Cisco Cisco Prime Network 3.8 Leaflet
White Paper
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
TACACS Device Access Control with Cisco Active Network
Abstraction
Abstraction
Executive Summary
Cisco
®
Active Network Abstraction (ANA) is an extensible and scalable product suite that resides between the
network elements and OSS management applications, providing unified end-to-end service-level management for
service provider and large enterprise networks. Terminal Access Controller Access Control System Plus (TACACS+)
is a widely used protocol for device authentication, authorization, and accounting (AAA) control. Cisco Secure
Access Control Server (ACS) is a high-performance access control server that operates as a centralized TACACS+
or RADIUS server.
This white paper describes the recommended device AAA configuration in an environment where Cisco ANA
manages devices that are configured for AAA with TACACS+. It maintains complete AAA for both Cisco ANA and
the managed devices without incurring significant additional load to the TACACS+ server.
Cisco Active Network Abstraction
Cisco Active Network Abstraction (ANA) is an extensible and scalable product suite enabling a unified management
system that delivers true, end-to-end, service-level management of service provider and large enterprise networks. It
is a virtualized management layer that resides between the network elements and OSS management applications,
mediating communications among them. Managing the network through this virtualized network model enables
tighter integration of subscriber-generated services for greater automation and control. The Cisco ANA approach
scales directly alongside the real network, allowing operators to view and manage the complexities of multiple
services and millions of customers in a multi-technology, multi-vendor network. Cisco ANA is part of the next-
generation management system for the Cisco IP NGN architecture.
TACACS+ and Cisco Secure Access Control Server
Terminal Access Controller Access Control System Plus (TACACS+) is a widely used protocol that provides access
control for routers, network access servers and other networked computing devices. Cisco Secure Access Control
Server (ACS) is a high-performance access control server that operates as a centralized TACACS+ or RADIUS
server. It extends access security by combining authentication, user access, and administrator access with policy
control within a centralized identity networking solution. It enforces a uniform security policy for all users regardless
of how they access the network. Cisco Secure ACS centralizes the control of all user privileges and distributes them
to the managed devices throughout the network. It also provides detailed reporting and monitoring capabilities of
network users' behavior and keeps a record of every access connection and device configuration change across the
entire network.
Cisco ANA Managing Devices Configured For TACACS+
TACACS+ server, as part of Cisco Secure ACS, provides powerful authentication, authorization, and accounting
capabilities to network administrators. It provides initial authentication when users log in to the network devices,
authorization at the granularity of the command-line interface (CLI) level, and detailed logging capabilities that
facilitate accounting for network devices. TACACS+ can handle multiple users accessing the devices
simultaneously.