CCIE Study Notes

One of the most frustrating things about the blueprint is that it really doesn't specify which versions of these devices and software will be on the exam. Fair or not, it is what it is. This section deals with ACS - which is something you should be familiar with on some level. If you've never been the person in charge of administering the ACS, you are going to want to know this to that level. I highly recommend the AAA Identity Management Security book. INE also has quite a few videos on ACS and its configuration. And that's probably going to be a good place to start, but the book actually covers ACS 4.2 and ACS 5.1. While we're talking about versions - depending on the version of ISE, it may or may not support TACACS.

The AAA book has a good review of RADIUS and TACACS+ which is good for reinforcement. Know the difference between a rule-based and group-based policy model. Know the platforms available for 4.2 and 5.1. Version 4.2 has ACS for Windows and the ACS appliance (a customized version of Windows 2003). Version 5.1 has the ACS appliance running on a Linux-based platform and ACS on a VMware server. I doubt there are going to be licensing questions, but it is worth noting that there is an add-on license for TrustSec.

You are definitely going to want to know the GUI interface and the various menu items. Know your internal and external identity stores. Know your reports and alarms. If someone is authenticated via ACS (either TACACS+ or RADIUS) - know how to find the log information that shows what happened. Be able to find this info for both ACS and ISE. The thing that might be important is to know when, why and how ACS integrates with AD for AAA.

With all the juicy targets in section 5, it could be that you just get one (or none) question on ACS. If you read the AAA book and watch the INE videos on this, you should be fine with any questions that might arise.