Users Guide
PAC Provisioning Tab
The PAC Provisioning dialog controls anonymous and authenticated modes. The following figure displays the
EAP-FAST PAC > Provisioning dialog:
Figure 153: EAP_FAST PAC Provisioning Dialog
1. Configure the PAC Provisioning parameters as described in Table 83.
2. When finished, click Save.
Parameter Action/Description Considerations
In-Band PACProvisioning
Allow anonymous
mode
When in anonymous mode, phase 0 of
EAP_FAST provisioning establishes an
outer tunnel without end-host/Policy
Manager authentication.
NOTE: This mode is not as secure as
the authenticated mode.
After an outer tunnel is established, the
end-host and Policy Manager perform
mutual authentication using MSCHAPv2,
then Policy Manager provisions the end-
host with an appropriate PAC (tunnel or
machine).
Authenticated mode is more secure than
anonymous provisioning mode. After the
server is authenticated, the phase 0 tunnel is
established. The end-host and Policy
Manager perform mutual authentication and
provision on the end-host with an
appropriate PAC (tunnel or machine):
l If both anonymous and authenticated
provisioning modes are enabled and the
end-host sends a cipher suite that
supports server authentication, Policy
Manager picks the authenticated
provisioning mode.
l If the appropriate cipher suite is
supported by the end-host, Policy
Manager performs anonymous
provisioning.
Allow authenticated
mode
Enable to allow authenticated mode
provisioning.
When Allow authenticated mode is in
phase 0, Policy Manager establishes the
outer tunnel inside a server-
authenticated tunnel. The end-host
authenticates the server by validating
the Policy Manager certificate.
Accept end-host after
authenticated
provisioning
After the authenticated provisioning
mode is complete and the end-host is
provisioned with a PAC, Policy Manager
rejects the end-host authentication.
The end-host subsequently re-
None.
Table 83: EAP_FAST PAC Provisioning Parameters
Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Authentication Methods and Sources | 191