Dell Powerconnect W-ClearPass Virtual Appliances W-ClearPass Policy Manager 6. - Page 125
Table 55, EAP_FAST PAC Provisioning Tab
View all Dell Powerconnect W-ClearPass Virtual Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 125 highlights
Figure 67: EAP_FAST PAC Provisioning tab Table 55: EAP_FAST PAC Provisioning Tab Parameter Description Considerations Allow Anonymous Mode Allow Authenticated Mode When in anonymous mode, phase 0 of EAP_FAST provisioning establishes an outer tunnel without endhost/Policy Manager authentication (not as secure as the authenticated mode). Once the tunnel is established, end-host and Policy Manager perform mutual authentication using MSCHAPv2, then Policy Manager provisions the endhost with an appropriate PAC (tunnel or machine). Enable to allow authenticated mode provisioning. When in Allow Authenticated Mode phase 0, Policy Manager establishes the outer tunnel inside of a server-authenticated tunnel. The end-host authenticates the server by validating the Policy Manager certificate. Authenticated mode is more secure than anonymous provisioning mode. Once the server is authenticated, the phase 0 tunnel is established, the end-host and Policy Manager perform mutual authentication, and Policy Manager provisions the end-host with an appropriate PAC (tunnel or machine): l If both anonymous and authenticated provisioning modes are enabled, and the end-host sends a cipher suite that supports server authentication, Policy Manager picks the authenticated provisioning mode. l Otherwise, if the appropriate cipher suite is supported by the end-host, Policy Manager performs anonymous provisioning. Accept endhost after authenticated provisioning Once the authenticated provisioning mode is complete and the end-host is provisioned with a PAC, Policy Manager rejects end-host Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 125