Cisco – ACS 5.4 erschienen

Posted: 24th Oktober 2012 by Helge in ACS, Cisco
Tags: , , , ,

Neue Version des ACS 5.4 steht zur Verfügung. Hier ein paar Informationen dazu:

What’s New in ACS 5.4 Release
ACS 5.4 software release has the following new features and enhancements:

  • TACACS+ based device admin over IPv6
  • HTTPS/SSH based ACS admin access over IPv6
  • Support ACS on VMware installations with any hard disk space from 60 GB to 750 GB.
  • Support up to 4 Ethernet interfaces for AAA requests
  • Capability to connect different nodes (instances) in an ACS cluster to a different (single) AD domain
  • Ability to perform the AD configuration, join, and leave operations separately.
  • Policy-based authentication (via internal DB, AD & LDAP) and authorization (roles & permissions) of ACS Admins
  • API for Create/Read/Update/Delete operations on Network Devices, Network Device Groups and Internal Hosts
  • Online Certificate Status Protocol (OCSP) used to check the validity status of x.509 digital certificates
  • Display Copyright Banner before and after Admin login via GUI and CLI (each banner can be edited independently)
  • Support for VMware Tools
  • Official support for up to 20 instances in a single ACS cluster
  • Monitor ACS adclient and NTP daemon processes; so that they are automatically restarted if they hang or crash
  • Session resumption support for stateless EAP-TLS session and ticket extension as described in RFC 5077
  • Support for crypto-binding TLV extension in MS PEAP
  • Support account expiry (disablement) date per individual user for users in ACS internal database
  • Support max # of concurrent user sessions per group and per user basis
  • Capability to add or update (rewrite) RADIUS attributes within AAA requests sent to RADIUS proxy server
  • Synchronization of MAR cache among all or a group of ACS instances in a cluster
  • Add Common Name (CN) as a new member attribute for LDAP users in addition to Distinguished Name (DN)
  • Support password change by users authenticated against LDAP server via TACACS+, ASCII/PAP and EAP-GTC
  • Certificate Issuer field in Certificate Dictionary available for use in all ACS policy rules
  • Authenticated NTP support in addition to existing non-authenticated NTP mode
  • Support certificate name constraint extensions with following field attributes: Directory Name, URL, Email, DNS
  • Allow Read Only Admins to run “show run”, “show app status acs”, and “show timezones” CLI commands
  • New CLI commands to support IPv6 addresses: “ping”, “traceroute”, “show ipv6 route” ipv6 route”, “ipv6 address”
  • New CLI commands to troubleshoot AD connectivity issues: “adinfo”, “adcheck”, “ldapsearch”
  • Support automated periodic database compression
  • Ability to adjust system clock rate and kernel flags for VMware optimization
  • Ability to generate reports based on events between “Start” and “End” timestamps
  • Link (Release Notes): Release Notes ACS 5.4
    Link (Data Sheet): Data Sheet ACS 5.4
    Link (FAQ): FAQ ACS 5.4
    Link (User Guide) User Guide ACS 5.4
    Link (Install & Upgrade): Install and Upgrade Guide ACS 5.4
    Link (CLI Guide): CLI Reference Guide ACS 5.4
    Link (Migration Guide): Migration Guide ACS 5.4
    Link (Software Developer Guide): Software Developer Guide ACS 5.4
    Link (SDT Guide): SDT Guide ACS 5.4