Cisco Secure Services Client Administrator Guide, Release 4.1 - SSC Admin Guide Appendix XML Examples [Cisco Secure Services Client]

Following are examples of valid .xml distribution package files from typical enterprise environments.

Note In all of the examples, the license string is functionally invalid. Replace with one appropriate to your application.

•Example B-1—Illustrates only the base elements of a distribution package. No networks are defined in this example. (Use Example B-1.)

•Example B-2—illustrates the addition of minimal, nonauthenticating, open Wi-Fi and wired networks. (Use Example B-2.)

•Example B-3—Illustrates a nonauthenticating, WPA personal Wi-Fi network with the following properties:

–user connection context

–WPA-Personal association with TKIP encryption

Such a network would be applicable to any corporate-supplied home equipment (where you configure the key) that your end-user might have for connecting to your enterprise network remotely. (Use Example B-3.)

Note Any of the following authenticating Wi-Fi network definitions can be extracted and used in a wired authenticating network by removing the associationMode element. Extract the following:

<authenticationNetwork>
Retain otherwise: .....
Remove this: <associationMode>...</associationMode>
</authenticationNetwork>

•Example B-4—Illustrates an authenticating Wi-Fi network with the following properties:

–machine/user connection context

–user password credentials obtained from an initial, one-time prompt
machine password obtained automatically from the MS Active Directory setup

–single, tunneled EAP method

–server validation based on release 4.0 current functionality

(Use Example B-4.)

•Example B-5—Illustrates an authenticating Wi-Fi network with the following properties:

–machine/user connection context

–user password credentials obtained from the operating system (single-signon)
machine credential obtained automatically from the MS Active Directory setup

–multiple, tunneled EAP methods

–server validation based on multiple authentication server rules and new release 4.1 CA certificate deployment support

(Use Example B-5.)

•Example B-6—Illustrates an authenticating, Wi-Fi network with the following properties:

–Novell domain compatible network

–user connection context

–user password credentials obtained from the OS (single-signon)

–single, tunneled EAP method

–server validation based on release 4.0 current functionality

(Use Example B-6.)

•Example B-7—Illustrates an authenticating, Wi-Fi network with the following properties:

–machine connection context

–machine credentials obtained from new release 4.1 static credential support

–single, tunneled EAP method

–server validation based on release 4.0 current functionality

(Use Example B-7.)

•Example B-8—Illustrates an authenticating, Wi-Fi network with the following properties:

–user connection context

–user client certificate credentials obtained from a smartcard

–TLS EAP method

–server validation based on release 4.0 current functionality

(Use Example B-8.)

•Example B-9—Illustrates an authenticating Wi-Fi network with the following properties:

–user connection context

–user password credentials obtained from an initial, one-time prompt

–single, tunneled EAP method

–server validation based on release 4.0 current functionality

(Use Example B-9.)

•Example B-10—Illustrates an authenticating Wi-Fi network with the following properties:

–user connection context

–user password credentials obtained from new release 4.1 static credential support

–FAST EAP method with new release 4.1 manual PAC provisioning support
(Cisco ACS server configured for no autonomous PAC provisioning.)

–server validation based on associated PAC rule

(Use Example B-10.)

•Example B-11—Illustrates a wired-only version with the following properties:

–preset end-user version

–authenticating network only

–machine and user connection context

–FAST EAP method only

–no server validation

(Use Example B-11.)

