Users Guide
142 | Authentication and Authorization Dell Networking W-ClearPass Policy Manager 6.3 |User Guide
Figure 94: EAP_FAST PAC Provisioning tab
Parameter Description Considerations
Allow
Anonymous
Mode
When in anonymous mode,
phase 0
of EAP_
FAST provisioning establishes an outer tunnel
without end-host/Policy Manager authentication
(not as secure as the authenticated mode).
After the tunnel is established, end-host and
Policy Manager perform mutual authentication
using MSCHAPv2, then Policy Manager
provisions the end-host with an appropriate
PAC (tunnel or machine).
Authenticated mode is more secure
than anonymous provisioning mode.
After the server is authenticated, the
phase 0 tunnel is established, the
end-host and Policy Manager
perform mutual authentication, and
Policy Manager provisions the end-
host with an appropriate PAC (tunnel
or machine):
l If both anonymous and
authenticated provisioning
modes are enabled, and the end-
host sends a cipher suite that
supports server authentication,
Policy Manager picks the
authenticated provisioning mode.
l Otherwise, if the appropriate
cipher suite is supported by the
end-host, Policy Manager
performs anonymous
provisioning.
Allow
Authenticated
Mode
Enable to allow authenticated mode
provisioning. When in Allow Authenticated
Mode
phase 0
, Policy Manager establishes the
outer tunnel inside of a server-authenticated
tunnel. The end-host authenticates the server
by validating the Policy Manager certificate.
Table 52:
EAP_FAST PAC Provisioning tab Parameters