Filter
Top Products
CHAPTER
7-1
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
7
PEAP/EAP-TLS Configuration Scenario
You can select EAP-TLS as an inner method that is used within the tunnel that ACS establishes for PEAP
authentication. If you select EAP-TLS, ACS can use it not only to encrypt the initial data sent through
the PEAP protocol; but, once a secure tunnel is established between ACS and the NAD, to encrypt (for
a second time) the data that is transmitted within the secure tunnel.
This enhanced encryption method greatly enhances the security of communications between ACS and
the NAD.
Most customers who will use this feature are customers who use Microsoft supplicants.
Summary of Configuration Steps
To configure PEAP-TLS:
Step 1 Configure security certificates.
See Step 1: Configure Security Certificates, page 7-1 for details.
Step 2 Configure global authentication settings.
See Step 2: Configure Global Authentication Settings, page 7-5 for details.
Step 3 Specify EAP-TLS options.
See Step 3: Specify EAP-TLS Options, page 7-6 for details.
The following sections provide more details about the previous steps.
Step 1: Configure Security Certificates
This section describes a simplified procedure for the ACS for Windows platform. For detailed
information on installing certificates and for information on how to install certificates on the Cisco
Secure ACS Solution Engine platform, see Chapter 9 of the User Guide for Cisco Secure ACS 4.2,
“Advanced Configuration: Authentication and Certificates.”