Cisco Systems CSACS3415K9 Manual De Usuario
10-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 10 Managing Access Policies
Configuring Access Services
Configuring Access Service Allowed Protocols
The allowed protocols are the second part of access service creation. Access service definitions contain
general and allowed protocol information. When you duplicate and edit services, the Access Service
properties page contains tabs.
general and allowed protocol information. When you duplicate and edit services, the Access Service
properties page contains tabs.
Step 1
Select Access Policies > Access Services, then click:
•
Create to create a new access service, then click Next to go to the Allowed Protocols screen.
•
Duplicate to duplicate an access service, then click Next to go to the Allowed Protocols screen.
•
Edit to edit an access service, then click Next to go to the Allowed Protocols screen.
Step 2
Complete the fields as shown in
:
Table 10-7
Access Service Properties—Allowed Protocols Page
Option
Description
Process Host Lookup
Check to configure ACS to process the Host Lookup field (for example, when the RADIUS
Service-Type equals 10) and use the System UserName attribute from the RADIUS
Calling-Station-ID attribute.
Service-Type equals 10) and use the System UserName attribute from the RADIUS
Calling-Station-ID attribute.
Uncheck for ACS to ignore the Host Lookup request and use the original value of the system
UserName attribute for authentication and authorization. When unchecked, message processing
is according to the protocol (for example, PAP).
UserName attribute for authentication and authorization. When unchecked, message processing
is according to the protocol (for example, PAP).
Authentication Protocols
Allow PAP/ASCII
Enables PAP/ASCII. PAP uses clear-text passwords (that is, unencrypted passwords) and is the
least secure authentication protocol.
least secure authentication protocol.
When you check Allow PAP/ASCII, you can check Detect PAP as Host Lookup to configure
ACS to detect this type of request as a Host Lookup (instead of PAP) request in the network access
service.
ACS to detect this type of request as a Host Lookup (instead of PAP) request in the network access
service.
Allow CHAP
Enables CHAP authentication. CHAP uses a challenge-response mechanism with password
encryption. CHAP does not work with the Windows Active Directory.
encryption. CHAP does not work with the Windows Active Directory.
Allow MS-CHAPv1
Enables MS-CHAPv1.
Allow MSCHAPv2
Enables MSCHAPv2.
Allow EAP-MD5
Enables EAP-based Message Digest 5 hashed authentication.
When you check Allow EAP-MD5, you can check Detect EAP-MD5 as Host Lookup to
configure ACS to detect this type of request as a Host Lookup (instead of EAP-MD5) request in
the network access service.
configure ACS to detect this type of request as a Host Lookup (instead of EAP-MD5) request in
the network access service.