Cisco Secure ACS paves the way for faster IT response

Romulus Global, Ltd. was contacted by a customer to implement Cisco Secure ACS  access control servers for authentication and authorization of administrative access to network equipment, and authentication of end-users through remote access VPN client connections.

Cisco ACS appliances were implemented rather than servers with ACS software installed.  This decision was discussed and agreed to by the customer because it reduced the administrative overhead.

Two Cisco ACS appliances were installed, one each in each of the 2 major campus locations.  The ACS servers were configured such that all changes are made to the primary ACS server and there is one-way replication to the backup ACS at a different location.   Multiple levels of administrative access were configured, as well as role-based administrative access  for several different administrators to different Network Device Groups.  In addition, ACS was integrated with Microsoft Active Directory so that all accounts for users and administrators are ultimately controled within Active Directory.

The customer now has command accounting and authorization, something not possible for administrative access when AAA was done using RADIUS.  Now that the accounting and capability for limited sets of privileged commands are possible, the customer has opened access for junior IT administrators to make common network changes such as port assignment to a Vlan and enabling of switchports.  This has improved the responsiveness of the customer's IT support and accelerated the pace of completion of IT tasks.

The implementation of Cisco Secure ACS servers has also paved the way for Cisco NAC Appliance implementation in the customer's environment.