Table Of Contents

Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS Appliance
version 3.2

Supported and Interoperable
Devices and Software Tables for Cisco Secure ACS Appliance
version 3.2

---

Revised: March 18, 2004

Because the number of devices that Cisco Secure ACS Appliance version 3.2 interoperates with runs into the hundreds, this device list differs significantly from those of other Cisco products with which you may be familiar. This document lists supported devices and software, that is, those that we have tested against. However, this document also lists devices and software programs that are, to the best of our knowledge, interoperable. Of the hundreds of devices and software programs that Cisco Secure ACS Appliance version 3.2 interoperates with, Cisco officially supports only those that have been tested.

For details regarding other limitations and known problems see Release Notes for CiscoSecure Access Control Server Appliance Version 3.2. On Cisco.com, you can find the latest version all documentation by selecting Products & Services > Security and VPN Software  > Cisco Secure Access Control Server Appliance > Technical Documentation.

With regard to third-party RADIUS and TACACS+ clients, Cisco Secure ACS Appliance fully interoperates with devices that adhere to the governing protocols. Also, support for RADIUS and TACACS+ functions depends on device-specific implementation. On a given device, TACACS+ may not be available for user authentication and authorization. Likewise, RADIUS may not be available for administrative authentication and authorization.

For RADIUS these include the following RFCs:

• RFC 2138 - Remote Authentication Dial In User Service (RADIUS)

• RFC 2139 - RADIUS Accounting

• RFC 2865 - Remote Authentication Dial In User Service (RADIUS)

• RFC 2866 - RADIUS Accounting

• RFC 2867 - RADIUS Accounting for Tunnel Protocol Support

• RFC 2868 - RADIUS Attributes for Tunnel Protocol Support

• RFC 2869 - RADIUS Extensions

For details regarding the implementation of vendor-specific attributes (VSAs), see User Guide for Cisco Secure ACS Appliance Version 3.2.

Cisco Secure ACS Appliance conforms to the TACACS+ protocol as defined by Cisco Systems in draft 1.77.

The following tables show the devices and software that Cisco Secure ACS Appliance supports or with which it interoperates:

• Table 1, Web Browsers

• Table 2, Device Operating Systems

• Table 3, Routers

• Table 4, Access Devices/Universal Gateways

• Table 5, Cable Devices

• Table 6, Content Networking Devices

• Table 7, Security and VPN Devices

• Table 8, Storage Networking Devices

• Table 9, Switches

• Table 10, Cisco Aironet Software (Access Points for Wireless LAN)

• Table 11, CiscoWorks VMS

• Table 12, PKI/Certificate Servers

• Table 13, Token Servers

• Table 14, LDAP Servers

• Table 15, User Databases

• Table 16, Proxy Support

You can find information about new device support at Cisco.com, http://www.cisco.com.

To ensure full capabilities, the clients you deploy to interoperate with Cisco Secure ACS Appliance should use the most recent operating systems available. Nonetheless, Table 2 provides details on the minimum acceptable client operating system versions.

Table 1 Web Browsers¹

Program	Versions	Notes
Microsoft Internet Explorer	Version 6.0 with Service Pack 1 for Microsoft Windows—English Language version	Tested
Netscape Communicator	Version 7.0 for Microsoft Windows - English Language version Version 7.0 for Solaris 2.7- English Language version	Tested Tested

1 To use a web browser to access the Cisco Secure ACS HTML interface, you must enable both Java and JavaScript in the browser. Also, you must disable HTTP proxy in the browser.

Table 2 Device Operating Systems

Operating System	Minimum Version	Notes
IOS	11.2	For full RADIUS support
CAT OS	7.2	Cisco products—and other third-party products that are RFC compliant—will work with Cisco Secure ACS even when running earlier versions of CAT OS. However, full functionality, including the 802.1x VLAN assignment, is supported only when the listed version is used.

Table 3 Routers 

Series	Notes
Cisco 1400	End of life (EOL) status
Cisco 1600	RADIUS and TACACS+ interoperability
Cisco 1700	Tested with IOS 12.2(8) RADIUS and TACACS+ interoperability
Cisco 2500	EOL status
Cisco 2600	RADIUS and TACACS+ interoperability
Cisco 3600	RADIUS and TACACS+ interoperability
Cisco 3700	Tested with IOS 12.2 RADIUS and TACACS+ interoperability
Cisco 7100	RADIUS and TACACS+ interoperability
Cisco 7200	Tested with IOS 12.2 RADIUS and TACACS+ interoperability
Cisco 7300	RADIUS and TACACS+ interoperability
Cisco7400	RADIUS and TACACS+ interoperability
Cisco 7500	RADIUS and TACACS+ interoperability
Cisco 10000	RADIUS interoperability
Cisco 10720	RADIUS and TACACS+ interoperability

