Cisco Systems PI21AG, CB21AG PAC box and the Validate Server Certificate box at the same time

Page 62
(PAC) box and the Validate Server Certificate box at the same time.

Chapter 3 Configuring EAP Types

Configuring EAP-FAST

Table 3-1

Connection Settings (continued)

 

 

Connection Settings

Description

 

 

Validate server certificate

Check this box to use an authenticated server certificate to establish

 

 

a tunnel. You can check both the Use Protected Access Credentials

 

 

(PAC) box and the Validate Server Certificate box at the same time.

 

 

If both are checked, you can select one or more Trusted Root CA

 

 

certificates from the list of trusted Certificate Authority certificates

 

 

that are installed on the host system.

 

 

The EAP-FAST module always tries to use the PAC first if both check

 

 

boxes are checked. The module uses the server certifcate if the PAC

 

 

is missing or rejected by the server.

 

 

If both check boxes are unchecked, EAP-FAST functions as PEAP

 

 

does without validating server certificate. We do not recommend

 

 

leaving both boxes unchecked because the module bypasses

 

 

fundamental trust validation.

 

 

Default: Off

 

 

Connect to only these servers

Check this box to enter an optional server name that must match the

 

 

server certificate that is presented by the server. You can enter

 

 

multiple server names; separate multiple server names with

 

 

semicolons. The EAP-FAST module only allows connections to

 

 

continue without prompting if the subject field (CN) in the server

 

 

certificate matches the server names that you enter in this field.

 

 

Default: Off

 

 

Note You can use an asterisk (*) as a wildcard character in server

 

 

names only if the asterisk appears before the first period (.) in

 

 

the name.domain.com format. For example, “*.cisco.com”

 

 

matches any server name that ends with “.cisco.com.” If you

 

 

put an asterisk anywhere else in the server name, it is not

 

 

treated as a wildcard character.

 

 

Trusted Root CA

Select one of more Trusted Root CA certificates from the list of

 

 

certificates that are installed on the system. Only trusted CA

 

 

certificates that are installed on the host system are displayed in the

 

 

drop-down list.

 

 

To view details about the selected Trusted Root CA certificate,

 

 

double-click the certificate name. Double-clicking the certificate

 

 

name opens the Windows certificate property screen, where

 

 

certificate details are available.

 

 

Default: None

 

 

Do not prompt user to authorize

Check this box if you do not want the user to be prompted to authorize

new servers or trusted

a connection when the server name does not match or the server

certificate authorities.

certificate is not signed by one of the Trusted Root CA certiticates

 

 

that was selected. If this box is checked, the authentication fails.

 

 

Default: Off

 

 

 

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

3-8

OL-16534-01

 

 

