Access Services ConfigurationIdentity Store Sequences Identity DownloadsPAP Authentication via Kerberos 802.1x and Windows XPAuthentication, Authorization, and Configure 802.1xAccounting with TACACS+ 802.1x and the Cisco Secure Services lineShell Profile Client (SSC) Secure Borderless Network ArchitectureCommand Sets Access Services Configure 802.1x on the SSC Identity-Enabled Network Use CaseService Selection Rules Configure 802.1x Single Host Summary Default Device Admin: Authorization and Authentication on a Cisco Switch RADIUS BasicsIdentity Single Host Authentication TACACS+ BasicsMonitoring and Troubleshooting ACS Single Host Authentication Commands RADIUS vs. TACACS+Cisco Secure ACS View Cisco Sitch 802.1x Configuration Review ACS 5.2 OverviewMonitoring and Debugging RADIUS 802.1x Troubleshooting Hardware Platform SolutionsAuthentication ACS, Switch, and Windows Software Platform SolutionsMonitoring and Debugging RADIUS Troubleshooting New, Changed, and Supported FeaturesAuthorization Windows XP and Switch Debug Output ACS 5.2 InstallationMonitoring and Debugging TACACS+ ACS Monitoring and Reports Installation on the CSACS+ SeriesAuthentication ACS Operation Management ApplianceMonitoring and Debugging TACACS+ ACS Deployment Structure Installation with VMware ESX ServerAuthorization Local Operations Using Setup ScriptsDebugging TACACS+ Packets and Distributed System Management LicensingAccounting Distributed Management Operations ACS Attribute TypesACS and Certificate Authority Replication Overview Attribute DefinitionsCertificate-Based Authentication Local Operations Attribute Value TypesSelf-Signed Certificates Log Collector Predefined ValuesThird-Party Digital Certificates Change Pass Attribute DictionariesHistory ord Flow Attribute AliasesIntroduction System Administration Availability of Attributes Based on PolicyThe Port Administrators Adding Network Devices to ACSEAP Users Network ResourcesEAP-TLS Operations Types of AAA ClientsPEAP Configuration Network Device Groups: Location802.1x Policy Elements (RADIUS) Downloads Network Device Groups: Device TypeOverview Network Devices and AAA ClientsDate and Time Local Identity Store and Identity StoreCustom line SequenceAuthorization Profiles Secure Borderless Network Architecture Users and Identity StoresAuthorization: Downloadable ACL Identity-Enabled Network Use Case Internal Identity StoreAccess Policies Summary External Identity StoreService Selection Rules RADIUS Basics Certificate ProfileAccess Services TACACS+ Basics Internal Identity StoresIdentity RADIUS vs. TACACS+ Users802.1x and Windows XP ACS 5.2 Overview GroupsConfigure 802.1x Hardware Platform Solutions Hosts 802.1x and the Cisco Secure Services Client Software Platform Solutions LDAP Overview(SSC) New, Changed, and Supported Features External Identity Stores: OpenLDAPConfigure 802.1x on the SSC ACS 5.2 Installation Enable LDAP Diagnostics LogConfigure 802.1x Single Host Authentication Installation on the CSACS+ Series External Identity Store with Activeon a Cisco Switch Appliance DirectorySingle Host Authentication Installation with VMware ESX Server Interface with Active DirectorySingle Host Authentication Commands Using Setup Scripts DNS ConsiderationsCisco Sitch 802.1x Configuration Review Licensing NTP Server Considerations802.1x Troubleshooting ACS Attribute Types Considerations of AuthenticatingACS, Switch, and Windows Troubleshooting Attribute Definitions Usernames with DomainsWindows XP and Switch Debug Output Attribute Value Types Machine Access Restrictions (MAR)ACS Monitoring and Reports Predefined Values Windows 2008 Compatibility and FeatureACS Operation Management Attribute Dictionaries SupportACS Deployment Structure Attribute Aliases Testing Connectivity between ACS and ADLocal Operations Availability of Attributes Based on Policy Group Names Differences in ACS 4.x and


Distributed System Management Adding Network Devices to ACS 5.xDistributed Management Operations Network Resources Identity Store SequencesReplication Overview Types of AAA Clients PAP Authentication via KerberosLocal Operations Network Device Groups: Location Authentication, Authorization, andLog Collector Network Device Groups: Device Type Accounting with TACACS+Change Pass Network Devices and AAA Clients Shell Profileord Flow Local Identity Store and Identity Store Command Sets Access ServicesSystem Administration Sequence Service Selection RulesAdministrators Users and Identity Stores Default Device Admin: Authorization andUsers Internal Identity Store IdentityOperations External Identity Store Monitoring and Troubleshooting ACSConfiguration Certificate Profile Cisco Secure ACS ViewDownloads Internal Identity Stores Monitoring and Debugging RADIUS

