Who should attend
HBFITES Cisco Secure Access Control System (ACS) Version 5.2 course is a 3 day immersion into designing, implementing and troubleshooting Cisco's Secure ACS Solution.
The primary audience for this course is as follows:
Security professionals, Security Architects, Security Engineers, and Network administrators re-sponsible for securing their networks to assure authorized access only by authenticated users, with accounting of their activities.
The secondary audience for this course is as follows:
Cisco channel partners who sell, implement, and maintain Cisco ACS Solutions
Cisco engineers who support the sale of Cisco ACS solutions
The knowledge and skills that a learner must have before attending this course are as follows:
Cisco Certified Network Associate (CCNA) certification or the equivalent in knowledge and expe-rience.
Working knowledge of the Microsoft Windows operating system.
Though not mandatory, students should also attend:
Implementing Cisco IOS Network Security (IINS) certification or the equivalent in knowledge and experience.
Upon completing the ACS 5.2 Course, you will be able to meet these overall objectives:
Understand how the RADIUS and TACACS+ protocols operate and what purpose they serve
Be familiar with all present ACS Solutions, including ACS Express, ACS Enterprise, ACS on VMware and Appliances like the CSACS-1120 Series and CSACS-1121 Series Appliances
Main Components of ACS
How to install ACS 5.2
How to use a Setup Script
How Licensing works with the ACS
Understand how Attributes, Value Types and Predefined Values are used
The different types of AAA Clients and how they access Network Resources and AAA Clients
How to work with a Local Identity Store & Identity Store Sequence
Understand Users and Identity Stores
Configure an External Identity Store with LDAP
The fundamentals of LDAP
How to setup LDAP SSL
How to set up an External Identity Store with Active Directory
How to perform Authentication - Command Authorization - Accounting with TACACS
How to monitor and Troubleshoot ACS (AAA with TACACS+)
Replacing digital certificates self-signed by ACS using a local Certificate Authority
Introduction to IEEE 802.1x and EAP – Extensible Authentication Protocol
802.1x and Windows XP
Single Host Authentication
802.1x – Single Host Authentication
This course teaches students how to provide secure access to network resources using the Cisco® Secure Access Control System (ACS) 5.2, interoperating with security features in Cisco’s IOS® Software. Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication, to restrict user access to networks, services, and devices; authorization, to restrict the functions users can perform on services and devices; and ac-counting, to track the activities of users. The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and 802.1x protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed restrictions. The course includes hands-on labs to provide personal experience in configuring Cisco ACS and Cisco network devices.
Students attending this course will be exposed to designing, implementing and troubleshooting “Triple A” services (authentication, authorization and accounting services) using Cisco’s ACS and IOS technology. The benefits of this course are to be found in its real-world approach, putting the students in the shoes of the consultant implementing these services. By the end of the course, students will feel like they didn’t just take a class, they participated in the design, deployment and management of an ACS 5.2 solution. Many engineers will benefit from this course when they use the implementation plan and checklists included in this course during their own projects.