WiFi Edge

For many years, I have been using Cisco Secure ACS in production and also while teaching security and WiFi classes. ACS provides both RADIUS and TACACS+ AAA (authentication, authorization, accounting). It can be used to authenticate WiFi users, authenticate and authorize IOS router/switch administrators, bind to LDAP servers, authenticate with RSA SecureID tokens and much more.

As of version 5.0, Cisco Secure ACS has been totally rewritten. It is available as a closed and hardened Linux-based appliance or as a software-only application and operating system image for VMWare ESX. It no longer runs on Windows Server. You are probably aware that specific hardware is required to run VMWare ESX and it must be listed on VMWare’s HCL (hardware compatibility list).

But what if your goal is to educate yourself about ACS 5 without investing in a server ? Or you might want to install ACS 5 on a laptop for testing / portability purposes. In the next few paragraphs, I explain how to install ACS 5.2 in VMWare Workstation 7.1 and also on VMWare Fusion 1.3. Bear in mind that Cisco TAC will not support your ACS installation if it does not meet specific VMWare ESX requirements.

 

Download ACS from CCO

First, you need to download ACS 5.2 ISO image from Cisco:

http://www.cisco.com/cisco/software/navigator.html

Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.2

You can either burn it to a DVD or install directly from it. See notes below.

 

VMWare Workstation 7 - VM Configuration Tasks

• VMWare WS 7.2 > File > New Virtual Machine
• At the Welcome Wizard, choose Custom (advanced) radio button
• At the Hardware Compatibility choose Workstation 6.5-7.x
• Guest Operating System Installation: select <I will install the operating system later> radio button

NOTE: if you decide to install from the ISO image, do not select this option now, wait until later. Otherwise, VMWare picks the <Easy Install> path and will not install ACS properly.

• Select a Guest Operating System: select <Linux> radio button then select <Other Linux 2.6x kernel> from pulldown list
• Name the Virtual Machine: give it a meaningful name
• Processor Configuration: select 2 processors
• Memory for the Virtual Machine: select 4 GB
• Network Type: select <Use bridged networking> radio button
• Select I/O Controller Types: select LSI Logic
• Select a Disk: Create a new virtual disk
• Select a Disk Type: SCSI
• Maximum Disk Capacity: Maximum disk size 60 GB, Split virtual disk into multiple files
• Specify Disk File: leave this as default, click next then click Finish

NOTE: if you plan to install directly from the ISO image click on Edit virtual machine settings, select the CD/DVD (IDE) option, select the <Use ISO image file> radio button and browse to your ACS 5.2 image, OK

• Power ON your new VM

 

VMWare Fusion 3.1 - VM Configuration Tasks

• File > New
• Option-1 Insert your ACS 5.2 bootable DVD disc, then select the <Install this operating system> radio button
• Option-2 if you wish to install directly from the ACS ISO image file, choose <Continue without disc>  Then select <Use operating system installation disc image file> radio button and browse to your ISO file. Choose Operating System: OS: Linux version: CentOS
• Linux Easy Install : uncheck <Use Easy Install>
• Click on Customize Settings button and provide a name to your new VM e.g., ACS52.vmwarevm
• From your settings screen provide the following configuration:
  • 2 processor cores and 4096 MB RAM
  • Hard Disk: 60 GB
  • Network: Connect directly to the physical network (Bridged)
• Power ON your new VM

 

Cisco Secure ACS 5.2 Install

The rest of the procedure is common for both VMWare Workstation 7.1 and VMWare Fusion 1.3: After you power on the VM, a welcome screen will display.

• At the <Welcome To Cisco Secure ACS 5.2 Recovery screen>, choose the following option:
  [1] Cisco Secure ACS Installation (Keyboard/Monitor)

You will notice several CentOS Linux package installation steps, this should last around 10 minutes. Time for coffee break.

• After system reboot, at the login screen, type <setup> without the angle brackets
• Next, provide your hostname, ip address, mask, default gateway, domain suffix, DNS server IP, username and password
• ACS applications and ACS will install, this should take another 10 mins.
• At the login prompt, enter your username/password chosen in above step and issue the following command:

show application status acs

you should see something like:

ACS role: PRIMARY

Process 'database'                  running
Process 'management'                running
Process 'runtime'                   running
Process 'view-database'             running
Process 'view-jobmanager'           running
Process 'view-alertmanager'         running
Process 'view-collector'            running
Process 'view-logprocessor'         running

If not, give it some time and try again.

• Next, you can login from the Web interface as follows:

https://your-acs-IP/acsadmin

•  
  • Provide the default web administrator username and password: ACSAdmin / default
  • You will get prompted to change your password

 

You are now all set !!

 

References

Release Notes for the Cisco Secure Access Control System 5.2

Installing ACS in a VMware Virtual Machine

User Guide for the Cisco Secure Access Control System 5.2

CLI Reference Guide for Cisco Secure Access Control System 5.2

AAA Configuration Examples Wiki for IOS, FWSM, PIX