Cisco ACS versus Microsoft IAS for Radius ?

Discussion in 'Cisco' started by TechGuy, Dec 3, 2004.

  1. TechGuy

    TechGuy Guest

    We are using all Cisco switches, routers and wireless lan access
    points. We are rolling out more wireless and looking to start using
    WPA for laptop wireless security. We need to decide on a radius
    server and personally I would prefer to use cisco ACS for radius
    purposes but I have to come up with some good selling points on why to
    go with Cisco ACS to handle radius versus just using the microsoft
    radius in IAS.

    Anyone have any good pros and cons for the two?
     
    TechGuy, Dec 3, 2004
    #1
    1. Advertising

  2. TechGuy

    John Smith Guest

    i can' t believe i'm about to say this, but the good thing about using MS's
    IAS is that you can just use a user's regular domain account for network
    wide authentication.. this is what I do for our aironet 1200's and it's what
    i'm going to start doing for mobile vpn users. It is not yet implemented
    for logging directly into Cisco equipment mainly b/c only a couple of people
    need to do that.
    the con is it can be a pain to set up. (it was for me anyway, since i had
    never done anything w/ IAS).
    here's the best link i found on setting up wireless IAS auth. should you
    decide to implement it..
    http://www.ifm.net.nz/cookbooks/wpa_sbs2003/index.html

    good luck...

    here's another link which contains a post about some guy ranting about how
    his companie's ccie's had trouble setting up wireless peap with MS radius...
    http://undeadly.org/cgi?action=article&sid=20041202192651 i just came
    across it today and thought it was funny...



    "TechGuy" <> wrote in message
    news:...
    > We are using all Cisco switches, routers and wireless lan access
    > points. We are rolling out more wireless and looking to start using
    > WPA for laptop wireless security. We need to decide on a radius
    > server and personally I would prefer to use cisco ACS for radius
    > purposes but I have to come up with some good selling points on why to
    > go with Cisco ACS to handle radius versus just using the microsoft
    > radius in IAS.
    >
    > Anyone have any good pros and cons for the two?
     
    John Smith, Dec 4, 2004
    #2
    1. Advertising

  3. TechGuy

    Rob Guest

    On the other hand, using ACS is brain dead simple. So I support the
    arguement for that. And it can in turn authenticate against ADS or
    the domain easily too.

    Use ACS 3.3

    -Robert



    On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:

    >We are using all Cisco switches, routers and wireless lan access
    >points. We are rolling out more wireless and looking to start using
    >WPA for laptop wireless security. We need to decide on a radius
    >server and personally I would prefer to use cisco ACS for radius
    >purposes but I have to come up with some good selling points on why to
    >go with Cisco ACS to handle radius versus just using the microsoft
    >radius in IAS.
    >
    >Anyone have any good pros and cons for the two?
     
    Rob, Dec 4, 2004
    #3
  4. TechGuy

    John Smith Guest

    i'd rather use acs as well... it's still hard to justify the $$ to
    management.
    which i guess was the whole purpose of this thread anyway.

    "Rob" <> wrote in message
    news:...
    > On the other hand, using ACS is brain dead simple. So I support the
    > arguement for that. And it can in turn authenticate against ADS or
    > the domain easily too.
    >
    > Use ACS 3.3
    >
    > -Robert
    >
    >
    >
    > On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:
    >
    >>We are using all Cisco switches, routers and wireless lan access
    >>points. We are rolling out more wireless and looking to start using
    >>WPA for laptop wireless security. We need to decide on a radius
    >>server and personally I would prefer to use cisco ACS for radius
    >>purposes but I have to come up with some good selling points on why to
    >>go with Cisco ACS to handle radius versus just using the microsoft
    >>radius in IAS.
    >>
    >>Anyone have any good pros and cons for the two?

