Cisco Systems CSACS3415K9 Manuel D’Utilisation
4-11
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 4 Common Scenarios Using ACS
Certificate-Based Network Access
You can create custom conditions to use the certificate’s attributes as a policy condition. See
, for details.
Step 5
Create an access service. See
, for more information.
Step 6
In the Allowed Protocols Page, choose EAP-TLS or PEAP (EAP-TLS) as inner method.
Step 7
Configure identity and authorization policies for the access service. See
, for details.
Note
When you create rules for the identity policy, the result may be the Certificate Authentication
Profile or an Identity Sequence. See
Profile or an Identity Sequence. See
, for more
information.
Step 8
Configure the Authorization Policies. See
.
Step 9
Configure the Service Selection Policy. See
.
Related Topics
•
•
•
•
Authorizing the ACS Web Interface from Your Browser Using a Certificate
You use the HTTPS certificate-based authentication to connect to ACS with your browser. The Local
Server Certificate in ACS is used to authorize the ACS web interface from your browser. ACS does not
support browser authentication (mutual authentication is not supported).
Server Certificate in ACS is used to authorize the ACS web interface from your browser. ACS does not
support browser authentication (mutual authentication is not supported).
Table 4-2
Network Access Authentication Protocols
Protocol
Action
EAP-TLS
In the Allowed Protocols Page, choose Allow EAP-TLS to enable the EAP-TLS settings.
•
Enable Stateless Session resume—Check this check box to enable the Stateless Session
Resume feature per Access service. This feature enables you to configure the following
options:
Resume feature per Access service. This feature enables you to configure the following
options:
–
Proactive Session Ticket update—Enter the value as a percentage to indicate how much
of the Time to Live must elapse before the session ticket is updated. For example, the
session ticket update occurs after 10 percent of the Time to Live has expired, if you enter
the value 10.
of the Time to Live must elapse before the session ticket is updated. For example, the
session ticket update occurs after 10 percent of the Time to Live has expired, if you enter
the value 10.
–
Session ticket Time to Live—Enter the equivalent maximum value in days, weeks,
months, and years, using a positive integer.
months, and years, using a positive integer.
PEAP
In the Allowed Protocols Page, choose PEAP. For the PEAP inner method, choose EAP-TLS or
PEAP Cryptobinding TLV.
PEAP Cryptobinding TLV.