Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
121122123124125126127128129130
124 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
Figure 66: EAP_FAST PACs Tab
l To provision a Tunnel PAC on the end-host after initial successful machine authentication, specify the Tunnel
PAC Expire Time (the time until the PAC expires and must be replaced by automatic or manual provisioning)
in hours, days, weeks, months, or years. During authentication, Policy Manager can use the Tunnel PAC shared
secret to create the outer EAP-FAST tunnel.
l To provision a Machine PAC on the end-host after initial successful machine authentication, select the Machine
PAC check box. During authentication, Policy Manager can use the Machine PAC shared secret to create the
outer EAP-FAST tunnel. Specify the Machine PAC Expire Time (the time until the PAC expires and must be
replaced, by automatic or manual provisioning) in hours, days, weeks, months, or years. This can be a long-lived
PAC (specified in months and years).
l To provision an authorization PAC upon successful user authentication, select the Authorization PAC check
box. Authorization PAC results from a prior user authentication and authorization. When presented with a valid
Authorization PAC, Policy Manager skips the inner user authentication handshake within EAP-FAST. Specify
the Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or
manual provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC (specified in
hours, rather than months and years).
l To provision a posture PAC upon successful posture validation, select the Posture PAC check box. Posture PACs
result from prior posture evaluation. When presented with a valid Posture PAC, Policy Manager skips the posture
validation handshake within the EAP-FAST protected tunnel; the prior result is used to ascertain end-host
health. Specify the Authorization PAC Expire Time (the time until the PAC expires and must be replaced, by
automatic or manual provisioning) in hours, days, weeks, months, or years. This is typically a short-lived PAC
(specified in hours, rather than months and years).
PAC Provisioning Tab
The PAC Provisioning tab controls anonymous and authenticated modes: