Support User Manuals

Cisco Systems 4.2 Server User Manual

Open as PDF

of 214

3-4

Configuration Guide for Cisco Secure ACS 4.2

OL-14390-02

Chapter 3 Configuring New Features in ACS 4.2

Disabling NetBIOS

Figure 3-2 shows the new options on the NAP Protocols page.

Disabling NetBIOS

Because disabling NetBIOS might be desirable in some cases, you can run ACS 4.2 with NetBIOS

disabled.

ACS SE 4.2 runs on a customized version of Windows 2003 that includes some but not all Windows 2003

services.

Note Although you can use Windows 2000, Windows XP, and Windows Server 2003 to disable NetBIOS over

TCP/IP (NetBT), many corporate networks do not, since most of them still have legacy (Windows 9.x or

Windows NT) machines on their network. These machines need NetBIOS to function properly on a

network, since they use NetBIOS to log in to domains, find one another, and establish sessions for

accessing shared resources.

Ta b l e 3-2 New Options on the NAP Protocols Page

Option Description:

Use PACs Click the Use PACs radio button if you want ACS to

authenticate clients to which this NAP is applied by using

EAP-FAST with PACs enabled.

If you click the Use PACs radio button, then the same

EAP-FAST configuration options that are available in the

global EAP-FAST configuration are available.

Do Not Use PACs Click the Do Not Use PACs radio button if you want ACS to

authenticate clients to which this NAP is applied by using

EAP-FAST without PACs enabled.

Require Client Certificate If you click the Do Not Use PACs radio button, the Require

Client Certificate option is available. Choose this option to

require a client certification for EAP-FAST tunnel

establishment.

Disable Client Certificate Lookup

and Comparisons

If you click the Do Not Use PACs radio button, you can check

the Disable Client Certificate Lookup and Comparisons check

box to disable client certificate lookup and to enable

EAP-FAST PKI Authorization Bypass.

If you check the Disable Client Certificate Lookup and

Comparisons check box, ACS establishes an EAP-FAST

tunnel without authorizing the user based on user group data or

a public key infrastructure (PKI) certificate in a user database;

instead, ACS maps the user to a preconfigured user group.

Assign Group If you check the Disable Client Certificate Lookup and

Comparisons check box; then, from the drop-down list of user

groups in the Assign Group field, select a user group to apply

to the client.

previous next