Filter
Top Products
18-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 18 Managing System Administration Configurations
Configuring Global System Options
Configuring PEAP Settings
Use the PEAP Settings page to configure PEAP runtime characteristics.
Select System Administration > Configuration > Global System Options > PEAP Settings.
The PEAP Settings page appears as described in Table 18-3:
Related Topic
• Generating EAP-FAST PAC, page 18-4
Configuring EAP-FAST Settings
Use the EAP-FAST Settings page to configure EAP-FAST runtime characteristics.
Select System Administration > Configuration > Global System Options > EAP-FAST > Settings.
The EAP-FAST Settings page appears as described in Table 18-4:
Table 18-3 PEAP Settings
Option Description
Enable PEAP Session
Resume
When checked, ACS caches the TLS session that is created during phase one of PEAP
authentication, provided the user successfully authenticates in phase two of PEAP. If a user needs
to reconnect and the original PEAP session has not timed out, ACS uses the cached TLS session,
resulting in faster PEAP performance and a lessened AAA server load.
You must specify a PEAP session timeout value for the PEAP session resume features to work.
PEAP Session Timeout Enter the number of seconds before the PEAP session times out. The default value is 7200
seconds.
Enable Fast Reconnect Check to allow a PEAP session to resume in ACS without checking user credentials when the
session resume feature is enabled.
Table 18-4 EAP-FAST Settings
Option Description
General
Authority Identity Info
Description
User-friendly string that describes the ACS server that sends credentials to a client. The client can
discover this string in the Protected Access Credentials Information (PAC-Info)
Type-Length-Value (TLV). The default value is Cisco Secure ACS.
Master Key Generation
Period
The value is used to encrypt or decrypt and sign or authenticate PACs. The default is one week.
Revoke
Revoke Click Revoke to revoke all previous master keys and PACs. This operation should be used with
caution.
If the ACS node is a secondary node, the Revoke option is disabled.