Cisco Secure Access Control Server 4.2 For Windows
Cisco Secure Access Control Server (ACS) for Windows is an industry-leading, highly scalable access policy platform that supports comprehensive, identity-based network access control.
Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios including wireless LAN, 802.1x wired, and remote access. Cisco Secure ACS is the leading authentication, authorization, and accounting (AAA) platform in the market and is deployed by 90 percent of the top 500 Cisco customers.
Cisco Secure ACS 4.2 for Windows includes the following new features:
• Extensible Authentication Protocol (EAP) options:
– EAP-Flexible Authentication via Secure Tunneling (FAST) enhancement for anonymous Transport Layer Security (TLS) renegotiation: ACS allows an anonymous TLS handshake between the end-user client and ACS.
– EAP-FAST enhancement for invalid Protected Access Credentials (PAC): ACS provides an option to run EAP-FAST without issuing or accepting any tunnel or machine PAC when an invalid PAC is received.
– EAP-TLS with no PAC and no Active Directory processing: ACS supports EAP-FAST tunnel establishment without PAC and without client certificate lookup.
• Group filtering at the Network Access Profile (NAP) level with Lightweight Directory Access Protocol (LDAP): When using LDAP to query an external user data store, ACS capabilities have been extended to allow group filtering at the NAP level. Depending on the user’s external database group membership, ACS can either reject or accept access to the network based on the group filtering settings.
• RSA authentication with LDAP group mapping: ACS can authenticate with RSA and at the same time perform group mapping with LDAP. This option allows ACS to control authorization based on a user’s LDAP group membership.
• Active Directory multiforest support: ACS supports authentication in a multiforest environment.
• Time-based restrictions: ACS administrators may configure a user to be in an alternative group for a restricted period of time.
• Relational database management system (RDBMS) synchronization enhancements: ACS has programmatic interface additions for downloadable ACL synchronization. ACS for Windows also now supports comma-separated value (CSV)-based RDBMS synchronization.
• NetBIOS disabling: ACS for Windows allows NetBIOS to be disabled on the server it is running on.