Archive for December 7th, 2009

#Day 17,18 – ACS Study

Posted by TacAck in 90 Day countdown on December 7th, 2009

Right!

I spent Saturday and today working on my least favourite topic : ACS! Now that i’m done with it..here are some of the things i’ve realized :

  • Cisco needs to definitely improve it’s documentation on the ACS. There’s very little stuff out there for ACS configuration scenarios
  • There are not many books to teach you how to configure the ACS for many tasks
  • All said and done, most of the configuration scenarios on the ACS are pretty *easy.

* – Easy if you know how the ACS works, impossibly hard if you don’t.

This was how i studied this topic ,

  • On Saturday ( Day # 17 ) , i spent time going through this book called ” Cisco Access Control Security: AAA Administration Services ” by Brandon Carroll.
    • It’s a great book for starters and i would DEFINITELY recommend it to anyone who’s trying to learn all about the ACS and it’s under-pinnings from scratch.
    • It’s got a great section on the technologies like TACACS+ , RADIUS , etc and it slowly evolves into more complex scenarios like RBAC , etc.
    • Since this was the first time i was learning the ACS, the last thing i wanted to do is to go too-deep , too-fast. So i skimmed through most of the topics, focussing on the fundamentals.
    • I spent about 6 hours on this and i can say that at the end of the 6 hours . i had a fair idea about how everything fits together.
    • I thought of making notes on the ACS, but i decided against it later as they would be really hard to do ( and time-consuming ).
  • On Monday ( Day # 18 ), i went through the ACS User guides.
    • This is found in the DocCD and was suggested by @davidhwest.
    • You could directly start reading this instead of the book, but i would suggest atleast reading the first few chapters of the book before you started this. ( Basically to understand TACACS+ , RADIUS better)
    • They provide configuration examples for many scenarios ( some of which are not covered in the AAA book ).
    • I would suggest going through this baby atleast once, ‘coz this is what we would have access to in the CCIE-sec lab.

On Sunday morning, i had a rack session scheduled and i practiced the “Identity Management” Vol 1 Workbook from INE. This would be my second go at this workbook , but now with my newly-found knowledge of the ACS, everything made a lot more sense :)

The activity for Tuesday would be to Read and understand NAC! For this i’ll be using 2 resources. Firstly, i’m thinking of reading through the NAC chapter in Yusuf Bhaiji’s book. Secondly, i’m going to go through the NAC sections present in the “ACS User guides”.

I’m feeling a bit lazy this morning, so i might just skip to the User guides for NAC! :P

Cheers,

TacACK.

No Comments