Filter
Top Products
18-4
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 18 Managing System Administration Configurations
Configuring RSA SecurID Prompts
Generating EAP-FAST PAC
Use the EAP-FAST Generate PAC page to generate a user or machine PAC.
Step 1 Select System Administration > Configuration > Global System Options > EAP-FAST > Generate
PAC.
The Generate PAC page appears as described in Table 18-5:
Step 2 Click Generate PAC.
Configuring RSA SecurID Prompts
You can configure RSA prompts for an ACS deployment. The set of RSA prompts that you configure is
used for all RSA realms and ACS instances in a deployment. To configure RSA SecurID Prompts:
Step 1 Choose System Administration > Configuration > Global System Options > RSA SecurID Prompts.
The RSA SecurID Prompts page appears.
Step 2 Modify the fields described in Table 18-6.
Master Key Generation
Period
The value is used to encrypt or decrypt and sign or authenticate PACs. The default is one week.
Revoke
Revoke Click Revoke to revoke all previous master keys and PACs. This operation should be used with
caution.
If the ACS node is a secondary node, the Revoke option is disabled.
Table 18-4 EAP-FAST Settings (continued)
Option Description
Table 18-5 Generate PAC
Option Description
Tunnel PAC Select to generate a tunnel PAC.
Machine PAC Select to generate a machine PAC.
Identity Specifies the username or machine name presented as the “inner username” by the EAP-FAST
protocol. If the Identity string does not match that username, authentication will fail.
PAC Time To Live Enter the equivalent maximum value in seconds, minutes, hours, days, weeks, months, and years.
Enter a positive integer.
Password Enter the password.