Cisco 2509 - Router - EN User Manual page 356

Global Authentication Setup
Tip
c.
If you want to allow EAP-TLS, follow these steps:
Step 4
a.
b.
If you want to allow EAP-MD5, in the EAP Configuration table select the Allow
Step 5
EAP-MD5 check box.
To enable MS-CHAP authentication, in the MS-CHAP Configuration table, select
Step 6
the check box(es) that correspond to each MS-CHAP version you want to use:
•
•
User Guide for Cisco Secure ACS for Windows Server
8-82
The PEAP client initial display message is the first challenge a user of a
PEAP client sees when attempting authentication. It should direct the user
on what to do next, for example, "Enter your passcode."
In the PEAP session timeout (minutes) box, type the maximum PEAP session
length you want to allow users, in minutes.
Note PEAP supports a session resume feature. The session resume feature
allows users to reauthenticate without entering a password provided
that the session has not timed out. If the end-user client is restarted,
the user must enter a password even if the session timeout interval has
not ended.
In the EAP Configuration table, select the Allow EAP-TLS check box.
Select the appropriate radio button to specify whether EAP-TLS should
require Certificate name comparison, Certificate binary comparison, or
Either comparison type.
If you select Either comparison type, Cisco Secure ACS first
Note
compares the certificate name and, if necessary, then performs the
certificate binary comparison.
Allow MS-CHAP Version 1 Authentication
Allow MS-CHAP Version 2 Authentication
Chapter 8 Establishing Cisco Secure ACS System Configuration
78-14696-01, Version 3.1