Cisco Systems CSACS3415K9 Manual De Usuario
10-18
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 10 Managing Access Policies
Configuring Access Services
Allow EAP-FAST
Enables the EAP-FAST authentication protocol and EAP-FAST settings. The EAP-FAST
protocol can support multiple internal protocols on the same server. The default inner method is
MSCHAPv2.
protocol can support multiple internal protocols on the same server. The default inner method is
MSCHAPv2.
When you check Allow EAP-FAST, you can configure EAP-FAST inner methods:
•
Allow EAP-MSCHAPv2
–
Allow Password Change—Check for ACS to support password changes in phase zero and
phase two of EAP-FAST.
phase two of EAP-FAST.
–
Retry Attempts—Specifies how many times ACS requests user credentials before
returning login failure. Valid values are 1-3.
returning login failure. Valid values are 1-3.
•
Allow EAP-GTC
–
Allow Password Change—Check for ACS to support password changes in phase zero and
phase two of EAP-FAST.
phase two of EAP-FAST.
–
Retry Attempts—Specifies how many times ACS requests user credentials before
returning login failure. Valid values are 1-3.
returning login failure. Valid values are 1-3.
•
Allow TLS-Renegotiation—Check for ACS to support TLS-Renegotiation. This option
allows an anonymous TLS handshake between the end-user client and ACS. EAP-MS-CHAP
will be used as the only inner method in phase zero.
allows an anonymous TLS handshake between the end-user client and ACS. EAP-MS-CHAP
will be used as the only inner method in phase zero.
•
Use PACs—Choose to configure ACS to provision authorization PACs for EAP-FAST
clients. Additional
clients. Additional
appear.
•
Don’t use PACs—Choose to configure ACS to use EAP-FAST without issuing or accepting
any tunnel or machine PACs. All requests for PACs are ignored and ACS responds with a
Success-TLV without a PAC.
any tunnel or machine PACs. All requests for PACs are ignored and ACS responds with a
Success-TLV without a PAC.
When you choose this option, you can configure ACS to perform machine authentication.
Table 10-7
Access Service Properties—Allowed Protocols Page (continued)
Option
Description