beautypg.com

Cisco 3.3 User Manual

Page 410

background image

Chapter 10 System Configuration: Authentication and Certificates

Global Authentication Setup

10-30

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Note

Authority ID information is not the same as the Authority ID, which
is generated automatically by Cisco Secure ACS and is not
configurable. While the Authority ID is used by end-user clients to
determine which PAC to send to Cisco Secure ACS, the Authority ID
information is strictly the human-readable label associated with the
Authority ID.

Allow automatic PAC provisioning—Whether Cisco Secure ACS will
provision an end-user client with a PAC using EAP-FAST phase 0. If this
check box is selected, Cisco Secure ACS establishes a secured
connection with the end-user client for providing a new PAC. If the check
box is not selected, Cisco Secure ACS denies the user access and PAC
provisioning must be performed out of band (manually).

EAP-FAST Master Server—When this check box is not selected and
when Cisco Secure ACS receives replicated EAP-FAST policies,
Authority ID, and master keys, Cisco Secure ACS uses them rather than
its own EAP-FAST policies, Authority ID, and master keys.

When this check box is selected, Cisco Secure ACS uses its own
EAP-FAST policies, Authority ID, and master keys. For more
information, see

Table 10-2

.

Note

Click Submit + Restart if you change the EAP-FAST master server
setting.

Actual EAP-FAST server status—This read-only option displays the
state of Cisco Secure ACS with respect to EAP-FAST. If this option
displays “Master”, Cisco Secure ACS generates its own master keys and
Authority ID. If this option displays “Slave”, Cisco Secure ACS uses
master keys and the Authority ID it receives during replication. For more
information, see

Table 10-2

.

Tip

If you deselect the EAP-FAST Master Server check box, EAP-FAST server status
remains “Master” until Cisco Secure ACS receives replicated EAP-FAST
components.