Users AuthenticationGroups Monitoring and Debugging RADIUS

line Hosts AuthorizationSecure Borderless Network Architecture LDAP Overview Monitoring and Debugging TACACS+Identity-Enabled Network Use Case External Identity Stores: OpenLDAP AuthenticationSummary Enable LDAP Diagnostics Log Monitoring and Debugging TACACS+RADIUS Basics External Identity Store with Active AuthorizationTACACS+ Basics Directory Debugging TACACS+ Packets andRADIUS vs. TACACS+ Interface with Active Directory AccountingACS 5.2 Overview DNS Considerations ACS and Certificate AuthorityHardware Platform Solutions NTP Server Considerations Certificate-Based AuthenticationSoftware Platform Solutions Considerations of Authenticating Self-Signed CertificatesNew, Changed, and Supported Features Usernames with Domains Third-Party Digital Certificates ACS 5.2 Installation Machine Access Restrictions (MAR) HistoryInstallation on the CSACS+ Series Windows 2008 Compatibility and Feature IntroductionAppliance Support The PortInstallation with VMware ESX Server Testing Connectivity between ACS and EAPUsing Setup Scripts AD EAP-TLSLicensing Group Names Differences in ACS 4.x PEAPACS Attribute Types and 5.x 802.1x Policy Elements (RADIUS)Attribute Definitions Identity Store Sequences OverviewAttribute Value Types PAP Authentication via Kerberos Date and TimePredefined Values Authentication, Authorization, and CustomAttribute Dictionaries Accounting with TACACS+ Authorization ProfilesAttribute Aliases Shell Profile Authorization: Downloadable ACLAvailability of Attributes Based on Policy Command Sets Access Services Access PoliciesAdding Network Devices to ACS Service Selection Rules Service Selection RulesNetwork Resources Default Device Admin: Authorization and Access ServicesTypes of AAA Clients Identity IdentityNetwork Device Groups: Location Monitoring and Troubleshooting ACS 802.1x and Windows XPNetwork Device Groups: Device Type Cisco Secure ACS View Configure 802.1xNetwork Devices and AAA Clients Monitoring and Debugging RADIUS 802.1x and the Cisco Secure ServicesLocal Identity Store and Identity Store Authentication Client (SSC)Sequence Monitoring and Debugging RADIUS Configure 802.1x on the SSCUsers and Identity Stores Authorization Configure 802.1x Single HostInternal Identity Store Monitoring and Debugging TACACS+ Authentication on a Cisco SwitchExternal Identity Store Authentication Single Host AuthenticationCertificate Profile Monitoring and Debugging TACACS+ Single Host Authentication CommandsInternal Identity Stores Authorization Cisco Sitch 802.1x Configuration ReviewUsers Debugging TACACS+ Packets and 802.1x TroubleshootingGroups Accounting ACS, Switch, and WindowsHosts ACS and Certificate Authority TroubleshootingLDAP Overview Certificate-Based Authentication Windows XP and Switch Debug OutputExternal Identity Stores: OpenLDAP Self-Signed Certificates ACS Monitoring and Reports Enable LDAP Diagnostics Log Third-Party Digital Certificates ACS Operation ManagementExternal Identity Store with Active Directory History ACS Deployment StructureInterface with Active Directory Introduction Local OperationsDNS Considerations The Port Distributed System ManagementNTP Server Considerations EAP Distributed Management OperationsConsiderations of Authenticating Usernames EAP-TLS Replication Overviewwith Domains PEAP Local OperationsMachine Access Restrictions (MAR) 802.1x Policy Elements (RADIUS) Log CollectorWindows 2008 Compatibility and Feature Overview Change Pass


Support Date and Time ord FlowTesting Connectivity between ACS and AD Custom System AdministrationGroup Names Differences in ACS 4.x and Authorization Profiles Administrators5.x Authorization: Downloadable ACL UsersIdentity Store Sequences Access Policies OperationsPAP Authentication via Kerberos Service Selection Rules ConfigurationAuthentication, Authorization, and Access Services DownloadsAccounting with TACACS+ IdentityShell Profile 802.1x and Windows XPCommand Sets Access Services Configure 802.1x lineService Selection Rules 802.1x and the Cisco Secure Services Secure Borderless Network ArchitectureDefault Device Admin: Authorization and Client (SSC) Identity-Enabled Network Use CaseIdentity Configure 802.1x on the SSC Summary Monitoring and Troubleshooting ACS Configure 802.1x Single Host RADIUS BasicsCisco Secure ACS View Authentication on a Cisco Switch TACACS+ BasicsMonitoring and Debugging RADIUS Single Host Authentication RADIUS vs. TACACS+Authentication Single Host Authentication Commands ACS 5.2 OverviewMonitoring and Debugging RADIUS Cisco Sitch 802.1x Configuration Review Hardware Platform SolutionsAuthorization 802.1x Troubleshooting Software Platform SolutionsMonitoring and Debugging TACACS+ ACS, Switch, and Windows New, Changed, and Supported FeaturesAuthentication Troubleshooting ACS 5.2 InstallationMonitoring and Debugging TACACS+ Windows XP and Switch Debug Output Installation on the CSACS+ SeriesAuthorization ACS Monitoring and Reports ApplianceDebugging TACACS+ Packets and ACS Operation Management Installation with VMware ESX ServerAccounting ACS Deployment Structure Using Setup ScriptsACS and Certificate Authority Local Operations LicensingCertificate-Based Authentication Distributed System Management ACS Attribute TypesSelf-Signed Certificates Distributed Management Operations Attribute DefinitionsThird-Party Digital Certificates Replication Overview Attribute Value TypesHistory Local Operations Predefined ValuesIntroduction Log Collector Attribute DictionariesThe Port Change Pass Attribute AliasesEAP ord Flow Availability of Attributes Based on PolicyEAP-TLS System Administration Adding Network Devices to ACSPEAP Administrators Network Resources802.1x Policy Elements (RADIUS) Users Types of AAA ClientsOverview Operations Network Device Groups: LocationDate and Time Configuration Network Device Groups: Device TypeCustom Downloads Network Devices and AAA ClientsAuthorization Profiles Local Identity Store and Identity StoreAuthorization: Downloadable ACL SequenceAccess Policies line Users and Identity StoresService Selection Rules Secure Borderless Network Architecture Internal Identity StoreAccess Services Identity-Enabled Network Use Case External Identity StoreIdentity Summary Certificate Profile802.1x and Windows XP RADIUS Basics Internal Identity StoresConfigure 802.1x TACACS+ Basics Users802.1x and the Cisco Secure Services Client RADIUS vs. TACACS+ Groups(SSC) ACS 5.2 Overview Hosts Configure 802.1x on the SSC Hardware Platform Solutions LDAP OverviewConfigure 802.1x Single Host Authentication Software Platform Solutions External Identity Stores: OpenLDAPon a Cisco Switch New, Changed, and Supported Features Enable LDAP Diagnostics LogSingle Host Authentication ACS 5.2 Installation External Identity Store with ActiveSingle Host Authentication Commands Installation on the CSACS+ Series DirectoryCisco Sitch 802.1x Configuration Review Appliance Interface with Active Directory802.1x Troubleshooting Installation with VMware ESX Server DNS ConsiderationsACS, Switch, and Windows Troubleshooting Using Setup Scripts NTP Server ConsiderationsWindows XP and Switch Debug Output Licensing Considerations of AuthenticatingACS Monitoring and Reports ACS Attribute Types Usernames with DomainsACS Operation Management Attribute Definitions Machine Access Restrictions (MAR)ACS Deployment Structure Attribute Value Types Windows 2008 Compatibility and FeatureLocal Operations Predefined Values SupportDistributed System Management Attribute Dictionaries Testing Connectivity between ACS and ADDistributed Management Operations Attribute Aliases Group Names Differences in ACS 4.x andReplication Overview Availability of Attributes Based on Policy 5.xLocal Operations Adding Network Devices to ACS Identity Store Sequences


