Authentication Flashcards
PIP
Policy Infomation Point- the correct identity store
Authentication rules are processed in top-down, first-match order, just like a firewall policy
true
PAP- Password Authentication Protocol
username is sent in the clear; password is optionally encrypted. PAP is normally used with MAB, and some devices use PAP for web authentications. We recommend you enable this for the MAB rule only and disable PAP for any authentication rules for real authentications
CHAP
Challenge Handshake Authentication Protocol. Username and password are encrypted using a challenge sent from the server. Challenge Handshake Authentication is not often used with network access; however, some vendors will send MAB using CHAP instead of PAP
ISE authentication rule set
Reject- send Access-Reject back to the NAD
Continue- continue to the authorization policy regardless of the authentication pass/fail (used with web authentication)
Drop- Do not respond to the NAD because NAD will treat as if RADIUS server is dead
A simple condition
is just a single attribute that has been saved to the library for reuse
A compound condition
is the joining of more than one condition with an AND or OR operator