AAA protocols Cisco Secure ACS 5.

2 supports two distinct protocols for authentication, authorization, and accounting (AAA). Cisco Secure ACS 5.2 supports RADI S for networ! access control and "ACACS# for networ! de$ice access control. Cisco Secure ACS is a single s%ste& for enforcing access polic% across the networ! as well as networ! de$ice configuration and change &anage&ent as re'uired for standards co&pliance such as (CI co&pliance. Data)ase options Cisco Secure ACS 5.2 supports an integrated user repositor% in addition to supporting integration with e*isting e*ternal identit% repositories such as +indows Acti$e Director% and ,DA(. -ultiple data)ases can )e used concurrentl% for &a*i&u& fle*i)ilit% in enforcing access polic%. Authentication protocols Cisco Secure ACS 5.2 supports a wide range of authentication protocols including (A(, -S.C/A(, 0*tensi)le Authentication (rotocol (0A().-D5, (rotected 0A( ((0A(), 0A(.1le*i)le Authentication $ia Secure "unneling (1AS"), and 0A(."ransport ,a%er Securit% (",S) to support %our authentication re'uire&ents. Access policies Cisco Secure ACS 5.2 supports a rules.)ased, attri)ute.dri$en polic% &odel that pro$ides greatl% increased power and fle*i)ilit% for access control policies that &a% include authentication protocol re'uire&ents, de$ice restrictions, ti&e of da% restrictions, posture $alidation, and other access re'uire&ents. Cisco Secure ACS &a% appl% downloada)le access control lists (dAC,s), 2,A3 assign&ents, and other authorization para&eters. Centralized &anage&ent Cisco Secure ACS 5.2 supports a co&pletel% redesigned lightweight, we).)ased 4 I that is eas% to use. An efficient, incre&ental replication sche&e 'uic!l% propagates changes fro& pri&ar% to secondar% s%ste&s pro$iding centralized control o$er distri)uted deplo%&ents. Software upgrades are also &anaged through the 4 I and can )e

distri)uted )% the pri&ar% s%ste& to secondar% instances. -onitoring and trou)leshooting Cisco Secure ACS 5.2 includes an integrated &onitoring, reporting, and trou)leshooting co&ponent that is accessi)le through the we).)ased 4 I. "his tool pro$ides &a*i&u& $isi)ilit% into configured policies and authentication and authorization acti$ities across the networ!. ,ogs are $iewa)le and e*porta)le for use in other s%ste&s as well.