Filter
Top Products
61-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
802.1x Policy Page
Field Reference
Table 61-1 802.1x Page
Element Description
AAA Server Group The RADIUS AAA server group that authenticates the credentials of
users trying to access a VPN tunnel. Enter the name of a AAA server
group object, or click Add to select one from a list or to create a new
AAA server group object.
Note Each AAA server in the selected group must be configured to
communicate with an interface that exists on the router;
otherwise, validation fails.
Virtual Template Mandatory for all routers except Integrated Services Routers (ISRs).
The untrusted, virtual interface that provides Internet access to
unauthenticated traffic. Enter the name of an interface or interface role,
or click Select to select one from a list or to create a new group object.
Note You do not need to configure a virtual template for ISRs,
because they automatically use VLANs to provide access. If
you do define a virtual template, however, it is used instead of
the VLAN.
Note Deployment might fail if PPP is defined on the virtual template
defined here. See PPP Dialog Box, page 59-76.
Interface The trusted, physical interface that provides VPN access to
authenticated traffic. Enter the name of an interface or interface role, or
click Select to select one from a list or to create a new group object.
If you use an interface role, the pattern defined in the interface role
must represent only one physical interface on the selected device. This
interface should be the internal protected interface that you configured
as part of the VPN topology. For more information, see Defining the
Endpoints and Protected Networks, page 24-33.
Number of retries The number of times the physical interface resends an Extensible
Authentication Protocol (EAP) request/identity frame to a client if a
response is not received before restarting authentication.
Valid values range from 1 to 10. The default is 2.
Note You should change the default only to adjust for unusual
circumstances, such as unreliable links or specific problems
with certain clients and authentication servers.