Filter
Top Products
10-16
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10 Managing Access Policies
Configuring Access Services
Allow EAP-TLS Enables the EAP-TLS Authentication protocol and configures EAP-TLS settings. You can specify
how ACS verifies user identity as presented in the EAP Identity response from the end-user client.
User identity is verified against information in the certificate that the end-user client presents.
This comparison occurs after an EAP-TLS tunnel is established between ACS and the end-user
client.
EAP-TLS is a certificate-based authentication protocol. EAP-TLS authentication can occur only
after you have completed the required steps to configure certificates. See Configuring Local
Server Certificates, page 18-14 for more information.
Allow LEAP Enables LEAP authentication.
Allow PEAP Enables the PEAP authentication protocol and PEAP settings. The default inner method is
MSCHAPv2.
When you check Allow PEAP, you can configure the following PEAP inner methods:
• Allow EAP-TLS—Check to use EAP-TLS as the inner method.
• Allow EAP-MSCHAPv2—Check to use EAP-MSCHAPv2 as the inner method.
–
Allow Password Change—Check for ACS to support password changes.
–
Retry Attempts—Specifies how many times ACS requests user credentials before
returning login failure. Valid values are 1 to 3.
• Allow EAP-GTC—Check to use EAP-GTC as the inner method.
–
Allow Password Change—Check for ACS to support password changes.
–
Retry Attempts—Specifies how many times ACS requests user credentials before
returning login failure. Valid values are 1 to 3.
Table 10-7 Access Service Properties—Allowed Protocols Page (continued)
Option Description