Table 10-2 – Cisco 3.3 User Manual

Page 403

Advertising

10-23

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 10 System Configuration: Authentication and Certificates

About Certification and EAP Protocols

The Database Replication log on the primary Cisco Secure ACS records
replication of master keys. Entries related to master key replication contain the
text “MKEYReplicate”.

The EAP-FAST master server setting has a significant effect upon EAP-FAST
authentication and replication, as follows:

•

Enabled—When the EAP-FAST master server check box is selected, the
“Actual EAP-FAST server status” is

Master

and Cisco Secure ACS ignores

the EAP-FAST settings, Authority ID, and master keys it receives from a
primary Cisco Secure ACS during replication, preferring instead to use
master keys it generates, its unique Authority ID, and the EAP-FAST settings
configured in its HTML interface.

Enabling the EAP-FAST master server setting requires providing for the
end-user client a PAC from the primary Cisco Secure ACS that is different
than the PAC from the secondary Cisco Secure ACS. Because the primary and
secondary Cisco Secure ACSes send different Authority IDs at the beginning
of the EAP-FAST transaction, the end-user client must have a PAC for each
Authority ID. A PAC generated by the primary Cisco Secure ACS is not

Table 10-2

EAP-FAST Components and Replication

EAP-FAST Component

Replicated?

Configurable?

EAP-FAST Enable