Cisco Minor Release update for ACS 4.2 CSACS4.2-WIN-MR-K9 Hoja De Datos
Los códigos de productos
CSACS4.2-WIN-MR-K9
Product Bulletin
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Cisco Secure Access Control Server 4.2 for Windows
Product Overview
Cisco
®
Secure Access Control Server (ACS) for Windows is an industry-leading, highly scalable
access policy platform that supports comprehensive, identity-based network access control. Cisco
Secure ACS provides central management of access policies for both network access and device
administration and supports a wide range of access scenarios including wireless LAN, 802.1x
wired, and remote access. Cisco Secure ACS is the leading authentication, authorization, and
accounting (AAA) platform in the market and is deployed by 90 percent of the top 500 Cisco
customers.
Cisco Secure ACS is available as the Cisco Secure ACS for Windows software kit or as Cisco
Secure ACS Solution Engine — a 1-rack-unit (1RU), security-hardened appliance with a
preinstalled Cisco Secure ACS license. For more information on Cisco Secure ACS Solution
Engine 4.2, please refer to the data sheet and the product bulletin at:
http://www.cisco.com/en/US/products/sw/secursw/ps5338/index.html
New Features
Cisco Secure ACS 4.2 for Windows includes the following new features:
●
Extensible Authentication Protocol (EAP) options:
◦
EAP-Flexible Authentication via Secure Tunneling (FAST) enhancement for anonymous
Transport Layer Security (TLS) renegotiation: ACS allows an anonymous TLS
handshake between the end-user client and ACS.
◦
EAP-FAST enhancement for invalid Protected Access Credentials (PAC): ACS provides
an option to run EAP-FAST without issuing or accepting any tunnel or machine PAC
when an invalid PAC is received.
◦
EAP-TLS with no PAC and no Active Directory processing: ACS supports EAP-FAST
tunnel establishment without PAC and without client certificate lookup.
●
Group filtering at the Network Access Profile (NAP) level with Lightweight Directory Access
Protocol (LDAP): When using LDAP to query an external user data store, ACS capabilities
have been extended to allow group filtering at the NAP level. Depending on the user’s
external database group membership, ACS can either reject or accept access to the
network based on the group filtering settings.
●
RSA authentication with LDAP group mapping: ACS can authenticate with RSA and at the
same time perform group mapping with LDAP. This option allows ACS to control
authorization based on a user's LDAP group membership.
●
Active Directory multiforest support: ACS supports authentication in a multiforest
environment.
●
Time-based restrictions: ACS administrators may configure a user to be in an alternative
group for a restricted period of time.
●
Relational database management system (RDBMS) synchronization enhancements: ACS
has programmatic interface additions for downloadable ACL synchronization. ACS for