Filter
Top Products
9-11
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 3: Set Up System Configuration
Step 3 To make the PEAP global authentication parameters available in the NAP configuration, check the check
boxes
for:
• Allow EAP-MSCHAPv2.
EAP-MSCHAP is a variation of the Microsoft Challenge and Response Protocol that is used with
the Protected Extensible Access Protocol (PEAP). For a description of the EAP-MSCHAPv2
protocol, see the “Authentication” section in Chapter 1 of the User Guide for Cisco Secure ACS,
4.2,
“Overview.”
• Allow EAP-GTC.
For a description of the EAP Generic Token Card (EAP-GTC) protocol, see “EAP-FAST
Authentication” in Chapter 9 of the User Guide for Cisco Secure ACS 4.2, “System Configuration:
Authentication and Certificates.”
• Allow Posture Validation.
For a description of Posture Validation, see the “What Is Posture Validation” section in Chapter 13
of the User Guide for Cisco Secure ACS, 4.2, “Posture Validation.”
Step 4 In the EAP-TLS section:
a. Check the Allow EAP-TLS check box.
b. Check the Certificate SAN comparison and Certificate Binary comparison check boxes.
c. Leave the EAP-TLS timeout field set to the default (120 minutes).
Step 5 In the EAP-MD5 section, check the Allow EAP-MD5 check box.
Step 6 Scroll down to the MS-CHAP configuration section, and check the Allow MS-CHAP Version 1
Authentication and Allow MS-CHAP Version 2 Authentication check boxes, as shown in
Figure 9-7.
Figure 9-7 MS-CHAP Authentication Selection
Step 7 Click Submit + Restart.
Step 8 Go to Set Up EAP-FAST Configuration, page 9-12, and configure EAP-FAST authentication.