Cisco Systems OL-24201-01 Camera Accessories User Manual


 
7-16
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 7 Managing Network Resources
Network Devices and AAA Clients
RADIUS Shared
Secret
Shared secret of the network device, if you have enabled the RADIUS protocol.
A shared secret is an expected string of text, which a user must provide before the network device
authenticates a username and password. The connection is rejected until the user supplies the shared
secret.
CoA Port Used to set up the RAIUS CoA port for session directory, for user authentication. This session
directory can be launched from Monitoring and Troubleshooting Viewer page. By default, the CoA
port value is filled as 1700.
Enable KeyWrap Check to enable the shared secret keys for RADIUS Key Wrap in PEAP, EAP-FAST and EAP-TLS
authentications. Each key must be unique and be distinct from the RADIUS shared key. You can
configure these shared keys for each AAA Client.
Key Encryption Key
(KEK)
Used to encrypt the Pairwise Master Key (PMK). In ASCII mode, enter a key with 16 characters. In
hexadecimal mode, enter a key with 32 characters.
Message
Authentication Code
Key (MACK)
Used to calculate the keyed hashed message authentication code (HMAC) over the RADIUS message.
In ASCII mode, enter a key length with 20 characters. In hexadecimal mode, enter a key with 40
characters.
Key Input Format Enter the keys as ASCII or hexadecimal strings. The default is hexadecimal.
Security Group
Access
Appears only when you enable the Cisco Security Group Access feature. Check to use Security Group
Access functionality on the network device. If the network device is the seed device (first device in the
Security Group Access network), you must also check the RADIUS check box.
Identification Name that will be used for Security Group Access identification of this device. By default, you can use
the configured device name. If you want to use another name, clear the Use device name for Security
Group Access identification check box, and enter the name in the Identification field.
Password Security Group Access authentication password.
Security Group
Access Advanced
Settings
Check to display additional Security Group Access fields.
Other Security
Group Access
devices to trust this
device
Specifies whether all the device’s peer devices trust this device. The default is checked, which means
that the peer devices trust this device, and do not change the SGTs on packets arriving from this device.
If you uncheck the check box, the peer devices repaint packets from this device with the related peer
SGT.
Download peer
authorization policy
every: Weeks Days
Hours Minutes
Seconds
Specifies the expiry time for the peer authorization policy. ACS returns this information to the device
in the response to a peer policy request. The default is 1 day.
Download SGACL
lists every: Weeks
Days Hours Minutes
Seconds
Specifies the expiry time for SGACL lists. ACS returns this information to the device in the response
to a request for SGACL lists. The default is 1 day.
Table 7-5 Network Devices and AAA Clients Properties Page (continued)
Option Description