Filter
Top Products
3-2
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 3 Configuring New Features in ACS 4.2
New Global EAP-FAST Configuration Options
Figure 3-1 New Global EAP-FAST Configuration Options
Table 3-1 describes the new EAP-FAST settings.
Ta b l e 3-1 New EAP-FAST Global Configuration Settings with Release 4.2
Option Description
Allow Full TLS Renegotiation in Case of Invalid
PAC
This option handles cases of an invalid or expired
PAC. In this situation, the EAP server can select a
different cipher than the one normally used with
the invalid PAC to start the full TLS handshake
and authentication.
Check the Allow Full TLS Renegotiation in Case
of Invalid PAC check box if you have clients that
might attempt to authenticate by using certificates
that are unusually old.
Allow Anonymous In-band PAC Provisioning ACS provisions an end-user client with a PAC
using EAP-FAST phase zero. If you check this
check box, ACS establishes a secured connection
with the end-user client to provide the client with
a new PAC.
Enable anonymous TLS renegotiation If you check the Allow Anonymous in-band PAC
Provisioning check box, you can also check the
Enable anonymous TLS renegotiation check box.
Check the Enable anonymous TLS renegotiation
check box if your network contains Vista clients,
to prevent Vista users from being prompted twice
for their password.