Log Collector Network Resources PAP Authentication via KerberosChange Pass Types of AAA Clients Authentication, Authorization, andord Flow Network Device Groups: Location Accounting with TACACS+System Administration Network Device Groups: Device Type Shell ProfileAdministrators Network Devices and AAA Clients Command Sets Access ServicesUsers Local Identity Store and Identity Store Service Selection RulesOperations Sequence Default Device Admin: Authorization andConfiguration Users and Identity Stores IdentityDownloads Internal Identity Store Monitoring and Troubleshooting ACS

External Identity Store Cisco Secure ACS ViewCertificate Profile Monitoring and Debugging RADIUS

line Internal Identity Stores AuthenticationSecure Borderless Network Architecture Users Monitoring and Debugging RADIUSIdentity-Enabled Network Use Case Groups AuthorizationSummary Hosts Monitoring and Debugging TACACS+RADIUS Basics LDAP Overview AuthenticationTACACS+ Basics External Identity Stores: OpenLDAP Monitoring and Debugging TACACS+RADIUS vs. TACACS+ Enable LDAP Diagnostics Log AuthorizationACS 5.2 Overview External Identity Store with Active Debugging TACACS+ Packets andHardware Platform Solutions Directory AccountingSoftware Platform Solutions Interface with Active Directory ACS and Certificate AuthorityNew, Changed, and Supported Features DNS Considerations Certificate-Based AuthenticationACS 5.2 Installation NTP Server Considerations Self-Signed CertificatesInstallation on the CSACS+ Series Considerations of Authenticating Third-Party Digital Certificates Appliance Usernames with Domains HistoryInstallation with VMware ESX Server Machine Access Restrictions (MAR) IntroductionUsing Setup Scripts Windows 2008 Compatibility and Feature The PortLicensing Support EAPACS Attribute Types Testing Connectivity between ACS and EAP-TLSAttribute Definitions AD PEAPAttribute Value Types Group Names Differences in ACS 4.x 802.1x Policy Elements (RADIUS)Predefined Values and 5.x OverviewAttribute Dictionaries Identity Store Sequences Date and TimeAttribute Aliases PAP Authentication via Kerberos CustomAvailability of Attributes Based on Policy Authentication, Authorization, and Authorization ProfilesAdding Network Devices to ACS Accounting with TACACS+ Authorization: Downloadable ACLNetwork Resources Shell Profile Access PoliciesTypes of AAA Clients Command Sets Access Services Service Selection RulesNetwork Device Groups: Location Service Selection Rules Access ServicesNetwork Device Groups: Device Type Default Device Admin: Authorization and IdentityNetwork Devices and AAA Clients Identity 802.1x and Windows XPLocal Identity Store and Identity Store Monitoring and Troubleshooting ACS Configure 802.1xSequence Cisco Secure ACS View 802.1x and the Cisco Secure ServicesUsers and Identity Stores Monitoring and Debugging RADIUS Client (SSC)Internal Identity Store Authentication Configure 802.1x on the SSCExternal Identity Store Monitoring and Debugging RADIUS Configure 802.1x Single HostCertificate Profile Authorization Authentication on a Cisco SwitchInternal Identity Stores Monitoring and Debugging TACACS+ Single Host AuthenticationUsers Authentication Single Host Authentication CommandsGroups Monitoring and Debugging TACACS+ Cisco Sitch 802.1x Configuration ReviewHosts Authorization 802.1x TroubleshootingLDAP Overview Debugging TACACS+ Packets and ACS, Switch, and WindowsExternal Identity Stores: OpenLDAP Accounting TroubleshootingEnable LDAP Diagnostics Log ACS and Certificate Authority Windows XP and Switch Debug OutputExternal Identity Store with Active Directory Certificate-Based Authentication ACS Monitoring and Reports Interface with Active Directory Self-Signed Certificates ACS Operation ManagementDNS Considerations Third-Party Digital Certificates ACS Deployment StructureNTP Server Considerations History Local OperationsConsiderations of Authenticating Usernames Introduction Distributed System Managementwith Domains The Port Distributed Management OperationsMachine Access Restrictions (MAR) EAP Replication OverviewWindows 2008 Compatibility and Feature EAP-TLS Local OperationsSupport PEAP Log CollectorTesting Connectivity between ACS and AD 802.1x Policy Elements (RADIUS) Change PassGroup Names Differences in ACS 4.x and Overview ord Flow5.x Date and Time System Administration