Example B-1

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-2

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wiredNetwork>

            <displayName>My Corporate Wired Network</displayName>

            <openNetworkMachineConnection/>

        </wiredNetwork>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <openNetworkUserConnection>

                <autoConnect>true</autoConnect>

            </openNetworkUserConnection>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-3

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <sharedKeyNetwork>

                <userConnection>

                    <keySettings>

                        <wpa>

                            <key>

                                <ascii encrypt="true">mySecret</ascii>

                            </key>

                            <encryption>TKIP</encryption>

                        </wpa>

                    </keySettings>

                    <autoConnect>true</autoConnect>

                </userConnection>

            </sharedKeyNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-4

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

                            <auto/>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </machine>

                    <user>

                        <autoConnect>true</autoConnect>

                        <collectionMethod>

                            <prompt>

                                <credentialsStorage>

                                    <forever/>

                                </credentialsStorage>

                            </prompt>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </user>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </machineUserAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-5

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

                            <auto/>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </machine>

                    <user>

                        <autoConnect>true</autoConnect>

                        <collectionMethod>

                            <singleSignOn/>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </user>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                        <eapPeap>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>false</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapPeap>

                    </eapMethods>

                </machineUserAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                        <matchSubjectAlternativeName name="Cert Rule 3" 
match="endsWith">myCorp2.net</matchSubjectAlternativeName>

                    </validationRules>

                    <trustedRootCACerts>

                        <certificate>

                            <caReference>E:\path\CaCertFile</caReference>

                        </certificate>

                    </trustedRootCACerts>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-6

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>true</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

                        <singleSignOn/>

                    </collectionMethod>

                    <useAnonymousId>true</useAnonymousId>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-7

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <machineAuthentication>

                    <collectionMethod>

                        <static/>

                    </collectionMethod>

                    <useAnonymousId>true</useAnonymousId>

                    <staticIdentity encrypt="true">machineName</staticIdentity>

                    <staticPassword encrypt="true">machineSecret</staticPassword>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </machineAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-8

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

                        <prompt>

                            <credentialsStorage>

                                <logonSession/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <useAnonymousId>false</useAnonymousId>

                    <eapMethods>

                        <eapTls>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <certificateSource>

                                <smartCardOnlyCertificate/>

                            </certificateSource>

                        </eapTls>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-9

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

                        <prompt>

                            <credentialsStorage>

                                <forever/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <useAnonymousId>true</useAnonymousId>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

                    <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-10

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <authenticationNetwork>

                <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

                        <static/>

                    </collectionMethod>

                    <useAnonymousId>true</useAnonymousId>

                    <staticIdentity encrypt="true">userName</staticIdentity>

                    <staticPassword encrypt="true">userSecret</staticPassword>

                    <pacs>

                        <pac>

                            <pacReference encrypt="true">E:\path\pacFile</pacReference>

                            <secretKey encrypt="true">pacPassword</secretKey>

                        </pac>

                    </pacs>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

                    <trustedServerIds>

                        <trustedServerId name="PAC AID Rule 1">

                            <reference>

                                <aIdReference>E:\path\pacRefFile</aIdReference>

                                <secretKey>1234</secretKey>

                            </reference>

                        </trustedServerId>

                    </trustedServerIds>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-11

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes></allowedAssociationModes>

        <allowedEapMethods>

            <eapFast/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <allowUserValidationControl/>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

    </networkPolicy>

    <networks>

        <wiredNetwork>

            <displayName>My Corporate Wired Network</displayName>

            <authenticationNetwork>

                <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

                            <auto/>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </machine>

                    <user>

                        <autoConnect>true</autoConnect>

                        <collectionMethod>

                            <singleSignOn/>

                        </collectionMethod>

                        <useAnonymousId>true</useAnonymousId>

                    </user>

                    <eapMethods>

                        <eapFast>

                            <validateServerIdentity>false</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapGtc/>

                                <eapMschapv2/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </machineUserAuthentication>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                </authenticationNetwork>

            </wiredNetwork>

    </networks>

    <connectionSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>false</validateWpaHandshake>

