Cisco Secure Access Control Server (ACS)

Cisco Secure ACS provided policy-based authentication, authorization, and accounting (AAA) for users and administrators who were accessing network devices and services. It acted as a central RADIUS/TACACS+ authority with directory integration (e.g., Microsoft Active Directory/LDAP) and was commonly deployed for 802.1X, VPN, and device-admin command authorization. The product line is retired.

Key Capabilities

  • AAA server (RADIUS & TACACS+): Core policy engine for user/device authentication, authorization, and accounting; supported device-admin command authorization via TACACS+.

  • Network access control use cases: Centralized policies for wired/wireless 802.1X and remote/VPN access (RADIUS).

  • Device administration: Fine-grained command sets/roles for administrators on network gear (TACACS+).

  • Directory integration: External identity stores such as Active Directory and LDAP for group/attribute-based policy.

Limitations

  • Lifecycle/EOL: **End-of-Sale: **Aug 30, 2017; End-of-Support: Aug 31, 2022. Active deployments should plan/complete migration to Cisco ISE.

  • Not an IdP for web apps: ACS is a RADIUS/TACACS+ AAA platform and not a SAML/OIDC identity provider, so it does not issue modern web tokens for app SSO.

  • On-prem/agented architecture: Designed for appliance/VM deployment and network-device agents; lacks cloud-native management and modern API-first patterns compared to successors.

  • Version fragmentation: Multiple branches (e.g., ACS 4.x Windows, 5.x appliance/VM) with differing capabilities; older Windows edition reached EoS Oct 27, 2011 (EoSupport Oct 31, 2014).

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales