Cisco Systems CB21AG manual information about OTP, see the “Understanding PIN Mode and Token, 3-11

Page 65
information about OTP, see the “Understanding PIN Mode and Token

Chapter 3 Configuring EAP Types

Configuring EAP-FAST

Table 3-2

User Credentials Options

 

 

User Credentials

Description

 

 

Use a certificate on this

Click this radio button to automatically obtain the client certificate

computer

 

from the Windows certificate store of the current user.

 

 

Default: Off

 

 

Use one-time password

Click this radio button to use a one-time password (OTP). For more

 

 

information about OTP, see the “Understanding PIN Mode and Token

 

 

Mode with OTP” section on page 3-12.

 

 

Default: Off

 

 

Use Windows username and

Click this radio button to use the Windows username and password as

password

 

the EAP-FAST username and password for network authentication.

 

 

Default: On

 

 

Prompt automatically for

Click this radio button to require the user to enter a separate

username and password

EAP-FAST username and password in addition to a Windows

 

 

username and password with every authentication attempt. This

 

 

options supports non-Windows passwords, such as LDAP.

 

 

Default: Off

 

 

Use saved username and

Click this radio button so that the user is not required to enter an

password

 

EAP-FAST username and password each time. Authentication occurs

 

 

automatically as needed using a saved user name and password,

 

 

which are registered with the backend server.

 

 

Default: Off

 

 

When selecting this option, the user must enter the following:

 

 

Username—Enter the username and the domain name in one of

 

 

these two formats:

 

 

Domain-qualified user name—domain\user

 

 

User Principal Name (UPN)—user@domain.com

 

 

Password—Enter a password. This encrypted password is stored

 

 

in the EAP-FAST configuration.

 

 

Confirm password—Enter the password again to verify that it

 

 

was entered correctly.

 

 

Note The maximum number of characters allowed for the username

 

 

and password is 256.

 

 

 

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

 

OL-16534-01

3-11

 

 

 

Image 65
Contents Americas Headquarters Software ReleaseCisco Systems, Inc 170 West Tasman Drive San Jose, CA 800 553-NETS Fax 408Turn the television or radio antenna until the interference stops Ad Hoc Wireless LAN Network Configurations Using Client AdaptersFCC Safety Compliance Statement PrefaceTwo-Phase Tunneled Authentication Advanced Roaming SettingObtaining Client Adapter Software Inserting the CardConfiguring LEAP Accessing LEAP Properties for ConfigurationConfiguring and Starting Logging Finding the Version of the LEAP ModuleAntenna Installation Warning Creating Strong Passwords A-9EAP Messages A-1 English Translation D-7Acknowledgments and Licensing F-1 ChannelsChinese Translation English TranslationOL-16534-01 viiiAudience PrefacePurpose Audience, page Purpose, page Organization, page Conventions, pageConventions OrganizationVaroitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Obtaining Documentation, Obtaining Support, and Security Guidelines Related PublicationsNetwork Configurations Using Client Adapters, page Product Overview and InstallationSafety information, page Unpacking the Client Adapter, page Installing the Client Adapter Driver and Software, pageTerminology Introduction to the Client AdaptersPC-Cardbus cardRadio Hardware ComponentsRadio Antenna LEDsSoftware Components Network Configurations Using Client AdaptersAd Hoc Wireless LAN Figure 1-1 Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LANSafety Guidelines Safety informationFCC Safety Compliance Statement Warnings Unpacking the Client AdapterSystem Requirements Package Contentshttp//support.microsoft.com/kb/932063 http//support.microsoft.com/kb/935222For Client Devices Site RequirementsFor Infrastructure Devices 1-10 Inserting the Client AdapterInserting a PC-Cardbus Card Changing the Bracket Inserting a PCI CardInsert the card see the “Inserting the Card” section on page Assemble the antenna see the “Assembling the Antenna” section on page1-12 Inserting the Card1-13 Assembling the Antenna1-14 Mounting the AntennaStep 1 Perform one of the following 1-15Step 8 If the Found New Hardware Wizard window appears, click Cancel 1-16Step 7 Click Cisco Aironet Wireless LAN Client Adapters Step 5 Click Wireless SoftwareObtaining Client Adapter Software Step 6 Click Client Adapters and Client Software1-18 Installing the Client Adapter Driver and SoftwareHardware Insertion 1-19Figure 1-11 Cisco Aironet Installation Program Window Figure 1-13 Cisco Aironet Installation Program-Setup Status Window 1-20Step 8 Click Finish 1-211-22 Overview of Wireless Profiles, page Configuring Wireless ProfilesAccessing Microsoft Vista Network and Sharing Center, page Creating a New Profile and Configuring Basic Settings, pageAccessing Microsoft Vista Network and Sharing Center Overview of Wireless ProfilesCreating a New Profile and Configuring Basic Settings Cisco Aironet 802.11a/b/g Wireless Adapter see Figure OL-16534-01 Step 7 In this dialog box, enter information for the wireless network that you want to add.Table 2-1 lists and describes general settings for the profile. Follow the instructions in the table to configure these settings What to Enter Encryption Types” section on pageSetting Profile Management General Settings continued Chapter 3, “Configuring EAP Types.” The enterprise network EAPand Encryption Types” section on page What to Enter WEP Shared Security with Static WEP Keys Security and Encryption TypesWPA and WPA2 2-102-11 802.1X with Dynamic WEP Keys2-12 Accessing a Profile That Was Created PreviouslyCCKM Fast Secure Roaming Figure 2-7 Network and Sharing Center Window Viewing and Changing the Settings of a Profile2-13 Figure 2-8 Wireless Network properties Dialog Box-Connection Tab 2-14Settings dialog box. See the “Radio Measurement” section on is available, Choose Control Panel Manage Wireless Networkspage 2-18 and the “Advanced Roaming Setting” section on page in Table 2-1 on pageFigure 2-9 Wireless Network properties Dialog Box-Security Tab 2-162-17 2-18 Radio Measurement2-19 Advanced Roaming Setting2-20 Configuring EAP-FAST, page Overview of LEAP, page Configuring EAP TypesHow LEAP Works, page Configuring LEAP, page Configuring PEAP-GTC, pageTwo-Phase Tunneled Authentication, page Two-Phase Tunneled AuthenticationProtected Access Credentials, page How EAP-FAST WorksServer Certificate Validation Protected Access CredentialsAccessing EAP-FAST Properties for Configuration Configuring EAP-FASTAccessing EAP-FAST Properties for Configuration, page Configuring EAP-FAST Settings in the Connection Tab, pageConfiguring EAP-FAST Settings in the Connection Tab Default anonymous Default OnDefault None Default OnDefault Enabled Use Protected AccessPAC box and the Validate Server Certificate box at the same time Default OffClient Certificates Usernames and PasswordsOverview of the User Credentials Tab Figure 3-3 User Credentials Tab in EAP-FAST Properties Window Configuring EAP-FAST Settings in the User Credentials Tab3-10 3-11 information about OTP, see the “Understanding PIN Mode and TokenMode with OTP” section on page 3-12 Understanding PIN Mode and Token Mode with OTPFigure 3-4 New PIN Prompt Window Figure 3-5 Next Token Prompt Window3-13 Configuring EAP-FAST Settings in the Authentication TabFigure 3-6 Authentication Tab in EAP-FAST Properties Window 3-14Table 3-3 lists and describes options for authentication a certificate on this computer radio button in the User Default Disabled3-15 Select an authenticationFigure 3-7 About Tab in EAP-FAST Properties Window Finding the Version of the EAP-FAST Module3-16 3-17 Overview of LEAPHow LEAP Works Accessing LEAP Properties for Configuration Configuring LEAPAccessing LEAP Properties for Configuration, page Configuring LEAP Settings in the Network Credentials Tab, pageFigure 3-8 Wireless Network Properties Window Configuring LEAP Settings in the Network Credentials Tab3-19 Settings 3-20Table 3-4 LEAP Network Credentials Settings LEAP Network Credentials3-21 Overview of PEAP-GTCFinding the Version of the LEAP Module 3-22 How PEAP-GTC WorksAccessing PEAP-GTC Properties for