7-6
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 7 PEAP/EAP-TLS Configuration Scenario
Step 3: Specify EAP-TLS Options
Step 3 Specify the protocols to use with the PEAP protocol. They are:
• EAP_MSCHAP2
• EAP-GTC
Step 4 If you want to enable posture validation on this ACS installation, check the Enable Posture Validation
check box.
Step 3: Specify EAP-TLS Options
Specify one or more of the certificate comparison options for EAP-TLS:
• Certificate SAN Comparison—Based on the name in the Subject Alternative Name (SAN) field in
the user certificate.
• Certificate CN Comparison—Based on the name in the Subject Common Name (CN) field in the
user certificate.
• Certificate Binary Comparison—Based on a binary comparison between the user certificate in the
user object in the LDAP server or Active Directory and the certificate that the user presents during
EAP-TLS authentication. You cannot use this comparison method to authenticate users in an ODBC
external user database.
Step 4: (Optional) Configure Authentication Policy
You can enable EAP-TLS when you set up an authentication policy in the protocols section of Network
Access Profile configuration.
Figure 7-4 shows the modified EAP configuration section on the NAP Protocols page.
Figure 7-4 EAP Configuration Section of NAP Protocols Page
