In EAP-TLS, there is a setting of username. What is the purpose of it? Will it be used during the authentication? Does it need to be the same as in CA?

EAP-TLS is a tunnel authentication. outer identity: this is the User-Name in the RADIUS packet and visible to all intermediate parties inner identity: this is the actual user identification. It is only visible to the user himself and the Identity Provider The user cert is issued to a user identified by the username, so the username has to be configured so we know which user cert we should be using for the authentication. By default, the username is also used during authentication as the outer identity which gets sent in the identity response packet.