    </connectionSettings>

    <userControlPolicy>

        <clientUIType>preset</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

	Cisco Secure Services Client Administrator Guide, Release 4.1
	SSC Admin Guide Appendix XML Examples
Cisco Secure Services Client Administrator Guide, Release 4.1 SSC Admin Guide Preface SSC Admin Guide Distribution Package chapter SSC Admin Guide Schema chapter SSC Admin Guide Appendix Network Flow Diagram SSC Admin Guide Appendix XML Examples SSC Admin Guide Appendix Verify Errors	Download this chapter SSC Admin Guide Appendix XML Examples Download the complete book SSC Administrator Guide, Release 4.1 - full length book (PDF - 5 MB) Feedback Table Of Contents Distribution Package Examples Distribution Package Examples Following are examples of valid .xml distribution package files from typical enterprise environments. Note In all of the examples, the license string is functionally invalid. Replace with one appropriate to your application. •Example B-1—Illustrates only the base elements of a distribution package. No networks are defined in this example. (Use Example B-1.) •Example B-2—illustrates the addition of minimal, nonauthenticating, open Wi-Fi and wired networks. (Use Example B-2.) •Example B-3—Illustrates a nonauthenticating, WPA personal Wi-Fi network with the following properties: –user connection context –WPA-Personal association with TKIP encryption Such a network would be applicable to any corporate-supplied home equipment (where you configure the key) that your end-user might have for connecting to your enterprise network remotely. (Use Example B-3.) Note Any of the following authenticating Wi-Fi network definitions can be extracted and used in a wired authenticating network by removing the associationMode element. Extract the following: <authenticationNetwork> Retain otherwise: ..... Remove this: <associationMode>...</associationMode> </authenticationNetwork> •Example B-4—Illustrates an authenticating Wi-Fi network with the following properties: –machine/user connection context –user password credentials obtained from an initial, one-time prompt machine password obtained automatically from the MS Active Directory setup –single, tunneled EAP method –server validation based on release 4.0 current functionality (Use Example B-4.) •Example B-5—Illustrates an authenticating Wi-Fi network with the following properties: –machine/user connection context –user password credentials obtained from the operating system (single-signon) machine credential obtained automatically from the MS Active Directory setup –multiple, tunneled EAP methods –server validation based on multiple authentication server rules and new release 4.1 CA certificate deployment support (Use Example B-5.) •Example B-6—Illustrates an authenticating, Wi-Fi network with the following properties: –Novell domain compatible network –user connection context –user password credentials obtained from the OS (single-signon) –single, tunneled EAP method –server validation based on release 4.0 current functionality (Use Example B-6.) •Example B-7—Illustrates an authenticating, Wi-Fi network with the following properties: –machine connection context –machine credentials obtained from new release 4.1 static credential support –single, tunneled EAP method –server validation based on release 4.0 current functionality (Use Example B-7.) •Example B-8—Illustrates an authenticating, Wi-Fi network with the following properties: –user connection context –user client certificate credentials obtained from a smartcard –TLS EAP method –server validation based on release 4.0 current functionality (Use Example B-8.) •Example B-9—Illustrates an authenticating Wi-Fi network with the following properties: –user connection context –user password credentials obtained from an initial, one-time prompt –single, tunneled EAP method –server validation based on release 4.0 current functionality (Use Example B-9.) •Example B-10—Illustrates an authenticating Wi-Fi network with the following properties: –user connection context –user password credentials obtained from new release 4.1 static credential support –FAST EAP method with new release 4.1 manual PAC provisioning support (Cisco ACS server configured for no autonomous PAC provisioning.) –server validation based on associated PAC rule (Use Example B-10.) •Example B-11—Illustrates a wired-only version with the following properties: –preset end-user version –authenticating network only –machine and user connection context –FAST EAP method only –no server validation (Use Example B-11.) Example B-1 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-2 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wiredNetwork> <displayName>My Corporate Wired Network</displayName> <openNetworkMachineConnection/> </wiredNetwork> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <openNetworkUserConnection> <autoConnect>true</autoConnect> </openNetworkUserConnection> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-3 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <sharedKeyNetwork> <userConnection> <keySettings> <wpa> <key> <ascii