Authentication Support / Configuring EAP-FAST Authentication
Parent topic: Configuring EAP-FAST Authentication

EAP-FAST Stateless Session Resume

EAP-FAST stateless session resume is an important component that allows Tunnel PAC usage. It allows TLS tunnel renegotiation without the usage of certificates.

When you are using EAP-FAST authentication, an additional option called Allow Stateless Session Resume interacts with fast reconnects. Ensure that this option is selected, and specify a value for the Authorization PAC Time to Live (TTL) property. The Authorization PAC TTL value (in minutes or hours) sets the time after which the user authorization PAC expires. When ACS or ISE receives an expired authorization PAC, the stateless session cannot resume and phase two EAP-FAST authentication is performed. Therefore, you should set the Authorization PAC TTL property to a value that does not trigger a full authentication over the duration of a typical shift.

Parent topic: Configuring EAP-FAST Authentication

This guide last modified: 2019-02-11 01:38.  .   http://www.vocera.com