Cisco Cisco Cius Wi-Fi Design Guide
Cisco Cius Wireless Deployment Guide
21
If anonymous PAC provisioning is not allowed in the product wireless LAN environment then a staging Cisco ACS can be
setup for initial PAC provisioning of Cisco Cius.
This requires that the staging ACS server be setup as a slave EAP-FAST server and components are replicated from the product
master EAP-FAST server, which include user and group database and EAP-FAST master key and policy info.
Ensure the production master EAP-FAST ACS server is setup to send the EAP-FAST master keys and policies to the staging
slave EAP-FAST ACS server, which will then allow Cisco Cius to use the provisioned PAC in the production environment
where Allow anonymous in-band PAC provisioning is disabled.
When it is time to renew the PAC, then authenticated in-band PAC provisioning will be used, so ensure that Allow
authenticated in-band PAC provisioning is enabled.
Ensure that Cisco Cius has connected to the network during the grace period to ensure it can use its existing PAC created either
using the active or retired master key in order to get issued a new PAC.
Is recommended to only have the staging wireless LAN pointed to the staging ACS server and to disable the staging access
point radios when not being used.
master EAP-FAST server, which include user and group database and EAP-FAST master key and policy info.
Ensure the production master EAP-FAST ACS server is setup to send the EAP-FAST master keys and policies to the staging
slave EAP-FAST ACS server, which will then allow Cisco Cius to use the provisioned PAC in the production environment
where Allow anonymous in-band PAC provisioning is disabled.
When it is time to renew the PAC, then authenticated in-band PAC provisioning will be used, so ensure that Allow
authenticated in-band PAC provisioning is enabled.
Ensure that Cisco Cius has connected to the network during the grace period to ensure it can use its existing PAC created either
using the active or retired master key in order to get issued a new PAC.
Is recommended to only have the staging wireless LAN pointed to the staging ACS server and to disable the staging access
point radios when not being used.