Identity Store Sequences Custom AdministratorsPAP Authentication via Kerberos Authorization Profiles UsersAuthentication, Authorization, and Authorization: Downloadable ACL OperationsAccounting with TACACS+ Access Policies ConfigurationShell Profile Service Selection Rules DownloadsCommand Sets Access Services Access ServicesService Selection Rules IdentityDefault Device Admin: Authorization and 802.1x and Windows XP lineIdentity Configure 802.1x Secure Borderless Network ArchitectureMonitoring and Troubleshooting ACS 802.1x and the Cisco Secure Services Identity-Enabled Network Use CaseCisco Secure ACS View Client (SSC) Summary Monitoring and Debugging RADIUS Configure 802.1x on the SSC RADIUS BasicsAuthentication Configure 802.1x Single Host TACACS+ BasicsMonitoring and Debugging RADIUS Authentication on a Cisco Switch RADIUS vs. TACACS+Authorization Single Host Authentication ACS 5.2 OverviewMonitoring and Debugging TACACS+ Single Host Authentication Commands Hardware Platform SolutionsAuthentication Cisco Sitch 802.1x Configuration Review Software Platform SolutionsMonitoring and Debugging TACACS+ 802.1x Troubleshooting New, Changed, and Supported FeaturesAuthorization ACS, Switch, and Windows ACS 5.2 InstallationDebugging TACACS+ Packets and Troubleshooting Installation on the CSACS+ SeriesAccounting Windows XP and Switch Debug Output ApplianceACS and Certificate Authority ACS Monitoring and Reports Installation with VMware ESX ServerCertificate-Based Authentication ACS Operation Management Using Setup ScriptsSelf-Signed Certificates ACS Deployment Structure LicensingThird-Party Digital Certificates Local Operations ACS Attribute TypesHistory Distributed System Management Attribute DefinitionsIntroduction Distributed Management Operations Attribute Value TypesThe Port Replication Overview Predefined ValuesEAP Local Operations Attribute DictionariesEAP-TLS Log Collector Attribute AliasesPEAP Change Pass Availability of Attributes Based on Policy802.1x Policy Elements (RADIUS) ord Flow Adding Network Devices to ACSOverview System Administration Network ResourcesDate and Time Administrators Types of AAA ClientsCustom Users Network Device Groups: LocationAuthorization Profiles Operations Network Device Groups: Device TypeAuthorization: Downloadable ACL Configuration Network Devices and AAA ClientsAccess Policies Downloads Local Identity Store and Identity StoreService Selection Rules SequenceAccess Services Users and Identity StoresIdentity line Internal Identity Store802.1x and Windows XP Secure Borderless Network Architecture External Identity StoreConfigure 802.1x Identity-Enabled Network Use Case Certificate Profile802.1x and the Cisco Secure Services Client Summary Internal Identity Stores(SSC) RADIUS Basics UsersConfigure 802.1x on the SSC TACACS+ Basics GroupsConfigure 802.1x Single Host Authentication RADIUS vs. TACACS+ Hosts on a Cisco Switch ACS 5.2 Overview LDAP OverviewSingle Host Authentication Hardware Platform Solutions External Identity Stores: OpenLDAPSingle Host Authentication Commands Software Platform Solutions Enable LDAP Diagnostics LogCisco Sitch 802.1x Configuration Review New, Changed, and Supported Features External Identity Store with Active802.1x Troubleshooting ACS 5.2 Installation DirectoryACS, Switch, and Windows Troubleshooting Installation on the CSACS+ Series Interface with Active DirectoryWindows XP and Switch Debug Output Appliance DNS ConsiderationsACS Monitoring and Reports Installation with VMware ESX Server NTP Server ConsiderationsACS Operation Management Using Setup Scripts Considerations of AuthenticatingACS Deployment Structure Licensing Usernames with DomainsLocal Operations ACS Attribute Types Machine Access Restrictions (MAR)Distributed System Management Attribute Definitions Windows 2008 Compatibility and FeatureDistributed Management Operations Attribute Value Types SupportReplication Overview Predefined Values Testing Connectivity between ACS and ADLocal Operations Attribute Dictionaries Group Names Differences in ACS 4.x andLog Collector Attribute Aliases 5.xChange Pass Availability of Attributes Based on Policy Identity Store Sequencesord Flow Adding Network Devices to ACS PAP Authentication via KerberosSystem Administration Network Resources Authentication, Authorization, and


Administrators Types of AAA Clients Accounting with TACACS+Users Network Device Groups: Location Shell ProfileOperations Network Device Groups: Device Type Command Sets Access ServicesConfiguration Network Devices and AAA Clients Service Selection RulesDownloads Local Identity Store and Identity Store Default Device Admin: Authorization and

Sequence IdentityUsers and Identity Stores Monitoring and Troubleshooting ACS

line Internal Identity Store Cisco Secure ACS ViewSecure Borderless Network Architecture External Identity Store Monitoring and Debugging RADIUSIdentity-Enabled Network Use Case Certificate Profile AuthenticationSummary Internal Identity Stores Monitoring and Debugging RADIUSRADIUS Basics Users AuthorizationTACACS+ Basics Groups Monitoring and Debugging TACACS+RADIUS vs. TACACS+ Hosts AuthenticationACS 5.2 Overview LDAP Overview Monitoring and Debugging TACACS+Hardware Platform Solutions External Identity Stores: OpenLDAP AuthorizationSoftware Platform Solutions Enable LDAP Diagnostics Log Debugging TACACS+ Packets andNew, Changed, and Supported Features External Identity Store with Active AccountingACS 5.2 Installation Directory ACS and Certificate AuthorityInstallation on the CSACS+ Series Interface with Active Directory Certificate-Based AuthenticationAppliance DNS Considerations Self-Signed CertificatesInstallation with VMware ESX Server NTP Server Considerations Third-Party Digital Certificates Using Setup Scripts Considerations of Authenticating HistoryLicensing Usernames with Domains IntroductionACS Attribute Types Machine Access Restrictions (MAR) The PortAttribute Definitions Windows 2008 Compatibility and Feature EAPAttribute Value Types Support EAP-TLSPredefined Values Testing Connectivity between ACS and PEAPAttribute Dictionaries AD 802.1x Policy Elements (RADIUS)Attribute Aliases Group Names Differences in ACS 4.x OverviewAvailability of Attributes Based on Policy and 5.x Date and TimeAdding Network Devices to ACS Identity Store Sequences CustomNetwork Resources PAP Authentication via Kerberos Authorization ProfilesTypes of AAA Clients Authentication, Authorization, and Authorization: Downloadable ACLNetwork Device Groups: Location Accounting with TACACS+ Access PoliciesNetwork Device Groups: Device Type Shell Profile Service Selection RulesNetwork Devices and AAA Clients Command Sets Access Services Access ServicesLocal Identity Store and Identity Store Service Selection Rules IdentitySequence Default Device Admin: Authorization and 802.1x and Windows XPUsers and Identity Stores Identity Configure 802.1xInternal Identity Store Monitoring and Troubleshooting ACS 802.1x and the Cisco Secure ServicesExternal Identity Store Cisco Secure ACS View Client (SSC)Certificate Profile Monitoring and Debugging RADIUS Configure 802.1x on the SSCInternal Identity Stores Authentication Configure 802.1x Single HostUsers Monitoring and Debugging RADIUS Authentication on a Cisco SwitchGroups Authorization Single Host AuthenticationHosts Monitoring and Debugging TACACS+ Single Host Authentication CommandsLDAP Overview Authentication Cisco Sitch 802.1x Configuration ReviewExternal Identity Stores: OpenLDAP Monitoring and Debugging TACACS+ 802.1x TroubleshootingEnable LDAP Diagnostics Log Authorization ACS, Switch, and WindowsExternal Identity Store with Active Directory Debugging TACACS+ Packets and TroubleshootingInterface with Active Directory Accounting Windows XP and Switch Debug OutputDNS Considerations ACS and Certificate Authority ACS Monitoring and Reports NTP Server Considerations Certificate-Based Authentication ACS Operation ManagementConsiderations of Authenticating Usernames Self-Signed Certificates ACS Deployment Structurewith Domains Third-Party Digital Certificates Local OperationsMachine Access Restrictions (MAR) History Distributed System ManagementWindows 2008 Compatibility and Feature Introduction Distributed Management OperationsSupport The Port Replication OverviewTesting Connectivity between ACS and AD EAP Local OperationsGroup Names Differences in ACS 4.x and EAP-TLS Log Collector5.x PEAP Change PassIdentity Store Sequences 802.1x Policy Elements (RADIUS) ord FlowPAP Authentication via Kerberos Overview System AdministrationAuthentication, Authorization, and Date and Time AdministratorsAccounting with TACACS+ Custom Users


Shell Profile Authorization Profiles OperationsCommand Sets Access Services Authorization: Downloadable ACL ConfigurationService Selection Rules Access Policies DownloadsDefault Device Admin: Authorization and Service Selection RulesIdentity Access ServicesMonitoring and Troubleshooting ACS Identity lineCisco Secure ACS View 802.1x and Windows XP Secure Borderless Network ArchitectureMonitoring and Debugging RADIUS Configure 802.1x Identity-Enabled Network Use CaseAuthentication 802.1x and the Cisco Secure Services Summary Monitoring and Debugging RADIUS Client (SSC) RADIUS BasicsAuthorization Configure 802.1x on the SSC TACACS+ BasicsMonitoring and Debugging TACACS+ Configure 802.1x Single Host RADIUS vs. TACACS+Authentication Authentication on a Cisco Switch ACS 5.2 OverviewMonitoring and Debugging TACACS+ Single Host Authentication Hardware Platform SolutionsAuthorization Single Host Authentication Commands Software Platform SolutionsDebugging TACACS+ Packets and Cisco Sitch 802.1x Configuration Review New, Changed, and Supported FeaturesAccounting 802.1x Troubleshooting ACS 5.2 InstallationACS and Certificate Authority ACS, Switch, and Windows Installation on the CSACS+ SeriesCertificate-Based Authentication Troubleshooting ApplianceSelf-Signed Certificates Windows XP and Switch Debug Output Installation with VMware ESX ServerThird-Party Digital Certificates ACS Monitoring and Reports Using Setup ScriptsHistory ACS Operation Management LicensingIntroduction ACS Deployment Structure ACS Attribute TypesThe Port Local Operations Attribute DefinitionsEAP Distributed System Management Attribute Value TypesEAP-TLS Distributed Management Operations Predefined ValuesPEAP Replication Overview Attribute Dictionaries802.1x Policy Elements (RADIUS) Local Operations Attribute AliasesOverview Log Collector Availability of Attributes Based on PolicyDate and Time Change Pass Adding Network Devices to ACSCustom ord Flow Network ResourcesAuthorization Profiles System Administration Types of AAA ClientsAuthorization: Downloadable ACL Administrators Network Device Groups: LocationAccess Policies Users Network Device Groups: Device TypeService Selection Rules Operations Network Devices and AAA ClientsAccess Services Configuration Local Identity Store and Identity StoreIdentity Downloads Sequence802.1x and Windows XP Users and Identity StoresConfigure 802.1x Internal Identity Store802.1x and the Cisco Secure Services Client line External Identity Store(SSC) Secure Borderless Network Architecture Certificate ProfileConfigure 802.1x on the SSC Identity-Enabled Network Use Case Internal Identity StoresConfigure 802.1x Single Host Authentication Summary Userson a Cisco Switch RADIUS Basics GroupsSingle Host Authentication TACACS+ Basics Hosts Single Host Authentication Commands RADIUS vs. TACACS+ LDAP OverviewCisco Sitch 802.1x Configuration Review ACS 5.2 Overview External Identity Stores: OpenLDAP802.1x Troubleshooting Hardware Platform Solutions Enable LDAP Diagnostics LogACS, Switch, and Windows Troubleshooting Software Platform Solutions External Identity Store with ActiveWindows XP and Switch Debug Output New, Changed, and Supported Features DirectoryACS Monitoring and Reports ACS 5.2 Installation Interface with Active DirectoryACS Operation Management Installation on the CSACS+ Series DNS ConsiderationsACS Deployment Structure Appliance NTP Server ConsiderationsLocal Operations Installation with VMware ESX Server Considerations of AuthenticatingDistributed System Management Using Setup Scripts Usernames with DomainsDistributed Management Operations Licensing Machine Access Restrictions (MAR)Replication Overview ACS Attribute Types Windows 2008 Compatibility and FeatureLocal Operations Attribute Definitions SupportLog Collector Attribute Value Types Testing Connectivity between ACS and ADChange Pass Predefined Values Group Names Differences in ACS 4.x andord Flow Attribute Dictionaries 5.xSystem Administration Attribute Aliases Identity Store SequencesAdministrators Availability of Attributes Based on Policy PAP Authentication via KerberosUsers Adding Network Devices to ACS Authentication, Authorization, andOperations Network Resources Accounting with TACACS+Configuration Types of AAA Clients Shell Profile


Downloads Network Device Groups: Location Command Sets Access ServicesNetwork Device Groups: Device Type Service Selection RulesNetwork Devices and AAA Clients Default Device Admin: Authorization and

line Local Identity Store and Identity Store IdentitySecure Borderless Network Architecture Sequence Monitoring and Troubleshooting ACSIdentity-Enabled Network Use Case Users and Identity Stores Cisco Secure ACS ViewSummary Internal Identity Store Monitoring and Debugging RADIUSRADIUS Basics External Identity Store AuthenticationTACACS+ Basics Certificate Profile Monitoring and Debugging RADIUSRADIUS vs. TACACS+ Internal Identity Stores AuthorizationACS 5.2 Overview Users Monitoring and Debugging TACACS+Hardware Platform Solutions Groups AuthenticationSoftware Platform Solutions Hosts Monitoring and Debugging TACACS+New, Changed, and Supported Features LDAP Overview AuthorizationACS 5.2 Installation External Identity Stores: OpenLDAP Debugging TACACS+ Packets andInstallation on the CSACS+ Series Enable LDAP Diagnostics Log AccountingAppliance External Identity Store with Active ACS and Certificate AuthorityInstallation with VMware ESX Server Directory Certificate-Based AuthenticationUsing Setup Scripts Interface with Active Directory Self-Signed CertificatesLicensing DNS Considerations Third-Party Digital Certificates ACS Attribute Types NTP Server Considerations HistoryAttribute Definitions Considerations of Authenticating IntroductionAttribute Value Types Usernames with Domains The PortPredefined Values Machine Access Restrictions (MAR) EAPAttribute Dictionaries Windows 2008 Compatibility and Feature EAP-TLSAttribute Aliases Support PEAPAvailability of Attributes Based on Policy Testing Connectivity between ACS and 802.1x Policy Elements (RADIUS)Adding Network Devices to ACS AD OverviewNetwork Resources Group Names Differences in ACS 4.x Date and TimeTypes of AAA Clients and 5.x CustomNetwork Device Groups: Location Identity Store Sequences Authorization ProfilesNetwork Device Groups: Device Type PAP Authentication via Kerberos Authorization: Downloadable ACLNetwork Devices and AAA Clients Authentication, Authorization, and Access PoliciesLocal Identity Store and Identity Store Accounting with TACACS+ Service Selection RulesSequence Shell Profile Access ServicesUsers and Identity Stores Command Sets Access Services IdentityInternal Identity Store Service Selection Rules 802.1x and Windows XPExternal Identity Store Default Device Admin: Authorization and Configure 802.1xCertificate Profile Identity 802.1x and the Cisco Secure ServicesInternal Identity Stores Monitoring and Troubleshooting ACS Client (SSC)Users Cisco Secure ACS View Configure 802.1x on the SSCGroups Monitoring and Debugging RADIUS Configure 802.1x Single HostHosts Authentication Authentication on a Cisco SwitchLDAP Overview Monitoring and Debugging RADIUS Single Host AuthenticationExternal Identity Stores: OpenLDAP Authorization Single Host Authentication CommandsEnable LDAP Diagnostics Log Monitoring and Debugging TACACS+ Cisco Sitch 802.1x Configuration ReviewExternal Identity Store with Active Directory Authentication 802.1x TroubleshootingInterface with Active Directory Monitoring and Debugging TACACS+ ACS, Switch, and WindowsDNS Considerations Authorization TroubleshootingNTP Server Considerations Debugging TACACS+ Packets and Windows XP and Switch Debug OutputConsiderations of Authenticating Usernames Accounting ACS Monitoring and Reports with Domains ACS and Certificate Authority ACS Operation ManagementMachine Access Restrictions (MAR) Certificate-Based Authentication ACS Deployment StructureWindows 2008 Compatibility and Feature Self-Signed Certificates Local OperationsSupport Third-Party Digital Certificates Distributed System ManagementTesting Connectivity between ACS and AD History Distributed Management OperationsGroup Names Differences in ACS 4.x and Introduction Replication Overview5.x The Port Local OperationsIdentity Store Sequences EAP Log CollectorPAP Authentication via Kerberos EAP-TLS Change PassAuthentication, Authorization, and PEAP ord FlowAccounting with TACACS+ 802.1x Policy Elements (RADIUS) System AdministrationShell Profile Overview AdministratorsCommand Sets Access Services Date and Time UsersService Selection Rules Custom OperationsDefault Device Admin: Authorization and Authorization Profiles Configuration