    >
     
    John Smith, Dec 4, 2004
    #4
  5. TechGuy

    Rob Guest

    Did you make the mistake of telling management there was a cheaper
    alternative? Tisk, tisk. How did you get Cisco there in the first
    place? ;)




    On Sat, 4 Dec 2004 07:04:44 -0500, "John Smith"
    <> wrote:

    >i'd rather use acs as well... it's still hard to justify the $$ to
    >management.
    >which i guess was the whole purpose of this thread anyway.
    >
    >"Rob" <> wrote in message
    >news:...
    >> On the other hand, using ACS is brain dead simple. So I support the
    >> arguement for that. And it can in turn authenticate against ADS or
    >> the domain easily too.
    >>
    >> Use ACS 3.3
    >>
    >> -Robert
    >>
    >>
    >>
    >> On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:
    >>
    >>>We are using all Cisco switches, routers and wireless lan access
    >>>points. We are rolling out more wireless and looking to start using
    >>>WPA for laptop wireless security. We need to decide on a radius
    >>>server and personally I would prefer to use cisco ACS for radius
    >>>purposes but I have to come up with some good selling points on why to
    >>>go with Cisco ACS to handle radius versus just using the microsoft
    >>>radius in IAS.
    >>>
    >>>Anyone have any good pros and cons for the two?

    >>

    >
     
    Rob, Dec 4, 2004
    #5
  6. TechGuy

    TechGuy Guest

    Other then ease of use, is there any other functional reasons or
    limitations between the two? I have heard that there are some
    limitations with MS IAS but no one has confirmed what these are which
    is why I am asking.

    Are there some limits to the "free" IAS that comes with 2003 server ?
    I am not a server guy so I dont know, I just handle Cisco equipment
    and voip and I know that MS 2003 Server has or comes with some free
    radius service. And thus management would prefer if we use that so to
    save money. Understandable of course, but if there are some
    limitations to using it I need to find out so that we are not having
    to reinvent the wheel later down the road and switch to ACS anyway.



    Rob <> wrote in message news:<>...
    > On the other hand, using ACS is brain dead simple. So I support the
    > arguement for that. And it can in turn authenticate against ADS or
    > the domain easily too.
    >
    > Use ACS 3.3
    >
    > -Robert
    >
    >
    >
    > On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:
    >
    > >We are using all Cisco switches, routers and wireless lan access
    > >points. We are rolling out more wireless and looking to start using
    > >WPA for laptop wireless security. We need to decide on a radius
    > >server and personally I would prefer to use cisco ACS for radius
    > >purposes but I have to come up with some good selling points on why to
    > >go with Cisco ACS to handle radius versus just using the microsoft
    > >radius in IAS.
    > >
    > >Anyone have any good pros and cons for the two?
     
    TechGuy, Dec 4, 2004
    #6
  7. TechGuy

    Taran Singh Guest

    I tested ACS 3.3 and its very nice. Then I used the MS Radius from
    2003 server and i'll be honest: for the authentication of my VPN users
    against the active directory user list, it makes no difference. even
    the wireless ap's should be okay to use the ms radius. i personally
    have no compelling reasons to use acs 3.3 so i am going with ms radius
    since i have a fairly reliable system for it already.


    now to decide from a business perspective ... you need features from
    acs that ms cannot offer. if you write them down, and decide its exact
    need and you come to the conclusion that those requirements are
    necessary, then you need acs. if you decide that all the features you
    listed are "nice to have" but operationally do not mean anything then
    you dont need acs. also consider a 3+ year outlook plan. note that ms
    radius from 2003 server offers all the bells like LEAP/EAP auth, you
    name it, it has it.

    there you have it. list the features, write the reasons why u need
    them, then see if ms radius does them all. choice will then be easier.

    cheers, t.

    (TechGuy) wrote in message news:<>...
    > Other then ease of use, is there any other functional reasons or
    > limitations between the two? I have heard that there are some
    > limitations with MS IAS but no one has confirmed what these are which
    > is why I am asking.
    >
    > Are there some limits to the "free" IAS that comes with 2003 server ?
    > I am not a server guy so I dont know, I just handle Cisco equipment
    > and voip and I know that MS 2003 Server has or comes with some free
    > radius service. And thus management would prefer if we use that so to
    > save money. Understandable of course, but if there are some
    > limitations to using it I need to find out so that we are not having
    > to reinvent the wheel later down the road and switch to ACS anyway.
    >
    >
    >
    > Rob <> wrote in message news:<>...
    > > On the other hand, using ACS is brain dead simple. So I support the
    > > arguement for that. And it can in turn authenticate against ADS or
    > > the domain easily too.
    > >
    > > Use ACS 3.3
    > >
    > > -Robert
    > >
    > >
    > >
    > > On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:
    > >
    > > >We are using all Cisco switches, routers and wireless lan access
    > > >points. We are rolling out more wireless and looking to start using
    > > >WPA for laptop wireless security. We need to decide on a radius
    > > >server and personally I would prefer to use cisco ACS for radius
    > > >purposes but I have to come up with some good selling points on why to
    > > >go with Cisco ACS to handle radius versus just using the microsoft
    > > >radius in IAS.
    > > >
    > > >Anyone have any good pros and cons for the two?
     