encrypt="true">mySecret</ascii> </key> <encryption>TKIP</encryption> </wpa> </keySettings> <autoConnect>true</autoConnect> </userConnection> </sharedKeyNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-4 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <machineUserAuthentication> <machine> <collectionMethod> <auto/> </collectionMethod> <useAnonymousId>true</useAnonymousId> </machine> <user> <autoConnect>true</autoConnect> <collectionMethod> <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <useAnonymousId>true</useAnonymousId> </user> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </machineUserAuthentication> <serverValidation> <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-5 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <machineUserAuthentication> <machine> <collectionMethod> <auto/> </collectionMethod> <useAnonymousId>true</useAnonymousId> </machine> <user> <autoConnect>true</autoConnect> <collectionMethod> <singleSignOn/> </collectionMethod> <useAnonymousId>true</useAnonymousId> </user> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> <eapPeap> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>false</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapPeap> </eapMethods> </machineUserAuthentication> <serverValidation> <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> <matchSubjectAlternativeName name="Cert Rule 3" match="endsWith">myCorp2.net</matchSubjectAlternativeName> </validationRules> <trustedRootCACerts> <certificate> <caReference>E:\path\CaCertFile</caReference> </certificate> </trustedRootCACerts> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-6 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <userAuthentication> <autoConnect> <connectBeforeLogon>true</connectBeforeLogon> </autoConnect> <collectionMethod> <singleSignOn/> </collectionMethod> <useAnonymousId>true</useAnonymousId> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-7 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <machineAuthentication> <collectionMethod> <static/> </collectionMethod> <useAnonymousId>true</useAnonymousId> <staticIdentity encrypt="true">machineName</staticIdentity> <staticPassword encrypt="true">machineSecret</staticPassword> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </machineAuthentication> <serverValidation> <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-8 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> <prompt> <credentialsStorage> <logonSession/> </credentialsStorage> </prompt> </collectionMethod> <useAnonymousId>false</useAnonymousId> <eapMethods> <eapTls> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <certificateSource> <smartCardOnlyCertificate/> </certificateSource> </eapTls> </eapMethods> </userAuthentication> <serverValidation> <validationRules> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-9 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <useAnonymousId>true</useAnonymousId> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-10 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <authenticationNetwork> <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> <static/> </collectionMethod> <useAnonymousId>true</useAnonymousId> <staticIdentity encrypt="true">userName</staticIdentity> <staticPassword encrypt="true">userSecret</staticPassword> <pacs> <pac> <pacReference encrypt="true">E:\path\pacFile</pacReference> <secretKey encrypt="true">pacPassword</secretKey> </pac> </pacs> <eapMethods> <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> <trustedServerIds> <trustedServerId name="PAC AID Rule 1"> <reference> <aIdReference>E:\path\pacRefFile</aIdReference> <secretKey>1234</secretKey> </reference> </trustedServerId> </trustedServerIds> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-11 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" minor_version="1" major_version="4"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes></allowedAssociationModes> <allowedEapMethods> <eapFast/> </allowedEapMethods> <serverValidationPolicy> <allowUserValidationControl/> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> </networkPolicy> <networks> <wiredNetwork> <displayName>My Corporate Wired Network</displayName> <authenticationNetwork> <machineUserAuthentication> <machine> <collectionMethod> <auto/> </collectionMethod> <useAnonymousId>true</useAnonymousId> </machine> <user> <autoConnect>true</autoConnect> <collectionMethod> <singleSignOn/> </collectionMethod> <useAnonymousId>true</useAnonymousId> </user> <eapMethods> <eapFast> <validateServerIdentity>false</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapGtc/> <eapMschapv2/> </innerEapMethods> </eapFast> </eapMethods> </machineUserAuthentication> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> </authenticationNetwork> </wiredNetwork> </networks> <connectionSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>false</validateWpaHandshake> </connectionSettings> <userControlPolicy> <clientUIType>preset</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> </allowedMedia> </userControlPolicy> </configuration>
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks

Table Of Contents

Distribution Package Examples

Example B-1

Example B-2

Example B-3

Example B-4

Example B-5

Example B-6

Example B-7

Example B-8

Example B-9

Example B-10

Example B-11