beautypg.com

Cisco 3.3 User Manual

Page 130

background image

Chapter 4 Network Configuration

AAA Client Configuration

4-14

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

When an authentication request from a RADIUS (Cisco Aironet) AAA
client arrives, Cisco Secure ACS first attempts authentication by using
LEAP; if this fails, Cisco Secure ACS fails over to EAP-TLS. If LEAP is
not enabled on the Global Authentication Setup page, Cisco Secure ACS
immediately attempts EAP-TLS authentication. If neither LEAP nor
EAP-TLS are enabled on the Global Authentication Setup, any
authentication attempt received from a Cisco Aironet RADIUS client
fail. For more information about enabling LEAP or EAP-TLS, see

Global

Authentication Setup, page 10-26

.

Using this option enables Cisco Secure ACS to send the wireless network
device a different session timeout value for user sessions than
Cisco Secure ACS sends to wired end-user clients.

Note

If all authentication requests from a particular Cisco Aironet Access
Point are PEAP or EAP-TLS requests, use RADIUS (IETF) instead
of RADIUS (Cisco Aironet). Cisco Secure ACS cannot support PEAP
authentication using the RADIUS (Cisco Aironet) protocol.

RADIUS (Cisco BBMS)—RADIUS using Cisco BBMS VSAs. Select
this option if the network device is a Cisco BBMS network device
supporting authentication via RADIUS.

RADIUS (Cisco IOS/PIX)—RADIUS using Cisco IOS/PIX VSAs. This
option enables you to pack commands sent to a Cisco IOS AAA client.
The commands are defined in the Group Setup section. Select this option
for RADIUS environments in which key TACACS+ functions are
required to support Cisco IOS equipment.

RADIUS (Cisco VPN 3000)—RADIUS using Cisco VPN 3000 VSAs.
Select this option if the network device is a Cisco VPN 3000 series
Concentrator.

RADIUS (Cisco VPN 5000)—RADIUS using Cisco VPN 5000 VSAs.
Select this option if the network device is a Cisco VPN 5000 series
Concentrator.

RADIUS (IETF)—IETF-standard RADIUS, using no VSAs. Select this
option if the AAA client represents RADIUS-enabled devices from more
than one manufacturer and you want to use standard IETF RADIUS

See also other documents in the category Cisco Computers: