Configure the EAP-PEAP MSCHAPv2 machine mode authentication
Prerequisites
If you are using a SCEP certificate, ensure that you have enabled SCEP using Wyse Management Suite and the SCEP certificate is already enrolled. See,
Configure SCEP.
If you are using a CA certificate, ensure that the CA certificate is available for authentication.
Steps
Log in to Wyse Management Suite.
Go to the
Groups & Configs page, and select your preferred device policy group.
Click
Edit Policies > Dell Hybrid Client 2.x.
The
Configuration Control | Dell Hybrid Client 2.x page is displayed.
Click the
Advanced tab.
Expand
Network Configuration, and click
802-1x Authentication.
Click the
Enable 802-1x toggle key to enable the 802-1x authentication for wired connection on the Ethernet 0 port.
From the
Authentication Type drop-down list, select
Protected EAP (PEAP).
From the
Authentication Mode drop-down list, select
Machine.
NOTE:Guest user along with Domain and Local user are supported for PEAP machine mode authentication.
From the
PEAP Version drop-down list, select the PEAP version for authentication—Automatic,
Version 0, or
Version 1.
To use a SCEP certificate, enable the
Use SCEP certificate toggle key and enter the SCEP certificate name. By default Use scep certificate is enabled.
To use a CA certificate, enable the
CA Certificate Required toggle key and enter the CA certificate name.
If the CA certificate is added from the
Privacy & Security > Certificate section, disable
Use SCEP Certificate toggle key and enable
CA Certificate required. Enter that particular CA certificate name.
From the
Inner Authentication drop-down list, select
MSCHAPv2.
Enter the machine password. This password is used to authenticate the device.
Administrator has to set password for targeted computer objects registered in domain and the same password is recommended for single group.
NOTE:If the device is not joined in domain, Administrator has to create computer object manually using the computer name of the machine.
Click
Save & Publish.
Next steps
Log in to the Dell Hybrid Client-powered device as a domain user or local user. The 802.1x launcher is triggered and the 802-1 authentication automatically starts.
If log in is successful, the device gets the IP address from the protected LAN. If log in is unsuccessful, the 802.1x authentication fails and the device remains in the guest LAN.
When you log out or restart, the device will move to guest LAN by sending an EAPOL logoff to switch and disable the 802.1x configuration.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\