Page 61 Page 63
Image 62
Page 61 Page 63
Contents Cisco Systems, Inc 170 West Tasman Drive San Jose, CA Software ReleaseAmericas Headquarters 800 553-NETS Fax 408Turn the television or radio antenna until the interference stops FCC Safety Compliance Statement Network Configurations Using Client AdaptersAd Hoc Wireless LAN PrefaceObtaining Client Adapter Software Advanced Roaming SettingTwo-Phase Tunneled Authentication Inserting the CardConfiguring and Starting Logging Accessing LEAP Properties for ConfigurationConfiguring LEAP Finding the Version of the LEAP ModuleEAP Messages A-1 Creating Strong Passwords A-9Antenna Installation Warning English Translation D-7Chinese Translation ChannelsAcknowledgments and Licensing F-1 English Translationviii OL-16534-01Purpose PrefaceAudience Audience, page Purpose, page Organization, page Conventions, pageOrganization ConventionsVaroitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Related Publications Obtaining Documentation, Obtaining Support, and Security GuidelinesSafety information, page Unpacking the Client Adapter, page Product Overview and InstallationNetwork Configurations Using Client Adapters, page Installing the Client Adapter Driver and Software, pagePC-Cardbus Introduction to the Client AdaptersTerminology cardRadio Antenna Hardware ComponentsRadio LEDsSoftware Components Network Configurations Using Client AdaptersAd Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LAN Figure 1-1 Ad Hoc Wireless LANSafety Guidelines Safety informationFCC Safety Compliance Statement Unpacking the Client Adapter Warningshttp//support.microsoft.com/kb/932063 Package ContentsSystem Requirements http//support.microsoft.com/kb/935222For Client Devices Site RequirementsFor Infrastructure Devices 1-10 Inserting the Client AdapterInserting a PC-Cardbus Card Insert the card see the “Inserting the Card” section on page Inserting a PCI CardChanging the Bracket Assemble the antenna see the “Assembling the Antenna” section on pageInserting the Card 1-12Assembling the Antenna 1-13Mounting the Antenna 1-141-15 Step 1 Perform one of the following1-16 Step 8 If the Found New Hardware Wizard window appears, click CancelObtaining Client Adapter Software Step 5 Click Wireless SoftwareStep 7 Click Cisco Aironet Wireless LAN Client Adapters Step 6 Click Client Adapters and Client SoftwareInstalling the Client Adapter Driver and Software 1-18Hardware Insertion 1-19Figure 1-11 Cisco Aironet Installation Program Window 1-20 Figure 1-13 Cisco Aironet Installation Program-Setup Status Window1-21 Step 8 Click Finish1-22 Accessing Microsoft Vista Network and Sharing Center, page Configuring Wireless ProfilesOverview of Wireless Profiles, page Creating a New Profile and Configuring Basic Settings, pageOverview of Wireless Profiles Accessing Microsoft Vista Network and Sharing CenterCreating a New Profile and Configuring Basic Settings Cisco Aironet 802.11a/b/g Wireless Adapter see Figure OL-16534-01 Step 7 In this dialog box, enter information for the wireless network that you want to add.Table 2-1 lists and describes general settings for the profile. Follow the instructions in the table to configure these settings What to Enter Encryption Types” section on pageSetting Profile Management General Settings continued Chapter 3, “Configuring EAP Types.” The enterprise network EAPand Encryption Types” section on page Setting WPA and WPA2 Security and Encryption TypesWEP Shared Security with Static WEP Keys 2-10802.1X with Dynamic WEP Keys 2-112-12 Accessing a Profile That Was Created PreviouslyCCKM Fast Secure Roaming Figure 2-7 Network and Sharing Center Window Viewing and Changing the Settings of a Profile2-13 2-14 Figure 2-8 Wireless Network properties Dialog Box-Connection Tabpage 2-18 and the “Advanced Roaming Setting” section on page is available, Choose Control Panel Manage Wireless NetworksSettings dialog box. See the “Radio Measurement” section on in Table 2-1 on page2-16 Figure 2-9 Wireless Network properties Dialog Box-Security Tab2-17 Radio Measurement 2-18Advanced Roaming Setting 2-192-20 How LEAP