Filter
Top Products
B-35
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Appendix B Authentication in ACS 5.3
Authentication Protocol and Identity Store Compatibility
Note Microsoft PEAP clients may also initiate machine authentication whenever a user logs off. This feature
prepares the network connection for the next user login. Microsoft PEAP clients may also initiate
machine authentication when a user shuts down or restarts the computer rather than just logging off.
ACS supports EAP-TLS, EAP-FAST, PEAP (EAP-MSCHAPv2), and PEAP (EAP-GTC) for machine
authentication. You can enable each separately on the Active Directory: General Page, which allows a
mix of computers that authenticate with EAP-TLS, EAP-FAST, or PEAP (EAP-MSCHAPv2).
Microsoft operating systems that perform machine authentication might limit the user authentication
protocol to the same protocol that is used for machine authentication.
Related Topics
• Microsoft AD, page 8-41
• Managing External Identity Stores, page 8-22
Authentication Protocol and Identity Store Compatibility
ACS supports various authentication protocols to authenticate against the supported identity stores.
Table B-4 specifies non-EAP authentication protocol support.
Table B-4 Non-EAP Authentication Protocol and User Database Compatibility
Identity Store ASCII/PAP MSCHAPv1/MSCHAPv2 CHAP
ACS Yes Yes Yes
Windows AD Yes Yes No
LDAP Yes No No
RSA Identity
Store
Yes No No
RADIUS
Identity Store
Yes No No