Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

4-23

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 4 Common Scenarios Using ACS

ACS and Cisco Security Group Access

Related Topics

• VPN Remote Network Access, page 4-20

• Supported Authentication Protocols, page 4-21

• Supported Identity Stores, page 4-21

• Supported VPN Network Access Servers, page 4-22

• Supported VPN Clients, page 4-22

• Configuring VPN Remote Access Service, page 4-22

ACS and Cisco Security Group Access

Note ACS requires an additional feature license to enable Security Group Access capabilities.

Cisco Security Group Access, hereafter referred to as Security Group Access, is a new security

architecture for Cisco products. You can use Security Group Access to create a trustworthy network

fabric that provides confidentiality, message authentication, integrity, and antireplay protection on

network traffic.

Security Group Access requires that all network devices have an established identity, and must be

authenticated and authorized before they start operating in the network. This precaution prevents the

attachment of rogue network devices in a secure network.

Until now, ACS authenticated only users and hosts to grant them access to the network. With Security

Group Access, ACS also authenticates devices such as routers and switches by using a name and

password. Any device with a Network Interface Card (NIC) must authenticate itself or stay out of the

trusted network.

Security is improved and device management is simplified since devices can be identified by their name

rather than IP address.

Note The Cisco Catalyst 6500 running Cisco IOS 12.2(33) SXI and DataCenter 3.0 (Nexus 7000) NX-OS

4.0.3 devices support Security Group Access. The Cisco Catalyst 6500 supports Security Group Tags

(SGTs); however, it does not support Security Group Access Control Lists (SGACLs) in this release.

To configure ACS for Security Group Access:

1. Add users.

This is the general task to add users in ACS and is not specific to Security Group Access. Choose

Users and Identity Stores > Internal Identity Store > Users and click Create. See Creating

Internal Users, page 8-11, for more information.

2. Adding Devices for Security Group Access.

3. Creating Security Groups.

4. Creating SGACLs.

5. Configuring an NDAC Policy.

previous next