Works, page Configuring LEAP, page Configuring EAP TypesConfiguring EAP-FAST, page Overview of LEAP, page Configuring PEAP-GTC, pageProtected Access Credentials, page Two-Phase Tunneled AuthenticationTwo-Phase Tunneled Authentication, page How EAP-FAST WorksProtected Access Credentials Server Certificate ValidationAccessing EAP-FAST Properties for Configuration, page Configuring EAP-FASTAccessing EAP-FAST Properties for Configuration Configuring EAP-FAST Settings in the Connection Tab, page Configuring EAP-FAST Settings in the Connection Tab Default On Default anonymousDefault Enabled Default OnDefault None Use Protected AccessDefault Off PAC box and the Validate Server Certificate box at the same timeClient Certificates Usernames and PasswordsOverview of the User Credentials Tab Figure 3-3 User Credentials Tab in EAP-FAST Properties Window Configuring EAP-FAST Settings in the User Credentials Tab3-10 3-11 information about OTP, see the “Understanding PIN Mode and TokenMode with OTP” section on page Figure 3-4 New PIN Prompt Window Understanding PIN Mode and Token Mode with OTP3-12 Figure 3-5 Next Token Prompt WindowConfiguring EAP-FAST Settings in the Authentication Tab 3-13Figure 3-6 Authentication Tab in EAP-FAST Properties Window 3-14Table 3-3 lists and describes options for authentication 3-15 Default Disableda certificate on this computer radio button in the User Select an authenticationFigure 3-7 About Tab in EAP-FAST Properties Window Finding the Version of the EAP-FAST Module3-16 3-17 Overview of LEAPHow LEAP Works Accessing LEAP Properties for Configuration, page Configuring LEAPAccessing LEAP Properties for Configuration Configuring LEAP Settings in the Network Credentials Tab, pageFigure 3-8 Wireless Network Properties Window Configuring LEAP Settings in the Network Credentials Tab3-19 Table 3-4 LEAP Network Credentials Settings 3-20Settings LEAP Network Credentials3-21 Overview of PEAP-GTCFinding the Version of the LEAP Module How PEAP-GTC Works 3-22Accessing PEAP-GTC Properties for Configuration, page Configuring PEAP-GTCAccessing PEAP-GTC Properties for Configuration Configuring PEAP-GTC Settings in the Connection Tab, page3-24 Figure 3-10 Wireless Network Properties WindowFigure 3-11 Connection Tab in PEAP-GTC Properties Window Configuring PEAP-GTC Settings in the Connection Tab3-25 prompt user to authorize new servers or trusted certificate Default anonymousIf the Validate server certificate box is checked and the Do not If the Validate server certificate box is checked but the Do notConfiguring PEAP-GTC Settings in the User Credentials Tab 3-27and Token Mode with OTP” section on page Default Offpassword option which is the case for the Prompt automatically for username andFigure 3-13 New PIN Prompt Window 3-29PEAP-GTC User Credentials Options continued 3-30 Understanding PEAP-GTC AuthenticationFinding the Version of the PEAP-GTC Module Figure 3-14 Next Token Prompt WindowThe EAP-FAST XML Schema, page The PEAP-GTC XML Schema, page Performing Administrative TasksUsing Microsoft Tools to Perform Administrative Tasks, page The LEAP XML Schema, page Logging for EAP Modules, pageAdding a Group Policy Object Editor Using Microsoft Tools to Perform Administrative TasksOverview of Group Policy Objects Overview of Group Policy Objects, pageg. From the Select Group Policy Object dialog box, click Finish Creating a EAP Group Policy Object in Windows Vistaa. Go to File Add/Remove Snap-in Configuring Machine Authentication for EAP-FAST Configuring Single Sign-On for PEAP-GTC and LEAP Configuring Single Sign-On for EAP-FASTConfiguring Machine Authentication for PEAP-GTC The EAP-FAST XML Schema xsdocumentation xselement xschoice xselement name=authenticateWithToken xscomplexType xssequence 4-10 xselement xselement name=sendViaInnerMethod xscomplexType xsall4-11 xscomplexType name=PasswordFromProfile xssimpleContent4-12 4-13 xsannotation xselement xschoice xselement name=enableFastReconnect4-14 4-15 xssimpleType xsrestriction base=xsstring xsenumeration value=exactly4-16 xselement name=anyServerName type=Empty xsannotationThe