Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
131132133134135136137138139140
Figure 93: EAP_FAST PACs Tab
To provision a Tunnel PAC on the end-host after initial successful machine authentication, specify the Tunnel PAC
Expire Time (the time until the PAC expires and must be replaced by automatic or manual provisioning) in hours,
days, weeks, months, or years. During authentication, Policy Manager can use the Tunnel PAC shared secret to create
the outer EAP-FAST tunnel.
To provision a Machine PAC on the end-host after initial successful machine authentication, select the Machine PAC
check box. During authentication, Policy Manager can use the Machine PAC shared secret to create the outer EAP-
FAST tunnel. Specify the Machine PAC Expire Time (the time until the PAC expires and must be replaced, by
automatic or manual provisioning) in hours, days, weeks, months, or years. This can be a long-lived PAC (specified in
months and years).
To provision an authorization PAC upon successful user authentication, select the Authorization PAC check box.
Authorization PAC results from a prior user authentication and authorization. After presentation with a valid
Authorization PAC, Policy Manager skips the inner user authentication handshake within EAP-FAST. Specify the
Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or manual
provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC (specified in hours, rather
than months and years).
To provision a posture PAC upon successful posture validation, select the Posture PAC check box. Posture PACs
result from prior posture evaluation. When presented with a valid Posture PAC, Policy Manager skips the posture
validation handshake within the EAP-FAST protected tunnel; the prior result is used to ascertain end-host health.
Specify the Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or
manual provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC (specified in hours,
rather than months and years).
PAC Provisioning tab
The PAC Provisioning tab controls anonymous and authenticated modes:
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Authentication and Authorization | 139