Wednesday, December 9, 2009

Cisco ACS Express 5.0 - AAA Configuration

Homer SimpsonImage via Wikipedia

Doah!

I recently installed a new Cisco ACS Express appliance on my network. I had been told that this appliance is designed for small and medium sized businesses with a maximum of 350 users and 50 devices.

This ACS appliance is on a segmented, more secure, part of our network. So, these limitations were not a concern.

Then I start adding devices to the appliance. Authentication and accounting functionality worked just fine, with minimal issues. However, authorization capabilities would not work.

After a call to Cisco TAC, I was informed that some features deemed unnecessary for the SMB market are not supported on the ACS Express. This included authorization functionality.

Unfortunately, I was told that I would need to speak to my Cisco account management team to learn what other features have been disabled.

To me, it would seem sufficient to limit the number of devices and accounts, but not remove features. Even SMB's require the features that Cisco has determined are only used in large enterprises.

From a Q&A on the Cisco website, I found this explanation of Cisco ACS Express:
Cisco Secure ACS Express is well suited for deployments that need an access control solution for fewer than 350 users and 50 devices. This product is intended to serve small to medium-sized businesses, retail sites and enterprise branch offices where customers need an easy-to-use GUI yet require a comprehensive but simple feature set and a lower price point to address their specific deployment needs.
Interesting. But, I can't find the list identifying the 'simple feature set'. As soon as I do, I'll post it here.


*** Update ***

Through no configuration changes, or fault of our own, we were able to get authentication working. Do we have a buggy ACS appliance? I don't know. But, I'm scratching my head on why it just started working.

Anyway, I still want to know what features are deactivated, and why.

We'll see.
Reblog this post [with Zemanta]