PEAP-GTC XML Schema 4-174-18 4-19 xscomplexContent xscomplexType xscomplexType name=IdentityPattern4-20 xscomplexType name=TokenSource xschoice4-21 xschoice xssequence xscomplexType4-22 The LEAP XML Schema 4-234-24 attributeFormDefault=unqualified xselement name=eapLeap type=EapLeap4-25 Step 1 Choose Start All Programs Accessories Configuring and Starting LoggingConfiguring and Starting Logging, page Step 2 Right-click Command Prompt and select Run as administratorwevtutil sl Cisco-EAP-PEAP/Debug /efalse Disabling Logging and Flushing Internal Bufferswevtutil sl Cisco-EAP-FAST/Debug /efalse wevtutil sl Cisco-EAP-LEAP/Debug /efalsewevtutil sl Cisco-EAP-PEAP/Debug /lfn“pathtoetllogfile” Locating Log Fileswevtutil sl Cisco-EAP-FAST/Debug /lfn“pathtoetllogfile” wevtutil sl Cisco-EAP-LEAP/Debug /lfn“pathtoetllogfile”Upgrading the Client Adapter Software, page Routine ProceduresRemoving a Client Adapter, page Removing a PCI Card Removing a Client AdapterRemoving a PC-Cardbus Card Upgrading the Client Adapter Software Step 5 Click Update the previous installation Figure 5-3 Cisco Aironet Installation Program-Setup Status Window OL-16534-01 Enabling Client Reporting, page Troubleshooting and DiagnosticsTroubleshooting with Cisco Aironet Client Diagnostics, page Troubleshooting with Cisco Aironet Client Diagnostics Figure 6-1 Network and Sharing Center WindowFigure 6-2 Cisco Aironet Client Diagnostics Dialog Box Figure 6-3 Cisco Aironet Client Diagnostics Dialog Box-Choose AdapterFigure 6-5 Cisco Aironet Client Diagnostics Dialog Box-Testing Delay Figure 6-6 Cisco Aironet Client Diagnostics Dialog Box-Test Window Figure 6-7 Aironet Desktop Utility-Stop Running DiagnosticsEnabling Client Reporting PEAP-GTC and LEAP Error Messages and Prompts, page A-6 EAP-FAST Error Messages and PromptsEAP-FAST Error Messages and Prompts, page A-1 Creating Strong Passwords, page A-9Appendix A EAP Messages EAP-FAST Error Messages and Prompts Page Recommended Action Enter a username Recommended Action Press OK to continue PEAP-GTC and LEAP Error Messages and Prompts Page Page Characteristics of Weak Passwords Creating Strong PasswordsCharacteristics of Strong Passwords Password Security Basics A-10A P P E N D I X B Technical SpecificationsRadio Specifications, page B-3 Physical Specifications Radio Specifications 5470 to 5725 MHz 5150 to 5250 MHz5250 to 5350 MHz 5725 to 5805 MHzIndoor typical Outdoor typicalPower Specifications Safety and Regulatory Compliance SpecificationsA P P E N D I X C Translated Safety WarningsAntenna Installation Warning, page C-3 Explosive Device Proximity Warning, page C-2Explosive Device Proximity Warning Antenna Installation Warning Warning for Laptop Users Page Page Department of Communications - Canada, page D-3 Declarations of Conformity and Regulatory InformationA P P E N D I X D Declaration of Conformity for RF Exposure, page D-7FCC Certification Number LDK102050 CB21AG Canadian Compliance Statement Department of Communications - CanadaEuropean Community, Switzerland, Norway, Iceland, and Liechtenstein Page Cisco Aironet CB21AG Wireless LAN Client Adapter Declaration of Conformity StatementCisco Aironet PI21AG Wireless LAN Client Adapter English Translation Declaration of Conformity for RF ExposureJapanese Translation 03-6434-6500English Translation 2.4- and 5-GHz Client AdaptersChinese Translation Brazil/Anatel Approval 5-GHz Client AdaptersAIR-CB21AG-W-K9 D-10AIR-PI21AG-W-K9 D-11D-12 Channels, Power Levels, and Antenna Gains Channels, page E-2 Maximum Power Levels and Antenna Gains, page E-4A P P E N D I X E Channels IEEE 802.11aIEEE 802.11b/g Regulatory DomainsMaximum Power Levels and Antenna Gains IEEE 802.11bIEEE 802.11g OL-16534-01 Acknowledgments and Licensing A P P E N D I X FAppendix F Acknowledgments and Licensing Appendix F Acknowledgments and Licensing OL-16534-01Appendix F Acknowledgments and Licensing Abbreviations A P P E N D I X GTable G-1 List of Acronyms continued
Related manuals
Manual 34 pages 15 Kb Manual 286 pages 35.03 Kb Manual 22 pages 28.37 Kb Manual 22 pages 55.14 Kb
Top Page Image Contents