Cisco 3.3 User Manual
Page 410
Chapter 10 System Configuration: Authentication and Certificates
Global Authentication Setup
10-30
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note
Authority ID information is not the same as the Authority ID, which
is generated automatically by Cisco Secure ACS and is not
configurable. While the Authority ID is used by end-user clients to
determine which PAC to send to Cisco Secure ACS, the Authority ID
information is strictly the human-readable label associated with the
Authority ID.
–
Allow automatic PAC provisioning—Whether Cisco Secure ACS will
provision an end-user client with a PAC using EAP-FAST phase 0. If this
check box is selected, Cisco Secure ACS establishes a secured
connection with the end-user client for providing a new PAC. If the check
box is not selected, Cisco Secure ACS denies the user access and PAC
provisioning must be performed out of band (manually).
–
EAP-FAST Master Server—When this check box is not selected and
when Cisco Secure ACS receives replicated EAP-FAST policies,
Authority ID, and master keys, Cisco Secure ACS uses them rather than
its own EAP-FAST policies, Authority ID, and master keys.
When this check box is selected, Cisco Secure ACS uses its own
EAP-FAST policies, Authority ID, and master keys. For more
information, see
Note
Click Submit + Restart if you change the EAP-FAST master server
setting.
–
Actual EAP-FAST server status—This read-only option displays the
state of Cisco Secure ACS with respect to EAP-FAST. If this option
displays “Master”, Cisco Secure ACS generates its own master keys and
Authority ID. If this option displays “Slave”, Cisco Secure ACS uses
master keys and the Authority ID it receives during replication. For more
information, see
Tip
If you deselect the EAP-FAST Master Server check box, EAP-FAST server status
remains “Master” until Cisco Secure ACS receives replicated EAP-FAST
components.