Filter
Top Products
B-36
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
AppendixB Authentication in ACS 5.4
Authentication Protocol and Identity Store Compatibility
Related Topics
• Microsoft AD, page 8-41
• Managing External Identity Stores, page 8-22
Authentication Protocol and Identity Store Compatibility
ACS supports various authentication protocols to authenticate against the supported identity stores.
Table B-4 specifies non-EAP authentication protocol support.
Table B-5 specifies EAP authentication protocol support.
Table B-4 Non-EAP Authentication Protocol and User Database Compatibility
Identity Store ASCII/PAP MSCHAPv1/MSCHAPv2 CHAP
ACS Yes Yes Yes
Windows AD Yes Yes No
LDAP Yes No No
RSA Identity
Store
Yes No No
RADIUS
Identity Store
Yes No No
Table B-5 EAP Authentication Protocol and User Database Compatibility
Identity Store EAP-MD5 EAP-TLS
1
1. In EAP-TLS authentication, the user is authenticated by cryptographic validation of the certificate. Additionally, ACS 5.4
optionally allows a binary comparison of the user’s certificate sent by the end-user client against the certificate located in
the user’s record in the LDAP identity store.
PEAP-TLS
2
2. In PEAP-TLS authentication, the user is authenticated by cryptographic validation of the certificate. Additionally, ACS 5.4
optionally allows a binary comparison of the user’s certificate sent by the end-user client against the certificate located in
the user’s record in the LDAP identity store.
PEAP
EAP-MSCHAPv2
EAP-FAST
MSCHAPv2 PEAP-GTC
EAP-FA
ST-GTC
ACS Yes Yes
3
3. ACS Identity Store cannot store the certificates.
Yes Yes Yes Yes Yes
Windows AD No Yes Yes Yes Yes Yes Yes
LDAP No Yes Yes No No Yes Yes
RSA Identity
Store
No No No No No Yes Yes
RADIUS
Identity Store
No No No No No Yes Yes