Ethernet Settings

Ivanti EPMM can configure iOS and macOS devices to allow Ethernet connectivity only through networks defined in configuration policies. This enhances security by ensuring that devices connect solely to trusted Ethernet environments and thereby reducing the risk of unauthorized network access or data interception.

Applicable to:

  • This feature applies to devices running on iOS 17 or supported newer versions.

  • This feature applies to devices running on macOS 13 or supported newer versions.

Configuring Ethernet Settings

Procedure 

  1. Select Policies & Configs > Policies.

  2. Select Add New > Apple > iOS / macOS > Ethernet Settings.

  3. Use the guidelines in the following Ethernet Settings table to complete the New Ethernet Settings dialog box.

  4. 4. Enter the details and click Save.

Table 28.  Ethernet Settings

Item

Description

Name

Enter the name to use to reference this configuration in Ivanti EPMM.

Status

Select the relevant radio button to indicate whether the policy is Active or Inactive.

Only one active policy can be applied to a device.

Priority

Specifies the priority of this policy relative to other custom policies of the same type. This priority determines which policy is applied if more than one policy is available.

Select Higher than or Lower than, then select an existing policy from the drop-down list.

For example, to give Policy 'A' a higher priority than Policy B, you would select “Higher than” and “Policy B”.

Description

Enter an explanation of the purpose of this policy.

User Name

Specify the variable to use as the User Name when establishing the Ethernet connection.

Password

Specify the variable to use and any necessary custom formatting for the Ethernet password. The default variable selected is $PASSWORD$.

Enter additional variables or text in the text box adjacent to the Password field. Entries in this text box are kept hidden and will not be visible to any Ivanti EPMM administrator.

If you specify $PASSWORD$, also enable Save User Password under Settings > System Settings > Users & Devices > Registration.

All variables and text up to the last valid variable will be visible. Anything after the last valid variable will not be visible. The valid variable may appear in either of the password fields.

Apply to Certificates

Configure this field with the CA certificate needed to validate the Identity Certificate presented by the Ethernet Access Point.

It is not the CA certificate needed to validate the Identity Certificate sent to the device in the Ethernet configuration.

Trusted Certificate Names

If you did not specify trusted certificates in the Apply to Certificates list, then enter the names of the authentication servers to be trusted. You can specify a particular server, such as server.mycompany.com or a partial name such as *.mycompany.com.

Hidden Network

Select this option if the SSID is not broadcast.

Allow Trust Exceptions

Select this option to let users decide to trust a server when the chain of trust can’t be established. To avoid these prompts, and to permit connections only to trusted services, turn off this option and upload all necessary certificates.

Use Per-connection Password

Select this option to prompt the user to enter a password each time the device connects to the Ethernet.

Prompt One time password

Select this option to prompt the user to enter a password just once when the device connects to the Ethernet.

Require TLS certificate

Select this option to let the user to enter the password only once when the configuration is pushed to the device. Every connect and disconnect to network, will not request any password.

Auto Join

Specifies whether devices should automatically join the Ethernet network. If this option is not selected, device users must tap the network name on the device to join the network.

Channel Type

The user must select one of the following options:

  • User

  • Device

Max TLS Version

The user must select one of the following maximum TLS versions:

  • 1.0

  • 1.1

  • 1.2

  • 1.3

Min TLS Version

The user must select one of the following minimum TLS versions:

  • 1.0

  • 1.1

  • 1.2

  • 1.3

Ethernet Configuration

Administrator can configure Ethernet Interface in variations. The following payloads are available for configuring Ethernet:

  • Global Ethernet

  • First Active Ethernet

  • Second Active Ethernet

  • Third Active Ethernet

  • First Ethernet

  • Second Ethernet

  • Third Ethernet

EAP Type

You can make multiple authentication protocol selections as follows:

  • EAP-FAST: If you select EAP-FAST, then you also need to specify the Protected Access Credential (PAC).

  • EAP-SIM: If you select EAP-SIM, then you also need to specify the numbers of RANDs.

  • LEAP

  • PEAP

  • TLS: If you select the TLS, then you must specify an Identity Certificate.

  • TTLS: If you select TTLS, then you must also specify the Inner Identity Authentication Protocol. You may optionally specify an Outer Identity.