Configuring 802.1X Authentication Network Settings - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual

Configuring 802.1X Authentication Network Settings

Click the
Use this form to specify the authentication methods required by your network infrastructure.
The Legacy OS X EAP option supports only PEAP with MSCHAPv2.

The Windows EAP option supports only PEAP with MSCHAPv2.

These best practices are recommended when choosing the 802.1X authentication methods to provision:
Configure PEAP with MSCHAPv2 for Onboard devices – Android, Windows, and legacy OS X (10.5/10.6).

Configure EAP-TLS for iOS devices and OS X (10.7 or later).

Other EAP methods, while possible, are limited in their applicability and should only be used if you have

a specific requirement for that method.
The Windows EAP options that may be specified include:
Enable Fast Reconnect – Fast Reconnect is a PEAP property that enables wireless clients to move

between wireless access points on the same network without being re-authenticated each time they
associate with a new access point.
Enable Quarantine Checks – Enable this option to obtain a system statement-of-health (SSoH) from

the OnGuard or Microsoft NAP Agent and send it to the authentication server during the 802.1X
authentication process. Use this option to enforce network access control (NAC) protections on the
network.
Enforce Cryptobinding – Cryptobinding is a process that protects the authentication protocol

negotiation against man-in-the-middle attacks. The cryptobinding request and response performs a two-
way handshake between the peer and the authentication server using key materials.
ClearPass Guest 3.9 | Deployment Guide
Protocols tab to display the Enterprise Protocols form.
Onboard | 99