Motorola MT2070 Benutzerhandbuch
Operating the MT2070/MT2090 2 - 57
Two radio buttons are added to allow the user to choose a token or static password.
Choose the Token radio button when using the profile in conjunction with a token generator (hardware or software).
The system administrator should supply the user with a token generator for use with EAP-GTC token profiles. A
token generator generates a numeric value that is entered into the password field at connect time, usually along
with a PIN. Tokens have a very limited lifetime and usually expire within 60 seconds. The token generator is
time-synchronized with a token server. When authenticating, the RADIUS server asks the token server to verify the
token entered. The token server knows what value the token generator generates given the time of day and the
username. Since tokens expire, EAP-GTC token profiles are treated differently. A prompt appears at the
appropriate time to enter a token, even if a token has previously been entered. Tokens are never cached in the
credential cache (though the username that is entered when the token is entered is cached).
The system administrator should supply the user with a token generator for use with EAP-GTC token profiles. A
token generator generates a numeric value that is entered into the password field at connect time, usually along
with a PIN. Tokens have a very limited lifetime and usually expire within 60 seconds. The token generator is
time-synchronized with a token server. When authenticating, the RADIUS server asks the token server to verify the
token entered. The token server knows what value the token generator generates given the time of day and the
username. Since tokens expire, EAP-GTC token profiles are treated differently. A prompt appears at the
appropriate time to enter a token, even if a token has previously been entered. Tokens are never cached in the
credential cache (though the username that is entered when the token is entered is cached).
Choose the Static radio button, the Enter Password field is enabled and a password can be entered if desired. A
profile that uses an EAP-GTC tunnel type with a static password is handled in the same manner as other profiles
that have credentials that don’t expire.
profile that uses an EAP-GTC tunnel type with a static password is handled in the same manner as other profiles
that have credentials that don’t expire.
1.
Select the Advanced ID check box, if advanced identification is desired.
2.
Tab to Next > and press ENT. The prompt for Login at dialog displays. See
.
Advanced Identity
Use the Advanced ID dialog to enter the 802.1X identity to supply to the authenticator. This value can be 63
characters long and is case sensitive. In TTLS and PEAP, it is recommended entering the identity anonymous
(rather than a true identity) plus any desired realm (e.g., anonymous@myrealm). A user ID is required before
proceeding.
characters long and is case sensitive. In TTLS and PEAP, it is recommended entering the identity anonymous
(rather than a true identity) plus any desired realm (e.g., anonymous@myrealm). A user ID is required before
proceeding.
Figure 2-69
Advanced Identity Dialog Box
Tab to Next > and press ENT. The Encryption dialog displays.
NOTE
When authenticating with a Microsoft IAS server, do not use advanced identity.