Network Training - Course Details

ACS52-CSACS ACS 5.2 - Cisco Secure Access Control System

Network Training Course Description:
In this course, you will learn to provide secure access to network resourcesusing the Cisco Secure Access Control System (ACS) 5.2. You'll examine how theACS has grown by leaps and bounds since 4.x., discover new features, and learnhow the 4.x configurations map to 5.x configurations. You will also get a lookinto future ACS technologies. You will learn about the role and importance of ACS in Cisco TrustSec, whetherTrustSec is deployed as an appliance-based overlay solution or as anetwork-integrated 802.1X solution. You will learn about user authentication andauthorization, posture assessment, device profiling, guest access, dataintegrity and confidentiality, centralized policy, collaborative monitoring,troubleshooting, and reporting in Cisco TrustSec solutions.
Network Training Course Duration:
3 DAYS
Network Training Course Target Audience:
Security professionals, architects, and engineers and networkadministrators responsible for securing their networks to assure authorizedaccess only by authenticated users, with accounting of their activities,Cisco channel partners who sell, implement, and maintain Cisco ACSsolutions,Cisco ACS solutions sales engineers
Network Training Course Prerequisite:
CCNA certification or the equivalent knowledge and experience,Working knowledge of Microsoft Windows,CCNA Security certification or the equivalent knowledge and experience isrecommended
Course Content:

  • 1. Identity Management Solution

    • Identity Management Models
    • Secure Borderless Network Architecture
    • Identity-Enabled Network Use Case Summary

  • 2. Product Overview and Initial Configuration

3. Advanced ACS Configuration and Device Management

  • External Identity Store with LDAP
    • LDAP Overview
    • External Identity Stores: OpenLDAP
    • Enable LDAP Diagnostics Log
  • External Identity Store with Active Directory
    • Interface with Active Directory
    • DNS Considerations
    • NTP Server Considerations
    • Considerations of Authenticating Usernames with Domains
    • Machine Access Restrictions (MAR)
    • Windows 2008 Compatibility and Feature Support
    • Testing Connectivity between ACS and AD
    • Group Names Differences in ACS 4.x and 5.x
    • Identity Store Sequences
    • PAP Authentication via Kerberos
  • Authentication, Authorization, and Accounting with TACACS+
    • Shell Profile
    • Command Sets
    • Access Services
    • Service Selection Rules
    • Default Device Admin: Authorization and Identity
  • Monitoring and Troubleshooting ACS
    • Cisco Secure ACS View
    • Monitoring and Debugging RADIUS Authentication
    • Monitoring and Debugging RADIUS Authorization
    • Monitoring and Debugging TACACS+ Authentication
    • Monitoring and Debugging TACACS+ Authorization
    • Debugging TACACS+ Packets and Accounting
  • ACS and Certificate Authority
    • Certificate-Based Authentication
    • Self-Signed Certificates
    • Third-Party Digital Certificates

4. IEEE 802.1X with ACS 5.2

  • IEEE 802.1X
    • History
    • Introduction
    • The Port
    • EAP
    • EAP-TLS
    • PEAP
  • 802.1X Policy Elements (RADIUS)
    • Date and Time
    • Custom
    • Authorization Profiles
    • Authorization: Downloadable ACL
    • Access Policies
      • Service Selection Rules
      • Access Services
      • Identity
  • 802.1X and Windows XP
    • Configure 802.1X
  • 802.1X and the Cisco Secure Services Client (SSC)
    • Configure 802.1X on the SSC
  • Configure 802.1X Single Host Authentication on a Cisco Switch
    • Single Host Authentication
    • Single Host Authentication Commands
    • Cisco Switch 802.1X Configuration Review
    • 802.1X Troubleshooting
    • ACS, Switch, and Windows Troubleshooting
    • Windows XP and Switch Debug Output
    • ACS Monitoring and Reports

5. System Operations

  • Distributed Deployment
    • ACS Operation Management
    • ACS Deployment Structure
    • Local Operations
    • Distributed System Management
    • Distributed Management Operations
    • Replication
    • Local Operations
    • Log Collector
    • Change Password Flow
  • System Administration
    • Administrators
    • Users
    • Operations
    • Configuration
    • Downloads

Lab 0: Remote Lab Familiarity

Lab 1: Verify the Cisco Secure ACS Installation

Lab 2: Set Up AAA Clients in Cisco Secure ACS

Lab 3: User and Local Identity Store

Lab 4: External Identity Store (Active Directory)

Lab 5: Configure Command Authorization

Lab 6: Install a Certificate on the Secure ACS Server

Lab 7: Configure Basic 802.1X Authorization

Lab 8: Configure Advanced 802.1X Authorization

Lab 9: Configure 802.1X VLAN Assignments

Lab 10: Troubleshoot

Lab 11: Distributed Deployment