Cisco AIR-CB21AG-W-K9 Configuration Guide - Page 61
Default, Import, Table 3-1, Connection Settings continued
View all Cisco AIR-CB21AG-W-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 61 highlights
Chapter 3 Configuring EAP Types Configuring EAP-FAST Table 3-1 Connection Settings (continued) Connection Settings Use Protected Access Credential (PAC) Allow automatic PAC provisioning PAC Authority Import Description Check this box to enable the use of a PAC to establish a tunnel. When this box is checked, PAC provisioning is requested. If this box is not checked, EAP-FAST acts as PEAP and uses only the authenticated server certificate to establish the tunnel every time. The PAC is a unique shared credential used to mutually authenticate a client and a server. The PAC is associated with a specific client username and a server authority ID. A PAC removes the need for PKI and digital certificates. The PAC is distributed or imported to the client automatically or manually. Manual PAC provisioning generates the PAC file locally on the AAA or EAP-FAST server. With manual provisioning, the user credentials are supplied to the server to generate the PAC file for that user. This PAC must then be manually installed on the client device. Default: On Check this box to enable the automatic retrieval of a PAC during EAP-FAST authentication. Automatic PAC provisioning enables the automatic retrieval of a PAC during EAP-FAST authentication. Automatic PAC provisioning uses TLS with a Diffie-Hellman Key Agreement protocol to establish a secure tunnel. In addition, MSCHAPv2 is used to authenticate the client and for early man-in-the-middle (MITM) attack detection. Default: On Select a PAC authority from the drop-down list. Default: None Note The drop-down list contains the names of all of the PAC authorities from which you have previously provisioned a tunnel PAC. If you have not provisioned a PAC, then "none" is the only option. You can also select "none" to force the host to request provisioning a PAC. Click the Import button to manually import a PAC file. When you click on this button, the Import Protected Access Credentials (PAC) File window appears. If you need to enter a password for the PAC file that you have selected, a password window will appear. After you have selected and imported a valid PAC file, the PAC authority is added to the PAC authority drop-down list. Default: Enabled Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista OL-16534-01 3-7