Operating the MT2070/MT2090 2 - 57
Two radio buttons are added to allow the user to choose a token or static password.
Choose the Token radio button when using the profile in conjunction with a token generator (hardware or software) .
The system administrator should supply the user with a token generator for use wi th EAP-GTC token profiles. A
token generator generates a numeric value that is entered into the pass word field at connect time, usually along
with a PIN. Tokens have a very limited lifetime and usually expire within 60 seconds. The token gene rator is
time-synchronized with a token server. When authenticating, the RADIUS server asks the token ser ver to verify the
token entered. The token server knows what value the token generator generates given the time of day and the
username. Since tokens expire, EAP-GTC token profiles are treated differently. A prompt appears at the
appropriate time to enter a token, even if a token has previously been entered. Tokens are never cached in the
credential cache (though the username that is entered when the token is entere d is cached).
Choose the Static radio button, the Enter Password field is enabl ed and a password can be entered if desired. A
profile that uses an EAP-GTC tunnel type with a static password is handled in the same manner as other profiles
that have credentials that don’t expire.
1. Select the Advanced ID check box, if advanced identification is de sired.
2. Tab t o Next > and press ENT. The prompt for Login at dialog displays. See Credential Cache Options on page
2-58.

Advanced Identity

Use the Advanced ID dialog to enter the 802.1X identity to supply to the au thenticator. This value can be 63
characters long and is case sensitive. In TTLS and PEAP, it is recommended entering the identity an onymous
(rather than a true identity) plus any desired realm (e.g., anonymous@m yrealm). A user ID is required before
proceeding.
Figure 2-69
Advanced Identity Dialog Box
Tab t o Next > and press ENT. The Encryption dialog displays.
NOTE When authenticating with a Microsoft IAS server, do not use advanced identity.