Implementing Cisco Secure Access Control System

In this course, you will learn to provide secure access to network resources using the Cisco Secure Access Control System (ACS). You'll examine how the ACS has grown by leaps and bounds since 4.x., discover new features, and learn how the 4.x configurations map to 5.x configurations.

You will learn about the role and importance of ACS in Cisco TrustSec, whether TrustSec is deployed as an appliance-based overlay solution or as a network-integrated 802.1x solution. You will learn about user authentication and authorization, posture assessment, device profiling, guest access, data integrity and confidentiality, centralized policy, collaborative monitoring, troubleshooting, and reporting in Cisco TrustSec solutions.

All the labs on this course will be run on ACS v 5.4.

Czas trwania

3 dni

cena szkolenia netto

 Skontaktuj się z nami

Kod szkolenia

ACS

Profil uczestnika

Cisco channel partners who sell, implement, and maintain Cisco ACS solutions. Security professionals, architects, engineers and network administrators responsible for securing access to their networksby authenticated authorized users.

Agenda

Identity Management Solution

  • Identity Management Models
  • Secure Borderless Network Architecture
  • Identity-Enabled Network Use Case Summary

Product Overview and Initial Configuration

  • Overview of RADIUS and TACACS
  • ACS 5.2 Overview
  • ACS 5.2 Installation
  • ACS Attribute Types
  • Adding Network Devices to ACS
  • Local Identity Store and Identity Store Sequence

Advanced ACS Configuration and Device Management

  • External Identity Store with LDAP
  • External Identity Store with Active Directory
  • Authentication, Authorization, and Accounting with TACACS
  • Monitoring and Troubleshooting ACS
  • ACS and Certificate Authority

IEEE 802.1x with ACS 5.2

  • IEEE 802.1xOverview
  • 802.1x Policy Elements (RADIUS)
  • 802.1x and Windows XP
  • 802.1x and the Cisco Secure Services Client (SSC)
  • Configure 802.1x Single Host Authentication on a Cisco Switch

System Operations

  • Distributed Deployment
  • System Administration

Labs - Run on v5.4 software

  • Lab 2-1: Verify the Cisco Secure ACS Installation
  • Lab 2-2: Set Up AAA Clients in Cisco Secure ACS
  • Lab 2-3: User and Local Identity Store
  • Lab 3-1: Remote Identity Store (Active Directory)
  • Lab 3-2: Configure Command Authorization
  • Lab 3-3: Install a Certificate on the Cisco Secure ACS
  • Lab 4-1: Configure Basic 802.1X Authentication
  • Lab 4-2: Configure Advanced 802.1X Authentication
  • Lab 4-3: Configure 802.1X VLAN Assignments
  • Lab 4-4: 802.1X Troubleshooting
  • Lab 5-1: Distributed Deployment

Wymagane przygotowanie uczestników

  • CCNA Certification ICND1 plus ICND2 or CCNABC recommended
  • CCNA Security Certification IINS recommended but not mandatory
  • Working Knowledge of the Microsoft windows operating system

Zagadnienia

After you complete this course you will be able to:

  • Understand how the RADIUS and TACACS+ protocols operate and what purpose they serve.
  • Understand the current ACS solution offering, including ACS Express, ACS Enterprise, ACS on VMware, and appliances such as the CSACS-1120 Series and CSACS-1121 Series
  • Describe the major components of ACS
  • Determine the best installation practices for ACS
  • Configure the ACS from a default install
  • Understand the Licensing requirements of ACS and how licensing works.
  • Understand how attributes, value types, and predefined values are used
  • Work with a local identity store and identity store sequence
  • Understand users and identity stores
  • Configure an external identity store with LDAP
  • Understand the Fundamentals of LDAP
  • Set up LDAP SSL
  • Set up an external identity store with Active Directory
  • Perform AAA with TACACS+
  • Monitor and troubleshoot ACS (AAA with TACACS+)
  • Use a local certificate authority to replace digital certificates self-signed by ACS
  • Introduction to IEEE 802.1x and EAP
  • 802.1x using Windows XP, Windows 7, and AnyConnect 3.x supplicants
  • 802.1x single host authentication
  • 802.1x troubleshooting
  • Describethe Types of Authentication, Authorization, and Accounting (AAA) clients availalbeand how they access network resources and other AAA clients
Zapisz się