Filter
Top Products
2-9
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Determining the Deployment Architecture
Figure 2-7 shows ACS installations in a geographically dispersed network that contains many WLANs.
Figure 2-7 ACS in a Geographically Dispersed WLAN
For the model in Figure 2-7, the location of ACS depends on whether all users need access on any AP,
or require only regional or local network access. Along with database type, these factors control whether
local or regional ACSs are required, and how database continuity is maintained. In this very large
deployment model (over 50,000 users), security becomes a more complicated issue, too.
Additional Considerations for Deploying ACS in a WLAN Environment
You should also consider the following when deploying ACS in a WLAN environment, consider if:
• Wireless is secondary to wired access, using a remote ACS as a secondary system is acceptable.
• Wireless is the primary means of access, put a primary ACS in each LAN.
• The customer uses ACS for user configuration, data replication is critical.
Dial-up Access Topology
Until recently, dial-up access was the most prevalent method for providing remote access to network
resources. However, DSL access and access through VPNs have largely replaced dial-up access through
modems.
ACS is still used in some LAN environments to provide security for dial-up access. You can provide
dial-up access for a small LAN or for a large dial-in LAN.
Small Dial-Up Network Access
In the small LAN environment, see Figure 2-8, network architects typically place a single ACS internal
to the AAA client, which a firewall and the AAA client protect from outside access. In this environment,
the user database is usually small; because, few devices require access to the ACS for authentication,
authorization and accounting (AAA), and any database replication is limited to a secondary ACS as a
backup.
I
63491