Cisco Systems 4.2 Server User Manual


 
Glossary
GL-2
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
E
EAP
Extensible Authentication Protocol-Provides the ability to deploy RADIUS into Ethernet network
environments. EAP is defined by Internet Engineering Task Force (IETF) RFC 2284 and the IEEE
802.1x standards.
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security-Uses the TLS protocol (RFC 2246),
which is the latest version of the Secure Socket Layer (SSL) protocol from the IETF. TLS provides a
way to use certificates for user and server authentication and for dynamic session key generation.
Endpoint Device
Any machine that attempts to connect to or use the resources of a network. Also referred to as a host.
External Posture
Validation Server
A Cisco or third-party server used to perform posture validation. A posture-validation server acts as
an application-specific policy decision point in NAC for authorizing a set of posture credentials
against a set of policy rules.
G
GAME group
feedback
Generic Authorization Message Exchange-A Cisco protocol that is used in the Cisco Network
Admission Control (NAC) environment. GAME group feedback provides an added security check for
MAC address authentication by checking the device type categorization that ACS determines by
associating a MAC address with a user group against information stored in a database on an audit
server
H
Health Registration
Authority
A Microsoft certificate server that obtains health certificates on behalf of NAP clients from a public
key infrastructure (PKI).
HCAP
Cisco Host Credentials Authorization Protocol. A protocol that ACS uses to communicate with a
Microsoft NPS.
Host
Another name for an endpoint device.
L
LDAP
Lightweight Directory Access Protocol-A set of protocols for accessing information directories.
LDAP is based on the standards contained within the X.500 standard, but is significantly simpler.
M
MAB
MAC authentication bypass-An authentication method that uses the MAC address of a device to
authenticate the device, instead of using an IP address.