Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

B-18

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Appendix B Authentication in ACS 5.3

EAP-FAST

Authenticating with MSCHAPv2

After the TLS tunnel is created, follow these steps to authenticate the wireless client credentials with

MSCHAPv2:

At the end of this mutual authentication exchange, the wireless client has provided proof of knowledge

of the correct password (the response to the ACS challenge string), and ACS has provided proof of

knowledge of the correct password (the response to the wireless client challenge string). The entire

exchange is encrypted through the TLS channel created in PEAP.

Related Topics

• Authentication Protocol and Identity Store Compatibility, page B-35

• Configuring PEAP Settings, page 18-3

EAP-FAST

This section contains the following topics:

• Overview of EAP-FAST, page B-18

• EAP-FAST Flow in ACS 5.3., page B-26

• EAP-FAST PAC Management, page B-27

Overview of EAP-FAST

The EAP Flexible Authentication via Secured Tunnel (EAP-FAST) protocol is a new, publicly accessible

IEEE 802.1x EAP type that Cisco developed to support customers that cannot enforce a strong password

policy and want to deploy an 802.1x EAP type that does not require digital certificates.

EAP-FAST supports a variety of user and password database types, password change and expiration, and

is flexible, easy to deploy, and easy to manage. For more information about EAP-FAST and comparison

with other EAP types, see:

http://www.cisco.com/en/US/products/hw/wireless/ps430/

products_qanda_item09186a00802030dc.shtml.

1 ACS sends an EAP-Request/Identity message. 2 The wireless client responds with an

EAP-Response/Identity message that contains the

identity (user or computer name) of the wireless client.

3 ACS sends an EAP-Request/EAP-MSCHAPv2 challenge

message that contains a challenge string.

4 The wireless client responds with an

EAP-Response/EAP-MSCHAPv2 Response message

that contains the response to the ACS challenge string

and a challenge string for ACS.

5 ACS sends an EAP-Request/EAP-MSCHAPv2 success

message, which indicates that the wireless client

response was correct and contains the response to the

wireless client challenge string.

6 The wireless client responds with an

EAP-Response/EAP-MSCHAPv2 acknowledgment

message, indicating that the ACS response was correct.

7 ACS sends an EAP-Success message.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual