Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
10-12
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Enabling PEAP Authentication
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support PEAP authentication.
Note End-user client computers must be configured to support PEAP. This procedure is
specific to configuration of Cisco Secure ACS only.
To enable PEAP authentication, follow these steps:
Step 1 Install a server certificate in Cisco Secure ACS. PEAP requires a server
certificate. For detailed steps, see Installing a Cisco Secure ACS Server
Certificate, page 10-35.
Note If you have previously installed a certificate to support EAP-TLS or
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.
Step 2 Enable PEAP on the Global Authentication Setup page. Cisco Secure ACS allows
you to complete this step only after you have successfully completed Step 1. For
detailed steps, see Configuring Authentication Options, page 10-33.
Step 3 Configure a user database. To determine which user databases support PEAP
authentication, see Authentication Protocol-Database Compatibility, page 1-10.
Cisco Secure ACS is ready to perform PEAP authentication for most users. For
more information, see PEAP and the Unknown User Policy, page 10-11.
Step 4 Consider enabling the Unknown User Policy to simplify PEAP authentication. For
more information, see PEAP and the Unknown User Policy, page 10-11. For
detailed steps, see Configuring the Unknown User Policy, page 15-16.