Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

10-15

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 10 Managing Access Policies

Configuring Access Services

Related Topic

• Configuring Access Service Allowed Protocols, page 10-15

• Configuring Access Services Templates, page 10-19

Configuring Access Service Allowed Protocols

The allowed protocols are the second part of access service creation. Access service definitions contain

general and allowed protocol information. When you duplicate and edit services, the Access Service

properties page contains tabs.

Step 1 Select Access Policies > Access Services, then click:

• Create to create a new access service, then click Next to go to the Allowed Protocols screen.

• Duplicate to duplicate an access service, then click Next to go to the Allowed Protocols screen.

• Edit to edit an access service, then click Next to go to the Allowed Protocols screen.

Step 2 Complete the fields as shown in Table 10-7:

Table 10-7 Access Service Properties—Allowed Protocols Page

Option Description

Process Host Lookup Check to configure ACS to process the Host Lookup field (for example, when the RADIUS

Service-Type equals 10) and use the System UserName attribute from the RADIUS

Calling-Station-ID attribute.

Uncheck for ACS to ignore the Host Lookup request and use the original value of the system

UserName attribute for authentication and authorization. When unchecked, message processing

is according to the protocol (for example, PAP).

Authentication Protocols

Allow PAP/ASCII Enables PAP/ASCII. PAP uses clear-text passwords (that is, unencrypted passwords) and is the

least secure authentication protocol.

When you check Allow PAP/ASCII, you can check Detect PAP as Host Lookup to configure

ACS to detect this type of request as a Host Lookup (instead of PAP) request in the network access

service.

Allow CHAP Enables CHAP authentication. CHAP uses a challenge-response mechanism with password

encryption. CHAP does not work with the Windows Active Directory.

Allow MS-CHAPv1 Enables MS-CHAPv1.

Allow MSCHAPv2 Enables MSCHAPv2.

Allow EAP-MD5 Enables EAP-based Message Digest 5 hashed authentication.

When you check Allow EAP-MD5, you can check Detect EAP-MD5 as Host Lookup to

configure ACS to detect this type of request as a Host Lookup (instead of EAP-MD5) request in

the network access service.

previous next