    Taran Singh, Dec 5, 2004
    #7
  8. TechGuy

    John Smith Guest

    i've done alot w/ m$ servers but just minimal radius/cisco stuff w/ IAS...
    does IAS support accounting?

    "Taran Singh" <> wrote in message
    news:...
    >I tested ACS 3.3 and its very nice. Then I used the MS Radius from
    > 2003 server and i'll be honest: for the authentication of my VPN users
    > against the active directory user list, it makes no difference. even
    > the wireless ap's should be okay to use the ms radius. i personally
    > have no compelling reasons to use acs 3.3 so i am going with ms radius
    > since i have a fairly reliable system for it already.
    >
    >
    > now to decide from a business perspective ... you need features from
    > acs that ms cannot offer. if you write them down, and decide its exact
    > need and you come to the conclusion that those requirements are
    > necessary, then you need acs. if you decide that all the features you
    > listed are "nice to have" but operationally do not mean anything then
    > you dont need acs. also consider a 3+ year outlook plan. note that ms
    > radius from 2003 server offers all the bells like LEAP/EAP auth, you
    > name it, it has it.
    >
    > there you have it. list the features, write the reasons why u need
    > them, then see if ms radius does them all. choice will then be easier.
    >
    > cheers, t.
    >
    > (TechGuy) wrote in message
    > news:<>...
    >> Other then ease of use, is there any other functional reasons or
    >> limitations between the two? I have heard that there are some
    >> limitations with MS IAS but no one has confirmed what these are which
    >> is why I am asking.
    >>
    >> Are there some limits to the "free" IAS that comes with 2003 server ?
    >> I am not a server guy so I dont know, I just handle Cisco equipment
    >> and voip and I know that MS 2003 Server has or comes with some free
    >> radius service. And thus management would prefer if we use that so to
    >> save money. Understandable of course, but if there are some
    >> limitations to using it I need to find out so that we are not having
    >> to reinvent the wheel later down the road and switch to ACS anyway.
    >>
    >>
    >>
    >> Rob <> wrote in message
    >> news:<>...
    >> > On the other hand, using ACS is brain dead simple. So I support the
    >> > arguement for that. And it can in turn authenticate against ADS or
    >> > the domain easily too.
    >> >
    >> > Use ACS 3.3
    >> >
    >> > -Robert
    >> >
    >> >
    >> >
    >> > On 3 Dec 2004 13:13:43 -0800, (TechGuy) wrote:
    >> >
    >> > >We are using all Cisco switches, routers and wireless lan access
    >> > >points. We are rolling out more wireless and looking to start using
    >> > >WPA for laptop wireless security. We need to decide on a radius
    >> > >server and personally I would prefer to use cisco ACS for radius
    >> > >purposes but I have to come up with some good selling points on why to
    >> > >go with Cisco ACS to handle radius versus just using the microsoft
    >> > >radius in IAS.
    >> > >
    >> > >Anyone have any good pros and cons for the two?
     
    John Smith, Dec 5, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff
    Replies:
    2
    Views:
    1,946
  2. AdminKen

    Microsoft IAS Radius and session timeout setting

    AdminKen, Apr 4, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    4,263
    kapil [MSFT]
    Apr 7, 2005
  3. Newscene
    Replies:
    33
    Views:
    6,972
    Newscene
    May 3, 2004
  4. Peter Potamus the Purple Hippo

    Re: Mozilla versus IE versus Opera versus Safari

    Peter Potamus the Purple Hippo, May 8, 2008, in forum: Firefox
    Replies:
    0
    Views:
    884
    Peter Potamus the Purple Hippo
    May 8, 2008
  5. Giuen
    Replies:
    0
    Views:
    1,439
    Giuen
    Sep 12, 2008
Loading...

Share This Page