Configuring eap-fast settings, Configuring pac settings, Pac expiration times – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

336

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 10

Configure an Access Point as a Local Authenticator

Configuring EAP-FAST
Settings

The default settings for EAP-FAST authentication are suitable for most wireless
LANs. However, you can customize the credential timeout values, authority ID,
and server keys to match your network requirements.

Configuring PAC Settings

This section describes how to configure Protected Access Credential (PAC)
settings. The first time that an EAP-FAST client device attempts to authenticate
to the local authenticator, the local authenticator generates a PAC for the client.
You can also generate PACs manually and use the Aironet Client Utility to
import the PAC file.

PAC Expiration Times

You can limit the number of days that PACs are valid and a grace period where
the PACs are valid after they have expired. By default, PACs are valid for 2 days
(one day default period plus one day grace period). You can also apply the
expiration of time and the grace period settings to a group of users.

Use this command to configure the expiration time and grace period for PACs:

AP(config-radsrv-group)# [no] eapfast pac expiry

days [grace days]

Enter a number of days from 2…4095. Enter the

no

form of the command to

reset the expiration time or grace period to infinite days.

In this example, PACs for the user group expire in 100 days with a grace period of
two days:

AP(config-radsrv-group)# eapfast pac expiry 100

grace 2

Generating PACs Manually

The local authenticator automatically generates PACs for EAP-FAST clients that
request them. However, you can generate a PAC manually for some client
devices. When you enter the command, the local authenticator generates a PAC
file and writes it to the network location that you specify. The user imports the
PAC file into the client profile.