provisioning and Allow authenticated provisioning are selected by default. Once a PAC is selected from
the Default Server, you can deselect any of these provisioning methods.
2. Default Server: None is selected as the default. Click Select Server to select a PAC from the default PAC
authority server or select a server from the Server group list. The EAP-FAST Default Server (PAC Authority)
selection page opens.
NOTE: Server groups are only listed if you have installed an Administrator Package
that contains EAP-
FAST Authority ID (A-ID) Group settings.
PAC distribution can also be completed manually (out-of-band). Manual provisioning enables you to
create a PAC for a user on an ACS server and then import it into a user's computer. A PAC file can be
protected with a password, which the user needs to enter during a PAC import.
3. To import a PAC:
1. Click Import to import a PAC from the PAC server.
2. Click Open.
3. Enter the PAC password (optional).
4. Click OK closes this page. The selected PAC is used for this wireless profile.
EAP-FAST CCXv4 enables support for the provisioning of other credentials beyond the PAC currently provisioned
for tunnel establishment. The credential types supported include trusted CA certificate, machine credentials for
machine authentication, and temporary user credentials used to bypass user authentication.
Use a certificate (TLS Authentication)
1. Click Use a certificate (TLS Authentication)
2. Click Identity Protection when the tunnel is protected.
3. Select one of the following to obtain a certificate: Use my smart card
, Use the certificate issued to this
computer, or Use a user certificate on this computer.
4. User Name: Enter the user name assigned to the user certificate.
5. Click Next.
Step 2 of 3: EAP-FAST Additional Information
If you selected Use a certificate (TLS Authentication) and Use a user certificate on this computer, click
Next (no roaming identity is required) and proceed to
Step 3 to configure EAP-FAST Server certificate settings. If
you do not need to configure EAP-FAST server settings, click OK to save your settings and return to the Profiles
page.
If you selected to Use my smart card, add the roaming identity, if required. Click OK to save your settings and
return to the Profiles page.
If you did not select Use a certificate (TLS Authentication), click Next to select an Authentication Protocol.
CCXv4 permits additional credentials or TLS cipher suites to establish the tunnel.
Authentication Protocol: Select either
GTC, or MS-CHAP-V2 (Default).
Generic Token Card (GTC)
GTC may be used with Server-Authenticated Mode. This enable peers using other user databases as Lightweight
Directory Access Protocol (LDAP) and one-time password (OTP) technology to be provisioned in-band. However,
the replacement may only be achieved when used with the TLS cipher suites that ensure server authentication.
To configure a one-time password:
1. Authentication Protocol: Select GTC (Generic Token Card).
2. User Credentials: Select Prompt each time I connect.
3. On connection prompt for: Select one of the following:
Name Description
Static Password On connection, enter the user credentials.
IntelĀ® PROSet/Wireless WiFi Connection Utility User's Guide
To Next Page
Loading...
