Manualshelf

User's Manual

ManualsBrandsIntel Mobile Communications ManualsElectronicsComputer Peripheral
919293949596979899100
the-Middle attacks by verifying the server’s authenticity before exchanging
MSCHAPv2. Therefore, Server-Authenticated Mode is preferred whenever it is
possible. EAP-FAST peer must use Server-Authenticated Mode whenever a certificate
or public key is available to authenticate the server and ensure the best security
practices.
Provisioning of Protected Access Credentials (PAC):
EAP-FAST uses a PAC key to protect the user credentials that are exchanged. All EAP-FAST
authenticators are identified by an authority identity (A-ID). The local authenticator sends its
AID to an authenticating client, and the client checks its database for a matching AID. If the
client does not recognize the AID, it requests a new PAC.
NOTE: If the provisioned Protected Access Credential (PAC) is valid, Intel(R)
PROSet/Wireless does not prompt the user for acceptance of the PAC. If the PAC is
invalid, Intel PROSet/Wireless fails the provisioning automatically. A status message
is displayed in the
Wireless Event Viewer that an administrator can review on the
user's computer.
1. Verify that Disable EAP-FAST Enhancements (CCXv4) is not selected. Allow
unauthenticated provisioning and Allow authenticated provisioning are selected
by default. Once a PAC is selected from the Default Server, you can deselect any of these
provisioning methods.
2. Default Server: None is selected as the default. Click Select Server to select a PAC
from the default PAC authority server or select a server from the Server group list. The
EAP-FAST Default Server (PAC Authority) selection page opens.
NOTE: Server groups are only listed if you have installed an
Administrator Package
that contains EAP-FAST Authority ID (A-ID) Group settings.
PAC distribution can also be completed manually (out-of-band). Manual provisioning enables
you to create a PAC for a user on an ACS server and then import it into a user's computer. A
PAC file can be protected with a password, which the user needs to enter during a PAC import.
To import a PAC:
1. Click Import to import a PAC from the PAC server.
2. Click Open.
3. Enter the PAC password. (Optional)
4. Click OK closes this page. The selected PAC is used for this wireless profile.
EAP-FAST CCXv4 enables support for the provisioning of other credentials beyond the PAC
currently provisioned for tunnel establishment. The credential types supported include trusted
CA certificate, machine credentials for machine authentication, and temporary user credentials
used to bypass user authentication.
Use a certificate (TLS Authentication)
1. Click Use a certificate (TLS Authentication)