Dell Powerconnect W-ClearPass Virtual Appliances W-ClearPass Policy Manager 6. - Page 124
PAC Provisioning Tab, Tunnel, PAC Expire Time, Machine, Machine PAC Expire Time, Authorization PAC
View all Dell Powerconnect W-ClearPass Virtual Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 124 highlights
Figure 66: EAP_FAST PACs Tab l To provision a Tunnel PAC on the end-host after initial successful machine authentication, specify the Tunnel PAC Expire Time (the time until the PAC expires and must be replaced by automatic or manual provisioning) in hours, days, weeks, months, or years. During authentication, Policy Manager can use the Tunnel PAC shared secret to create the outer EAP-FAST tunnel. l To provision a Machine PAC on the end-host after initial successful machine authentication, select the Machine PAC check box. During authentication, Policy Manager can use the Machine PAC shared secret to create the outer EAP-FAST tunnel. Specify the Machine PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or manual provisioning) in hours, days, weeks, months, or years. This can be a long-lived PAC (specified in months and years). l To provision an authorization PAC upon successful user authentication, select the Authorization PAC check box. Authorization PAC results from a prior user authentication and authorization. When presented with a valid Authorization PAC, Policy Manager skips the inner user authentication handshake within EAP-FAST. Specify the Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or manual provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC (specified in hours, rather than months and years). l To provision a posture PAC upon successful posture validation, select the Posture PAC check box. Posture PACs result from prior posture evaluation. When presented with a valid Posture PAC, Policy Manager skips the posture validation handshake within the EAP-FAST protected tunnel; the prior result is used to ascertain end-host health. Specify the Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or manual provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC (specified in hours, rather than months and years). PAC Provisioning Tab The PAC Provisioning tab controls anonymous and authenticated modes: 124 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide