Appendix B Authentication in ACS 5.3

Authentication Protocol and Identity Store Compatibility

Table B-5specifies EAP authentication protocol support.

Table B-5

EAP Authentication Protocol and User Database Compatibility

 

 

 

 

 

 

 

 

 

 

EAP-TLS1

PEAP

EAP-FAST

 

 

Identity Store

EAP-MD5

EAP-MSCHAPv2

MSCHAPv2

PEAP-GTC

EAP-FAST-GTC

ACS

Yes

Yes2

Yes

Yes

Yes

Yes

Windows AD

No

Yes

Yes

Yes

Yes

Yes

 

 

 

 

 

 

 

LDAP

No

Yes

No

No

Yes

Yes

 

 

 

 

 

 

 

RSA Identity

No

No

No

No

Yes

Yes

Store

 

 

 

 

 

 

 

 

 

 

 

 

 

RADIUS

No

No

No

No

Yes

Yes

Identity Store

 

 

 

 

 

 

 

 

 

 

 

 

 

1.In EAP-TLS authentication, the user is authenticated by cryptographic validation of the certificate. Additionally, ACS 5.3 optionally allows a binary comparison of the user’s certificate sent by the end-user client against the certificate located in the user’s record in the LDAP identity store.

2.ACS Identity Store cannot store the certificates.

 

User Guide for Cisco Secure Access Control System 5.3

B-36

OL-24201-01

Page 616
Image 616
Cisco Systems OL-24201-01 manual Eap-Tls, EAP-MSCHAPv2