Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

151

152

153

154

155

156

157

158

159

160

Parameter Description

Tunnel PAC Expire Time Specify Tunnel PAC Expire Time (the time until the PAC expires and

must be replaced by automatic or manual provisioning) in hours, days,

weeks, months, or years. To provision a Tunnel PAC on the end-host

after initial successful machine authentication, Policy Manager can

use the Tunnel PAC shared secret to create the outer EAP-FAST tunnel

during authentication.

Machine PAC Expire Time Select the Machine PAC check box to provision a Machine PAC on the

end-host after initial successful machine authentication. During

authentication, Policy Manager can use the Machine PAC shared

secret to create the outer EAP-FAST tunnel. Specify the Machine PAC

Expire Time (the time until the PAC expires and must be replaced by

automatic or manual provisioning) in hours, days, weeks, months, or

years. This can be a long-lived PAC (specified in months and years).

Authorization PAC Expire

Time

Select the Authorization PAC check box to provision an authorization

PAC upon successful user authentication. Authorization PAC results

from a prior user authentication and authorization. When presented

with a valid Authorization PAC, Policy Manager skips the inner user

authentication handshake within EAP-FAST. Specify the Authorization

PAC Expire Time (the time until the PAC expires and must be

replaced by automatic or manual provisioning) in hours, days, weeks,

months, or years. This is typically a short-lived PAC (specified in

hours).

Posture PAC Expire Time Select the Posture PAC check box to provision a posture PAC upon

successful posture validation. Posture PACs result from prior posture

evaluation. When presented with a valid Posture PAC, Policy Manager

skips the posture validation handshake within the EAP-FAST protected

tunnel; the prior result is used to ascertain end-host health. Specify

Posture PAC Expire Time (the time until the PAC expires and must

be replaced, by automatic or manual provisioning) in hours, days,

weeks, months, or years. This is typically a short-lived PAC (specified in

hours).

Table 66:

EAP-FAST PACs tab Parameters

PAC Provisioning tab

The PAC Provisioning tab controls anonymous and authenticated modes. The following figure shows an

example of the EAP-FAST PAC - Provisioning tab followed by parameter definition:

Dell Networking W-ClearPass Policy Manager 6.4 | User Guide Authentication and Authorization | 139