Table 4 Access Devices/Universal Gateways

Series	Notes
6400 Series	RADIUS and TACACS+ interoperability
AS5350 Series	RADIUS and TACACS+ interoperability
AS5400 Series	Tested with IOS12.2(7c) RADIUS and TACACS+ interoperability
AS5850 Series	RADIUS and TACACS+ interoperability
DSL Series / 6015, 6100, 6130, 6160, 6260	RADIUS and TACACS+ interoperability
MGX Series / 8220, 8250, 8800, 8950	TACACS+ interoperability

Table 5 Cable Devices

Devices	Notes
uBR7100	Tested with IOS 12.2BC RADIUS and TACACS+ interoperability
uBR7200	EOL status TACACS+ interoperability

Table 6 Content Networking Devices 

Series / Devices	Notes
CE7300 / CE 7320	Tested with ACNS 4.2 RADIUS and TACACS+ interoperability
CDM4600 / CDM4630, CDM4650	RADIUS and TACACS+ interoperability
4400 Content Routers/ CR4430	Tested with ACNS 4.2 RADIUS and TACACS+ interoperability

Table 7 Security and VPN Devices

Series / Devices	Notes
3000 Series Concentrator / 3005, 3015, 3030, 3060, 3080	Tested with 3015 RADIUS and TACACS+ interoperability
PIX 500 Series Firewall / 501, 506E, 515, 515E, 525, 535	Tested with 515 and PIX OS v6.3 RADIUS and TACACS+ interoperability
5000 Series Concentrator	EOL status

Table 8 Storage Networking Devices

Series	Devices Supported	Notes
MDS 9000	MDS 9216, MDS9509	RADIUS interoperability (TACACS+ support in future release)

Table 9 Switches 

Series / Devices	Notes
Catalyst 2950/3550	Tested with 3550 and IOS 12.1(12)EA1 RADIUS and TACACS+ interoperability
Catalyst 4000/4500	Tested with Cat4503, CatOS 7.5, and IOS 12.1 RADIUS and TACACS+ interoperability
Catalyst 5000	EOL status
Catalyst 6500	Tested with CatOS 7.5, and IOS 12.1 RADIUS and TACACS+ interoperability

Table 10 Cisco Aironet Software (Access Points for Wireless LAN)

Series	Notes
350	RADIUS interoperability
AP1100	RADIUS interoperability
AP1200	Tested with Aironet 11.23 RADIUS interoperability

Table 11 CiscoWorks VMS

Series	Devices Supported	Notes
IOS/Router MC	Version 1.1	TACACS+ interoperability
PIX MC	Version 1.1	Tested with VMS2.1 TACACS+ interoperability
IDS MC	Version 1.1	TACACS+ interoperability
LMS	—	TACACS+ interoperability (future release)
HSE	Version 1.7	TACACS+ interoperability
WLSE	—	TACACS+ interoperability (future release)

Table 12 PKI/Certificate Servers 

Platform	Versions	Notes
Microsoft CA Certificate Server	Windows 2000 Windows 2000 with SP3	Tested
Entrust PKI	Version 6.0	—
Verisign Onsite	Version 5.0	—

Table 13 Token Servers¹

Platform	Versions	Client Requirement	Notes
ActivCard Server	Version 3.1	—	—
CRYPTOCard CRYPTOAdmin	Version 5.16	—	—
PassGo Defender	Version 4.1.3	—	—
RSA ACE/Server	Version 5.1	—	Tested
Safeword Premier Access	Version 31.	—	—
Vasco Vacman Server	Version 6.0.2	—	—

1 Cisco Secure ACS Appliance uses a RADIUS interface to support all token servers.

Table 14 LDAP Servers

Platform	Versions	Notes
SunONE Identity Server (Formerly iPlanet Directory)	Version 5.1	Tested with Windows 2000 Active Directory with Windows Service Pack 3
Novell NetWare Directory Services (NDS)	Version 6.0	Tested
Novell eDirectory	Version 8.6	Tested

Table 15 User Databases¹  

Platform	Version	Requirement
AD on Windows 2003	—	—
AD on Windows 2000	—	—
SAM on Windows 2000	—	Tested with Service Pack 3
SAM on Windows NT 4.0	—	—
LDAP	Generic	—
Novell NetWare Directory Services (NDS)	Version 6.0	Tested with eDirectory v.8.6 and Novell Client 4.83 SP2 for Windows NT 4.0, Windows 2000, and Windows XP
LEAP Proxy RADIUS servers	—	—

1 See also Table 13.

Table 16 Proxy Support

Platform	Versions	Notes
Cisco Secure ACS	2.4 or later	—
Funk Steel Belted Radius	Enterprise Edition	—

Posted: Thu Mar 18 07:23:03 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.