Cisco Secure Access Control Server (ACS) for Windows supports a fast reconnect feature. When the Protected EAP (PEAP) session resume feature is enabled, the fast reconnect feature causes Cisco Secure ACS for Windows to allow a PEAP session to resume without checking user credentials. When you enable this feature, it allows Cisco Secure ACS for Windows to trust a user based on the cached TLS session from the original PEAP authentication. Because Cisco Secure ACS for Windows only caches a TLS session when phase two of PEAP authentication succeeds, the existence of a cached TLS session is proof that the user has successfully authenticated within the number of minutes defined by the PEAP session timeout option.
The fast reconnect feature is particularly useful for wireless LANs, wherein a user can move the client computer so that a different wireless access point is in use. When Cisco Secure ACS for Windows resumes a PEAP session, the user re-authenticates without entering a password, provided that the session has not timed out. If the end-user client is restarted, the user must enter a password even if the session timeout interval has not ended.
When you deselect the Enable Fast Reconnect check box, this causes Cisco Secure ACS for Windows to always perform phase two of PEAP authentication, even when the PEAP session has not timed out.
Fast reconnection can occur only when Cisco Secure ACS for Windows allows the session to resume because the session has not timed out. If you disable the PEAP session resume feature by entering 0 (zero) in the PEAP session timeout (minutes) box, then selecting the Enable Fast Reconnect check box has no effect on PEAP authentication and phase two of PEAP authentication always occurs.
In order to enable the fast reconnect feature on Cisco Secure ACS for Windows, go to the System Configuration page, select Global Authentication Setup, and click Enable Fast Reconnect.
Hi there I have a new C2960X that we are replacing a couple old ones with.I can not get RADIUS working . yes the switch can ping the radius server .. i took out the key but it is there HELP I have it programmed like thisaaa new-...
Anyconnect VPN has stopped working. Running on windows 10 homesecurity services: Windows security & malwarebytesanyconnect version: 4.6.03049 multiple install/reinstall from company IT page, turning off windows security firewall, runnin...
Currently using FirePOWER, experiencing an unexpected SSL Block for some traffic, SSL rule has been created not to decrypt the traffic, URLs that are being accessed are whitelisted, SSL Flow error is Defer Cut Post CCs (0x0000197), SSL version TLSV1.2, Th...
Hi all, Need help creating different policies for different network access types. I want to have different posture policy for wireless, wired and vpn users. What is the best way to go about it. Thanks. TH
I recently just migrated to ISE 2.4 and now see that 2.6 has been released. Normally that wouldn't be a big deal, but to upgrade to 2.4, it was suggested to build all new VMs from scratch and manually migrate over all my settings, policies, etc. As you ca...