Security / Authentication Support
Parent topic: Authentication Support

EAP Configuration Overview

EAP configuration overview provides the settings required for the controller, authentication server. It also provides the badge properties details required for EAP-TLS, PEAP, and EAP-FAST authentication framework.

Settings EAP-TLS Configuration PEAP Configuration EAP-FAST Configuration
Controller Configuration
Configure Encryption and Authentication 802.1x on the controller Yes Yes Yes
Add Authentication Server IP Yes Yes Yes
Select required “Authentication IP” for the profile Yes Yes Yes
Authentication Server
Install Certificates on the Authentication server Yes Yes Yes
Option to be enabled on the Authentication server EAP-TLS PEAP EAP-Fast
Select Authentication policy “Internal Users Based” No Yes Yes
Select Inner Authentication as MSCHAPv2 or GTC or both. No Yes Yes
Select Anonymous PAC or Authentication PAC provisioning No No Yes
Device Configuration – Badge Properties
V5.AuthenticationType WPA-EAP WPA-EAP WPA-EAP
V5.EAPMethod TLS PEAP FAST
V5.UserName <Provide Username> <Provide Username> <Provide Username>
V5.Password <Provide password> <Provide password>
V5.EnableHigherTLSVer True True -
V5.EnableServerCertValidation - True/False

If the parameter is set to true and you are using external certificate to validate the certificate, then place the certificates in /gen5/badge/data/res/certificates/PEAP/ and set V5.EAPTLSUseExtCert = true, so that badge uses the certificate from correct path and validates the certificate.

Note: To validate Server certificate rootca certificate is required.

 False
V5. EAPTLSUseExtCert True/False
  • True— Enables the device to take the external certificates from a different path. Place the external certificates in /gen5/badge/data/res/certificates/EAP-TLS/. Note: EAP-TLS folders and certificates and will not be available. You must create it to place external certificates.
  • False—Enables the device to access the Vocera manufacturer internal certificate from /gen5/badge/res/certificates/EAP-TLS/vi/.
 True/False
  • True—Enables the device to access the external certificates from a different path. Place the external certificates at /gen5/badge/data/res/certificates/PEAP/
  • False— Enables the device to access the Vocera manufacturer internal certificate from /gen5/badge/res/certificates/PEAP/vi/
 True/False
  • True—Enables the device to access the external certificates from a different path. Place the external certificates at/gen5/badge/data/res/certificates/EAP-Fast
  • False— Enables the device to access the Vocera manufacturer internal certificate from /gen5/badge/res/certificates/ EAP-Fast/vi/
V5.Provisioning - 0 or 1
  • 0—Uses MSCHAPv2 as the inner authentication method for authentication.
  • 0—Uses MSCHAPv2 as the inner authentication method for authentication.
  • 1—Uses GTC as the inner authentication method for authentication.

0/1/2/3

  • 0— Allows manual PAC provisioning to create a manual PAC on the authentication server and the device at g5/badge/data/res/certificate/EAP-Fast/.
  • 1— Allows anonymous PAC provisioning for creating PAC and authentication.
  • 2— Allows authenticates PAC provisioning for creating PAC and authentication.
  • 3—Allows Authenticated and Unauthenticated PAC provisioning.
Parent topic: Authentication Support

This guide last modified: 2025-02-25 08:48.  .   http://www.vocera.com