Identity Authorization: Downloadable ACL DownloadsMonitoring and Troubleshooting ACS Access PoliciesCisco Secure ACS View Service Selection RulesMonitoring and Debugging RADIUS Access Services lineAuthentication Identity Secure Borderless Network ArchitectureMonitoring and Debugging RADIUS 802.1x and Windows XP Identity-Enabled Network Use CaseAuthorization Configure 802.1x Summary Monitoring and Debugging TACACS+ 802.1x and the Cisco Secure Services RADIUS BasicsAuthentication Client (SSC) TACACS+ BasicsMonitoring and Debugging TACACS+ Configure 802.1x on the SSC RADIUS vs. TACACS+Authorization Configure 802.1x Single Host ACS 5.2 OverviewDebugging TACACS+ Packets and Authentication on a Cisco Switch Hardware Platform SolutionsAccounting Single Host Authentication Software Platform SolutionsACS and Certificate Authority Single Host Authentication Commands New, Changed, and Supported FeaturesCertificate-Based Authentication Cisco Sitch 802.1x Configuration Review ACS 5.2 InstallationSelf-Signed Certificates 802.1x Troubleshooting Installation on the CSACS+ SeriesThird-Party Digital Certificates ACS, Switch, and Windows ApplianceHistory Troubleshooting Installation with VMware ESX ServerIntroduction Windows XP and Switch Debug Output Using Setup ScriptsThe Port ACS Monitoring and Reports LicensingEAP ACS Operation Management ACS Attribute TypesEAP-TLS ACS Deployment Structure Attribute DefinitionsPEAP Local Operations Attribute Value Types802.1x Policy Elements (RADIUS) Distributed System Management Predefined ValuesOverview Distributed Management Operations Attribute DictionariesDate and Time Replication Overview Attribute AliasesCustom Local Operations Availability of Attributes Based on PolicyAuthorization Profiles Log Collector Adding Network Devices to ACSAuthorization: Downloadable ACL Change Pass Network ResourcesAccess Policies ord Flow Types of AAA ClientsService Selection Rules System Administration Network Device Groups: LocationAccess Services Administrators Network Device Groups: Device TypeIdentity Users Network Devices and AAA Clients802.1x and Windows XP Operations Local Identity Store and Identity StoreConfigure 802.1x Configuration Sequence802.1x and the Cisco Secure Services Client Downloads Users and Identity Stores(SSC) Internal Identity StoreConfigure 802.1x on the SSC External Identity StoreConfigure 802.1x Single Host Authentication line Certificate Profileon a Cisco Switch Secure Borderless Network Architecture Internal Identity StoresSingle Host Authentication Identity-Enabled Network Use Case UsersSingle Host Authentication Commands Summary GroupsCisco Sitch 802.1x Configuration Review RADIUS Basics Hosts 802.1x Troubleshooting TACACS+ Basics LDAP OverviewACS, Switch, and Windows Troubleshooting RADIUS vs. TACACS+ External Identity Stores: OpenLDAPWindows XP and Switch Debug Output ACS 5.2 Overview Enable LDAP Diagnostics LogACS Monitoring and Reports Hardware Platform Solutions External Identity Store with ActiveACS Operation Management Software Platform Solutions DirectoryACS Deployment Structure New, Changed, and Supported Features Interface with Active DirectoryLocal Operations ACS 5.2 Installation DNS ConsiderationsDistributed System Management Installation on the CSACS+ Series NTP Server ConsiderationsDistributed Management Operations Appliance Considerations of AuthenticatingReplication Overview Installation with VMware ESX Server Usernames with DomainsLocal Operations Using Setup Scripts Machine Access Restrictions (MAR)Log Collector Licensing Windows 2008 Compatibility and FeatureChange Pass ACS Attribute Types Supportord Flow Attribute Definitions Testing Connectivity between ACS and ADSystem Administration Attribute Value Types Group Names Differences in ACS 4.x andAdministrators Predefined Values 5.xUsers Attribute Dictionaries Identity Store SequencesOperations Attribute Aliases PAP Authentication via KerberosConfiguration Availability of Attributes Based on Policy Authentication, Authorization, andDownloads Adding Network Devices to ACS Accounting with TACACS+

Network Resources Shell ProfileAdvanced ACS Configuration and Device Types of AAA Clients Command Sets Access ServicesManagement Network Device Groups: Location Service Selection Rules


line Network Device Groups: Device Type Default Device Admin: Authorization andExternal Identity Store with LDAP Network Devices and AAA Clients Identity

