B-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
AppendixB Authentication in ACS 5.4
EAP-MD5
ACS supports full EAP infrastructure, including EAP type negotiation, message sequencing and
message retransmission. All protocols support fragmentation of big mess ages.
In ACS 5.4, you configure EAP methods for authentication as part of access service configuration. For
more information about access services, see Chapter 3, “ACS 5.x Policy Model.”
EAP-MD5
This section contains the following topics:
Overview of EAP-MD5, page B-5
EAP- MD5 Flow in ACS 5.4, pageB-5

Overview of EAP-MD5

EAP Message Digest 5-(EAP-MD5) provides one-way client authentication. The server sends the client
a random challenge. The client proves its identity by hashing the challenge and its password with MD5.
EAP-MD5 is vulnerable to dictionary attacks when it is used over an open medium.
This is because hackers are able to see the challenge and response. Since no server authentication occurs,
it is also vulnerable to falsification.
Related Topics
Host Lookup, page 4-13
Overview of Agentless Network Access, page 4-12

EAP- MD5 Flow in ACS 5.4

ACS supports EAP-MD5 authentication against the ACS internal identity store. Host Lookup is also
supported when using the EAP-MD5 protocol. See Host Lookup, page 4-13.
Related Topics
Authentication Protocol and Identity Store Compatibility, pageB-36
Overview of Agentless Network Access, page 4-12
EAP-TLS
This section contains the following topics:
Overview of EAP-TLS, page B-6
EAP-TLS Flow in ACS 5.4, pageB-13