Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

B-26

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Appendix B Authentication in ACS 5.3

EAP-FAST

Master Key Generation and PAC TTLs

The values for master key generation and PAC TTLs determine their states, as described in About

Master-Keys, page B-21 and Types of PACs, page B-22. Master key and PAC states determine whether

someone requesting network access with EAP-FAST requires PAC provisioning or PAC refreshing.

Related Topics

• About PACs, page B-21

• Provisioning Modes, page B-22

• Types of PACs, page B-22

• ACS-Supported Features for PACs, page B-24

EAP-FAST for Allow TLS Renegotiation

You may be prompted to enter a password twice when you use an anonymous PAC provisioning schema.

When you enter the password the first time, ACS provisions the PAC and sends an access-reject to the

client. The client is then prompted to re-enter the password so that they will be able to authenticate and

be granted access to the network.

ACS checks for a TLS client handshake record. If it finds the TLS client handshake record, ACS will

initiate a TLS renegotiation at the end of EAP-Fast phase zero, instead of rejecting the user’s request for

access.

You should use this option with a Vista client when the host is using anonymous PAC provisioning. Vista

client do not save the user password in the cache, so you are allowed to enter the password once. When

this option is enabled, ACS initiates the TLS renegotiation request to the client at the end of EAP-FAST

phase zero, instead of rejecting the access attempt after PAC provisioning.

EAP-FAST Flow in ACS 5.3.

Note You must configure the end-user clients to support EAP-FAST. This procedure is specific to configuring

ACS only.

Before You Begin

The steps in this procedure are a suggested order only. Enabling EAP-FAST at your site may require

recursion of these steps or performing these steps in a different order.

For example, in this procedure, determining how you want to support PAC provisioning comes after

configuring a user database to support EAP-FAST; however, choosing Automatic In-Band PAC

Provisioning places different limits on user database support.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual