Filter
Top Products
B-18
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
AppendixB Authentication in ACS 5.4
PEAPv0/1
Figure B-3 PEAP Processing Flow
Creating the TLS Tunnel
The following describes the process for creating the TLS tunnel:
271629
Phase 1
Phase 2
User authentication credentials are sent
through TLS Tunnel again using EAP.
Client authenticates the server certificate.
TLS Tunnel is created
Client gets network access AP gets encryption keys
RADIUS Server authenticates
to user repository.
1 After creating a logical link, the wireless AP sends an
EAP-Request/Identity message to the wireless client.
2 The wireless client responds with an
EAP-Response/Identity message that contains the
identity (user or computer name) of the wireless client.
3 The wireless AP sends the EAP-Response/Identity
message to ACS. From this point on, the logical
communication occurs between ACS and the wireless
client by using the wireless AP as a pass-through device.
4 ACS sends an EAP-Request/Start PEAP message to the
wireless client.
5 The wireless client and ACS exchange a series of TLS
messages through which the cipher suite for the TLS
channel is negotiated. In ACS 5.4, the client certificate is
not used in PEAP.
6 At the end of the PEAP negotiation, ACS has
authenticated itself to the wireless client. Both nodes
have determined mutual encryption and signing keys (by
using public key cryptography, not passwords) for the
TLS channel.