Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
121122123124125126127128129130
l Configure PEAP with MSCHAPv2 for Onboard devices Android, Windows, and legacy OS X (10.5/10.6).
l Configure EAP-TLS for iOS devices and OS X (10.7 or later).
l Other EAP methods, while possible, are limited in their applicability and should only be used if you have a
specific requirement for that method.
The Windows EAP options that may be specified include:
l Enable Fast Reconnect Fast Reconnect is a PEAP property that enables wireless clients to move between
wireless access points on the same network without being re-authenticated each time they associate with a new
access point. If TLS is selected, Fast Reconnect is not available.
l Enforce Network Access Protection Enable this option to obtain a system statement-of-health (SSoH) from
the OnGuard or Microsoft NAP Agent and send it to the authentication server during the 802.1X authentication
process. Use this option to enforce network access control (NAC) protections on the network. If TLS is selected,
Enforce Network Access Protection is not available.
l Enforce Cryptobinding Cryptobinding is a process that protects the authentication protocol negotiation
against man-in-the-middle attacks. The cryptobinding request and response performs a two-way handshake
between the peer and the authentication server using key materials. If TLS is selected, Enforce Cryptobinding is
not available.
l Do one of the following:
n Click the Previous button to return to the Access tab.
n Click the Next button to continue to the Authentication tab.
l Click the Create Network button to make the new network configuration settings take effect
n Click the Cancel button to discard your changes and return to the main Onboard configuration user
interface.
Configuring Device Authentication Settings
Click the Authentication tab to display the Enterprise Authentication form.
1. Select one of these options in the iOS & OS X Credentials drop-down list:
l Certificate A device certificate will be provisioned and used for EAP-TLS client authentication. When this
option is selected, EAP-TLS must be selected on the Protocols tab.
l Username & Password A device certificate will be provisioned, but the client authentication will use unique
device credentials (as for Onboard devices). When this option is selected, EAP-TTLS or PEAP must be
selected on the Protocols tab.
2. The Windows Authentication options that may be selected are:
Dell Networking W-ClearPass Guest 6.0 | Deployment Guide Configuring Device Authentication Settings | 121