Cisco Systems CSACS3415K9 Manual De Usuario

4-6

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter 4 Common Scenarios Using ACS

Password-Based Network Access

Note

During password-based access (or certificate-based access), the user is not only authenticated but also
authorized according to the ACS configuration. And if NAS sends accounting requests, the user is also
accounted.

ACS supports the following password-based authentication methods:

•

Plain RADIUS password authentication methods

–

RADIUS-PAP

–

RADIUS-CHAP

–

RADIUS-MSCHAPv1

–

RADIUS-MSCHAPv2

•

RADIUS EAP-based password authentication methods

–

PEAP-MSCHAPv2

–

PEAP-GTC

–

EAP-FAST-MSCHAPv2

–

EAP-FAST-GTC

–

EAP-MD5

–

LEAP

You must choose the authentication method based on the following factors:

•

The network access server—Wireless access points, 802.1X authenticating switches, VPN servers,
and so on.

•

The client computer and software—EAP supplicant, VPN client, and so on.

•

The identity store that is used to authenticate the user—Internal or External (AD, LDAP, RSA token
server, or RADIUS identity server).

Related Topics

•

Authentication in ACS 5.4, page B-1

•

Password-Based Network Access Configuration Flow, page 4-7

•

Network Devices and AAA Clients, page 7-5

•

Managing Access Policies, page 10-1