Chapter 18 Managing System Administration Configurations

Configuring Global System Options

Configuring PEAP Settings

Use the PEAP Settings page to configure PEAP runtime characteristics.

Select System Administration > Configuration > Global System Options > PEAP Settings. The PEAP Settings page appears as described in Table 18-3:

Table 18-3

PEAP Settings

 

 

 

Option

 

Description

 

 

Enable PEAP Session

When checked, ACS caches the TLS session that is created during phase one of PEAP

Resume

 

authentication, provided the user successfully authenticates in phase two of PEAP. If a user needs

 

 

to reconnect and the original PEAP session has not timed out, ACS uses the cached TLS session,

 

 

resulting in faster PEAP performance and a lessened AAA server load.

 

 

You must specify a PEAP session timeout value for the PEAP session resume features to work.

 

 

PEAP Session Timeout

Enter the number of seconds before the PEAP session times out. The default value is 7200

 

 

seconds.

 

 

Enable Fast Reconnect

Check to allow a PEAP session to resume in ACS without checking user credentials when the

 

 

session resume feature is enabled.

 

 

 

Related Topic

Generating EAP-FAST PAC, page 18-4

Configuring EAP-FAST Settings

Use the EAP-FAST Settings page to configure EAP-FAST runtime characteristics.

Select System Administration > Configuration > Global System Options > EAP-FAST > Settings.

The EAP-FAST Settings page appears as described in Table 18-4:

Table 18-4 EAP-FAST Settings

Option

Description

General

Authority Identity Info

User-friendly string that describes the ACS server that sends credentials to a client. The client can

Description

discover this string in the Protected Access Credentials Information (PAC-Info)

 

Type-Length-Value (TLV). The default value is Cisco Secure ACS.

 

 

Master Key Generation

The value is used to encrypt or decrypt and sign or authenticate PACs. The default is one week.

Period

 

 

 

Revoke

 

Revoke

Click Revoke to revoke all previous master keys and PACs. This operation should be used with caution.

If the ACS node is a secondary node, the Revoke option is disabled.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

18-3

 

 

 

 

 

Page 516 Page 518
Page 517
Image 517
Cisco Systems OL-24201-01 manual Configuring Peap Settings, Configuring EAP-FAST Settings, Generating EAP-FAST PAC, 18-3
Page 516 Page 518
Top Page Image Contents