ACS v5.2 - Cisco Secure Access Control System

Security
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

This course teaches students how to provide secure access to network resources by using the Cisco Secure Access Control System (ACS) version 5.2, which interoperates with security features in Cisco IOS Software.

Students will gain a thorough understanding of the operation of the Cisco Secure ACS to control access to network services and devices. Course subjects include the principles of authentication (identifying users and devices in order to control access to networks, services, and devices), authorization (restricting the functions that users can perform on services and devices) and accounting (to track the activities of users). The RADIUS, TACACS+, Extensible Authentication Protocol (EAP), and IEEE 802.1X protocols are discussed in theory and practice as the basis of network security. Specific methods and configurations are shown that can be used in your production networks to achieve targeted and detailed control objectives. The course includes hands-on labs to provide direct experience in configuring Cisco Secure ACS and Cisco network devices.

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

  • Windows 7 or 8.1 or 10 is recommended. Mac OSX 10.6 or greater is supported as well.
  • Intel Celeron or better processors are preferred.
  • 1 GB or more of RAM
  • Browser Requirements: Internet Explorer 10 or greater or Mozilla Firefox. (Safari and Mozilla Firefox for Mac OSX)
  • All students are required to have administrator rights to their PCs and cannot be logged in to a domain using any Group Policies that will limit their machine's capabilities.
  • If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Cisco Any Connect Client.
  • If you are participating in a WebEx event, it is highly recommended to take this class at a location that has bandwidth speeds at a minimum of 1 Mbps bandwidth speeds.

Objectives

Upon completing this course, you will be able to meet these objectives:

  • Describe the RADIUS and TACACS+ protocols
  • Compare and contrast the various ACS solutions: ACS Express, Enterprise, ACS on VMware, Cisco Secure ACS -1120 Series and Cisco Secure ACS -1121
  • List the main components of Cisco Secure ACS
  • Install Cisco Secure ACS v5.2
  • Use a setup script during Cisco Secure ACS install
  • Describe how licensing works with the Cisco Secure ACS
  • Understand attributes, value types, and values
  • Configure the different types of AAA clients
  • Access network resources and AAA clients
  • Configure local identity store and identity store sequence
  • Understand users and identity stores
  • Configure an external identity store with Lightweight Directory Access Protocol (LDAP)
  • Describe the fundamentals of LDAP
  • Set up of external identity store with active directory
  • Perform authentication, command authorization, and accounting with TACACS
  • Monitor and Troubleshoot Cisco Secure ACS
  • Configure and troubleshoot digital certificates self-signed by Cisco Secure ACS using local certificate authority (CA)
  • Describe and configure IEEE 802.1X and EAP
  • Configure Cisco Secure ACS environments with IEEE 802.1X and Windows XP clients
  • Configure IEEE 802.1X for Single Host Authentication
  • Troubleshoot IEEE 802.1X

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • Cisco Certified Network Associate (CCNA) certification or the equivalent in knowledge and experience
  • Working knowledge of the Microsoft Windows operating system

Though it is not mandatory, students should also have the following training:

  • Implementing Cisco IOS Network Security (IINS) or the equivalent in knowledge and experience

Outline

  • Module 1: Identity Management Solution Overview
  • Module 2: Product Overview and Initial Configuration
  • Module 3: Advanced Cisco Secure ACS Configuration and Device Management
  • Module 4: IEEE 802.1x with Cisco Secure ACS v5.2
  • Module 5: System Operations