Configuration Configuring PEAP-GTCAccessing PEAP-GTC Properties for Configuration, page Configuring PEAP-GTC Settings in the Connection Tab, pageFigure 3-10 Wireless Network Properties Window 3-24Figure 3-11 Connection Tab in PEAP-GTC Properties Window Configuring PEAP-GTC Settings in the Connection Tab3-25 If the Validate server certificate box is checked and the Do not Default anonymousprompt user to authorize new servers or trusted certificate If the Validate server certificate box is checked but the Do not3-27 Configuring PEAP-GTC Settings in the User Credentials Tabpassword option Default Offand Token Mode with OTP” section on page which is the case for the Prompt automatically for username andFigure 3-13 New PIN Prompt Window 3-29PEAP-GTC User Credentials Options continued Finding the Version of the PEAP-GTC Module Understanding PEAP-GTC Authentication3-30 Figure 3-14 Next Token Prompt WindowUsing Microsoft Tools to Perform Administrative Tasks, page Performing Administrative TasksThe EAP-FAST XML Schema, page The PEAP-GTC XML Schema, page The LEAP XML Schema, page Logging for EAP Modules, pageOverview of Group Policy Objects Using Microsoft Tools to Perform Administrative TasksAdding a Group Policy Object Editor Overview of Group Policy Objects, pageg. From the Select Group Policy Object dialog box, click Finish Creating a EAP Group Policy Object in Windows Vistaa. Go to File Add/Remove Snap-in Configuring Machine Authentication for EAP-FAST Configuring Single Sign-On for PEAP-GTC and LEAP Configuring Single Sign-On for EAP-FASTConfiguring Machine Authentication for PEAP-GTC The EAP-FAST XML Schema xsdocumentation xselement xschoice xselement name=authenticateWithToken xscomplexType xssequence xselement xselement name=sendViaInnerMethod xscomplexType xsall 4-10xscomplexType name=PasswordFromProfile xssimpleContent 4-114-12 xsannotation xselement xschoice xselement name=enableFastReconnect 4-134-14 xssimpleType xsrestriction base=xsstring xsenumeration value=exactly 4-15xselement name=anyServerName type=Empty xsannotation 4-164-17 The PEAP-GTC XML Schema4-18 xscomplexContent xscomplexType xscomplexType name=IdentityPattern 4-19xscomplexType name=TokenSource xschoice 4-20xschoice xssequence xscomplexType 4-214-22 4-23 The LEAP XML SchemaattributeFormDefault=unqualified xselement name=eapLeap type=EapLeap 4-244-25 Configuring and Starting Logging, page Configuring and Starting LoggingStep 1 Choose Start All Programs Accessories Step 2 Right-click Command Prompt and select Run as administratorwevtutil sl Cisco-EAP-FAST/Debug /efalse Disabling Logging and Flushing Internal Bufferswevtutil sl Cisco-EAP-PEAP/Debug /efalse wevtutil sl Cisco-EAP-LEAP/Debug /efalsewevtutil sl Cisco-EAP-FAST/Debug /lfn“pathtoetllogfile” Locating Log Fileswevtutil sl Cisco-EAP-PEAP/Debug /lfn“pathtoetllogfile” wevtutil sl Cisco-EAP-LEAP/Debug /lfn“pathtoetllogfile”Upgrading the Client Adapter Software, page Routine ProceduresRemoving a Client Adapter, page Removing a PCI Card Removing a Client AdapterRemoving a PC-Cardbus Card Upgrading the Client Adapter Software Step 5 Click Update the previous installation Figure 5-3 Cisco Aironet Installation Program-Setup Status Window OL-16534-01 Enabling Client Reporting, page Troubleshooting and DiagnosticsTroubleshooting with Cisco Aironet Client Diagnostics, page Figure 6-1 Network and Sharing Center Window Troubleshooting with Cisco Aironet Client DiagnosticsFigure 6-3 Cisco Aironet Client Diagnostics Dialog Box-Choose Adapter Figure 6-2 Cisco Aironet Client Diagnostics Dialog BoxFigure 6-5 Cisco Aironet Client Diagnostics Dialog Box-Testing Delay Figure 6-7 Aironet Desktop Utility-Stop Running Diagnostics Figure 6-6 Cisco Aironet Client Diagnostics Dialog Box-Test WindowEnabling Client Reporting EAP-FAST Error Messages and Prompts, page A-1 EAP-FAST Error Messages and PromptsPEAP-GTC and LEAP Error Messages and Prompts, page A-6 Creating Strong Passwords, page A-9Appendix A EAP Messages EAP-FAST Error Messages and Prompts Page Recommended Action Enter a username Recommended Action Press OK to continue PEAP-GTC and LEAP Error Messages and Prompts Page Page Characteristics of Weak Passwords Creating Strong PasswordsCharacteristics of Strong Passwords A-10 Password Security BasicsA P P E N D I X B Technical SpecificationsRadio Specifications, page B-3 Physical Specifications Radio Specifications 5250 to 5350 MHz 5150 to 5250 MHz5470 to 5725 MHz 5725 to 5805 MHzOutdoor typical Indoor typicalSafety and Regulatory Compliance Specifications Power SpecificationsAntenna Installation Warning, page C-3 Translated Safety WarningsA P P E N D I X C Explosive Device Proximity Warning, page C-2Explosive Device Proximity Warning Antenna Installation Warning Warning for Laptop Users Page Page A P P E N D I X D Declarations of Conformity and Regulatory InformationDepartment of Communications - Canada, page D-3 Declaration of Conformity for RF Exposure, page D-7FCC Certification Number LDK102050 CB21AG Canadian Compliance Statement Department of Communications - CanadaEuropean Community, Switzerland, Norway, Iceland, and Liechtenstein Page Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client AdapterCisco Aironet PI21AG Wireless LAN Client Adapter Japanese Translation Declaration of Conformity for RF ExposureEnglish Translation 03-6434-6500English Translation 2.4- and 5-GHz Client AdaptersChinese Translation 5-GHz Client Adapters Brazil/Anatel ApprovalD-10 AIR-CB21AG-W-K9D-11 AIR-PI21AG-W-K9D-12 Channels, Power Levels, and Antenna Gains Channels, page E-2 Maximum Power Levels and Antenna Gains, page E-4A P P E N D I X E IEEE 802.11a ChannelsRegulatory Domains IEEE 802.11b/gIEEE 802.11b Maximum Power Levels and Antenna GainsIEEE 802.11g OL-16534-01 A P P E N D I X F Acknowledgments and LicensingAppendix F Acknowledgments and Licensing OL-16534-01 Appendix F Acknowledgments and LicensingOL-16534-01 A P P E N D I X G AbbreviationsList of Acronyms continued Table G-1
Related manuals
Manual 34 pages 15 Kb Manual 286 pages 35.03 Kb Manual 22 pages 28.37 Kb Manual 22 pages 55.14 Kb