Local Identity Store and Identity Store Monitoring and Troubleshooting ACSSequence Cisco Secure ACS ViewUsers and Identity Stores Monitoring and Debugging RADIUSInternal Identity Store AuthenticationExternal Identity Store Monitoring and Debugging RADIUSCertificate Profile AuthorizationInternal Identity Stores Monitoring and Debugging TACACS+Users AuthenticationGroups Monitoring and Debugging TACACS+Hosts AuthorizationLDAP Overview Debugging TACACS+ Packets andExternal Identity Stores: OpenLDAP AccountingEnable LDAP Diagnostics Log ACS and Certificate AuthorityExternal Identity Store with Active Certificate-Based AuthenticationDirectory Self-Signed CertificatesInterface with Active Directory Third-Party Digital Certificates DNS Considerations HistoryNTP Server Considerations IntroductionConsiderations of Authenticating The PortUsernames with Domains EAPMachine Access Restrictions (MAR) EAP-TLSWindows 2008 Compatibility and Feature PEAPSupport 802.1x Policy Elements (RADIUS)Testing Connectivity between ACS and OverviewAD Date and TimeGroup Names Differences in ACS 4.x Customand 5.x Authorization ProfilesIdentity Store Sequences Authorization: Downloadable ACLPAP Authentication via Kerberos Access PoliciesAuthentication, Authorization, and Service Selection RulesAccounting with TACACS+ Access ServicesShell Profile IdentityCommand Sets Access Services 802.1x and Windows XPService Selection Rules Configure 802.1xDefault Device Admin: Authorization and 802.1x and the Cisco Secure ServicesIdentity Client (SSC)Monitoring and Troubleshooting ACS Configure 802.1x on the SSCCisco Secure ACS View Configure 802.1x Single HostMonitoring and Debugging RADIUS Authentication on a Cisco SwitchAuthentication Single Host AuthenticationMonitoring and Debugging RADIUS Single Host Authentication CommandsAuthorization Cisco Sitch 802.1x Configuration ReviewMonitoring and Debugging TACACS+ 802.1x TroubleshootingAuthentication ACS, Switch, and WindowsMonitoring and Debugging TACACS+ TroubleshootingAuthorization Windows XP and Switch Debug OutputDebugging TACACS+ Packets and ACS Monitoring and Reports Accounting ACS Operation ManagementACS and Certificate Authority ACS Deployment StructureCertificate-Based Authentication Local OperationsSelf-Signed Certificates Distributed System ManagementThird-Party Digital Certificates Distributed Management OperationsHistory Replication OverviewIntroduction Local OperationsThe Port Log CollectorEAP Change PassEAP-TLS ord FlowPEAP System Administration802.1x Policy Elements (RADIUS) AdministratorsOverview UsersDate and Time OperationsCustom ConfigurationAuthorization Profiles DownloadsAuthorization: Downloadable ACL


Access PoliciesService Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and Reports ACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem AdministrationAdministratorsUsersOperationsConfigurationDownloads

lineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummary RADIUS BasicsTACACS+ BasicsRADIUS vs. TACACS+ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS+ SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device Type


Network Devices and AAA ClientsLocal Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHosts LDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS andADGroup Names Differences in ACS 4.xand 5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS+Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS+AuthenticationMonitoring and Debugging TACACS+AuthorizationDebugging TACACS+ Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital Certificates HistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess Policies


Service Selection RulesAccess ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and Reports ACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem AdministrationAdministratorsUsersOperationsConfigurationDownloads

lineSecure Borderless Network ArchitectureIdentity-Enabled Network Use CaseSummary RADIUS BasicsTACACS+ BasicsRADIUS vs. TACACS+ACS 5.2 OverviewHardware Platform SolutionsSoftware Platform SolutionsNew, Changed, and Supported FeaturesACS 5.2 InstallationInstallation on the CSACS+ SeriesApplianceInstallation with VMware ESX ServerUsing Setup ScriptsLicensingACS Attribute TypesAttribute DefinitionsAttribute Value TypesPredefined ValuesAttribute DictionariesAttribute AliasesAvailability of Attributes Based on PolicyAdding Network Devices to ACSNetwork ResourcesTypes of AAA ClientsNetwork Device Groups: LocationNetwork Device Groups: Device TypeNetwork Devices and AAA Clients


Local Identity Store and Identity StoreSequenceUsers and Identity StoresInternal Identity StoreExternal Identity StoreCertificate ProfileInternal Identity StoresUsersGroupsHosts LDAP OverviewExternal Identity Stores: OpenLDAPEnable LDAP Diagnostics LogExternal Identity Store with ActiveDirectoryInterface with Active DirectoryDNS ConsiderationsNTP Server ConsiderationsConsiderations of AuthenticatingUsernames with DomainsMachine Access Restrictions (MAR)Windows 2008 Compatibility and FeatureSupportTesting Connectivity between ACS andADGroup Names Differences in ACS 4.xand 5.xIdentity Store SequencesPAP Authentication via KerberosAuthentication, Authorization, andAccounting with TACACS+Shell ProfileCommand Sets Access ServicesService Selection RulesDefault Device Admin: Authorization andIdentityMonitoring and Troubleshooting ACSCisco Secure ACS ViewMonitoring and Debugging RADIUSAuthenticationMonitoring and Debugging RADIUSAuthorizationMonitoring and Debugging TACACS+AuthenticationMonitoring and Debugging TACACS+AuthorizationDebugging TACACS+ Packets andAccountingACS and Certificate AuthorityCertificate-Based AuthenticationSelf-Signed CertificatesThird-Party Digital Certificates HistoryIntroductionThe PortEAPEAP-TLSPEAP802.1x Policy Elements (RADIUS)OverviewDate and TimeCustomAuthorization ProfilesAuthorization: Downloadable ACLAccess PoliciesService Selection Rules


Access ServicesIdentity802.1x and Windows XPConfigure 802.1x802.1x and the Cisco Secure ServicesClient (SSC)Configure 802.1x on the SSCConfigure 802.1x Single HostAuthentication on a Cisco SwitchSingle Host AuthenticationSingle Host Authentication CommandsCisco Sitch 802.1x Configuration Review802.1x TroubleshootingACS, Switch, and WindowsTroubleshootingWindows XP and Switch Debug OutputACS Monitoring and Reports ACS Operation ManagementACS Deployment StructureLocal OperationsDistributed System ManagementDistributed Management OperationsReplication OverviewLocal OperationsLog CollectorChange Passord FlowSystem AdministrationAdministratorsUsersOperationsConfigurationDownloads

Further Information:

For More information, or to book your course, please call us on 00 971 4 446 4987

[email protected]

www.globalknowledge.com/en-ae/

Global Knowledge, Dubai Knowledge Village, Block 2A,First Floor, Office F68, Dubai, UAE

http://www.globalknowledge.com/en-ae/

implementing cisco secure access control...

Documents