CISCO ACS: ACS is a policy-based security server that delivers standards-compliant authentication, authorization, and accounting (AAA) services to your network. ACS simplifies the administrative management of Cisco and non-Cisco devices and Apps.
The Enterprise Event Tracker supports Cisco ACS 4.0 and higher. It oversees event log management and includes file integrity monitoring, change review, configuration assessment, cloud integration, event correlation, and recordable media monitoring.
Cisco ACS logging
With Event Tracker Knowledge Pack for Cisco ACS, you can monitor: –
Operations – Syslog messages for various services, account operations (adding, deleting and changing users and groups) and system shutdown/restart.
Security – Suspicious network activity when changing user connection/authentication activity permissions (connect, disconnect)
Compliance – Policy configuration changes (delete & add).
Configuration process of Cisco ACS 5.4 as a RADIUS server
Step 1: Add users to the local user’s database on ACS. (for example, administrator and read-only user)
Step 2: Add a Gigamon device under Network devices and AAA clients.
Step 3: Create an “Authorization Profile” under Policy Elements> Authorization and Permissions> Network Access. An “authorization profile” is required for each user group. For example. Administrator and read-only groups.
NOTE: The attribute value is the exact name of the user set to Gigamon. For example. A read-only user (with a hyphen in between) is defined on the Gigamon.
Step 4: Create an access service under Access policies > Access services. It is a service that makes use of the “authorization profiles” created in the previous steps.
Step5: The PAP/ASCII authentication protocol should be select under Approved Protocols.
Step 6: Assign the RADIUS service to the access service created in step 4 under Service Selection Rules.
Step7: The service indicator should show a green dot if the service assignment from the previous step were successful.
Step 8: Select the user database that ACS will use. Select Internal Users if you are adding users locally to the ACS database in step 1.
Step 9: Link the “Shell Profile” created in the previous steps and the “User Group”.
Step 10: There should be one rule for each user group. And a default group that denies access to all other users in other groups.