Filter
Top Products
2-5
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 2 Deploying Cisco Secure ACS
Basic Deployment Factors for Cisco Secure ACS
• Administrative Access Policy, page 2-14
• Database, page 2-17
• Network Speed and Reliability, page 2-18
Network Topology
How the enterprise network is configured is likely to be the single most important
factor in deciding how to deploy Cisco Secure ACS. While an exhaustive
treatment of this topic is beyond the scope of this guide, this section details how
the growth of network topology options has made Cisco Secure ACS deployment
decisions more complex.
When AAA was first considered, network access was restricted to either devices
directly connected to the LAN or remote devices gaining access via modem.
Today, enterprise networks can be very complex and, thanks to tunneling
technologies, can be widely geographically dispersed.
Dial-Up Topology
In the traditional model of dial-up access (a PPP connection), a user employing a
modem or ISDN connection is granted access to an intranet via a network access
server (NAS) functioning as a AAA client. Users may be able to connect via only
a single AAA client as in a small business, or have the option of numerous
geographically dispersed AAA clients.
In the small LAN environment, see Figure 2-1 on page 2-6, network architects
typically place a single Cisco Secure ACS internal to the AAA client, protected
from outside access by means of a firewall and the AAA client. In this
environment, the user database is usually small, there are few devices that require
access to the Cisco Secure ACS for AAA, and any database replication is limited
to a secondary Cisco Secure ACS as a backup.