beautypg.com

Enabling peap authentication – Cisco 3.3 User Manual

Page 392

background image

Chapter 10 System Configuration: Authentication and Certificates

About Certification and EAP Protocols

10-12

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Enabling PEAP Authentication

This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support PEAP authentication.

Note

End-user client computers must be configured to support PEAP. This procedure is
specific to configuration of Cisco Secure ACS only.

To enable PEAP authentication, follow these steps:

Step 1

Install a server certificate in Cisco Secure ACS. PEAP requires a server
certificate. For detailed steps, see

Installing a Cisco Secure ACS Server

Certificate, page 10-35

.

Note

If you have previously installed a certificate to support EAP-TLS or
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.

Step 2

Enable PEAP on the Global Authentication Setup page. Cisco Secure ACS allows
you to complete this step only after you have successfully completed Step 1. For
detailed steps, see

Configuring Authentication Options, page 10-33

.

Step 3

Configure a user database. To determine which user databases support PEAP
authentication, see

Authentication Protocol-Database Compatibility, page 1-10

.

Cisco Secure ACS is ready to perform PEAP authentication for most users. For
more information, see

PEAP and the Unknown User Policy, page 10-11

.

Step 4

Consider enabling the Unknown User Policy to simplify PEAP authentication. For
more information, see

PEAP and the Unknown User Policy, page 10-11

. For

detailed steps, see

Configuring the Unknown User Policy, page 15-16

.