Cisco Systems 3.3 Manual De Usuario
Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
10-22
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Replication and EAP-FAST
The CiscoSecure Database Replication feature supports the replication of
EAP-FAST settings, Authority ID, and master keys. Replication of EAP-FAST
data occurs only if the following are true:
EAP-FAST settings, Authority ID, and master keys. Replication of EAP-FAST
data occurs only if the following are true:
•
On the Database Replication Setup page of the primary Cisco Secure ACS,
under Send, you have selected the EAP-FAST master keys and policies check
box.
under Send, you have selected the EAP-FAST master keys and policies check
box.
•
On the Global Authentication Setup page of the primary Cisco Secure ACS,
you have enabled EAP-FAST and selected the EAP-FAST master server
check box.
you have enabled EAP-FAST and selected the EAP-FAST master server
check box.
•
On the Database Replication Setup page of the secondary Cisco Secure ACS,
under Receive, you have selected the EAP-FAST master keys and policies
check box.
under Receive, you have selected the EAP-FAST master keys and policies
check box.
•
On the Global Authentication Setup page of the secondary Cisco Secure
ACS, you have enabled EAP-FAST and deselected the EAP-FAST master
server check box.
ACS, you have enabled EAP-FAST and deselected the EAP-FAST master
server check box.
EAP-FAST-related replication occurs for three events:
•
Generation of master keys—A primary Cisco Secure ACS sends newly
generated active and backup master keys to secondary Cisco Secure ACSes.
This occurs immediately after master key generation, provided that
replication is configured properly and is not affected by replication
scheduling on the Database Replication Setup page.
generated active and backup master keys to secondary Cisco Secure ACSes.
This occurs immediately after master key generation, provided that
replication is configured properly and is not affected by replication
scheduling on the Database Replication Setup page.
•
Manual replication—All EAP-FAST components that can be replicated are
replicated if you click Replicate Now on the Database Replication Setup page
of the primary Cisco Secure ACS. Some of the replicated components are
configurable in the HTML interface. Whether an EAP-FAST component is
replicated or configurable is detailed in
replicated if you click Replicate Now on the Database Replication Setup page
of the primary Cisco Secure ACS. Some of the replicated components are
configurable in the HTML interface. Whether an EAP-FAST component is
replicated or configurable is detailed in
.
Note
EAP-FAST replication is not included in scheduled replication
events.
events.
•
Changes to EAP-FAST settings—If, on a primary Cisco Secure ACS, you
change any EAP-FAST configurable components that are replicated,
Cisco Secure ACS begins EAP-FAST replication. Whether an EAP-FAST
component is replicated or configurable is detailed in
change any EAP-FAST configurable components that are replicated,
Cisco Secure ACS begins EAP-FAST replication. Whether an EAP-FAST
component is replicated or configurable is detailed in