Configuring EAP-FAST authentication
EAP-FAST is an authentication method that was developed by Cisco Systems. Similar to PEAP authentication, EAP-FAST
authentication encrypts EAP transactions within a TLS tunnel. Although PEAP uses a server-side digital certificate to
configure the TLS tunnel, EAP-FAST uses a .pac file.
The .pac file that the BlackBerry devices and the authentication server share contains secret keys that are unique to the
BlackBerry devices. The EAP-FAST master key on the authentication server generates the .pac file. EAP-FAST uses
the .pac file to open the TLS tunnel and authenticates the user credentials through the TLS tunnel.
Configure EAP-FAST authentication
1.
Distribute the .pac file to the wireless client over a network connection that is designed to be secure using automatic
PAC provisioning.
2.
Configure each wireless access point to connect to the access control server and a DHCP server.
3.
Verify that the DHCP server can provide the following information to the wireless client:
• IP address or network
• default gateway
• IP address of the DNS server
4.
Configure the access control server.
After you finish:
• For information about the automatic provisioning process, see the documentation for your organization’s
authentication server.
• For information about configuring wireless access points, see the documentation for the access points.
• For information about configuring the access control server, see the documentation for the access control server.
Related information
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager,
252
Creating and configuring Wi-Fi profiles,
235
Administration Guide
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices
259
