Cisco Systems CB21AG, PI21AG Overview of PEAP-GTC, Finding the Version of the LEAP Module, 3-21

Page 75
Finding the Version of the LEAP Module

Chapter 3 Configuring EAP Types

Overview of PEAP-GTC

Table 3-4

LEAP Network Credentials Settings (continued)

 

 

LEAP Network Credentials

 

Settings

 

Description

 

 

Prompt automatically for

Click this radio button to require the user to enter a separate LEAP

username and password

username and password, which are registered with the backend

 

 

server, in addition to a Windows username and password with every

 

 

authentication attempt.

 

 

Default: Off

 

 

Use saved username and

Click this radio button so that the user is not required to enter a LEAP

password

 

username and password with each Windows login. Authentication

 

 

occurs automatically as needed using a saved username and

 

 

password, which are registered with the backend server.

 

 

Default: Off

 

 

When selecting this option, the user must do the following:

 

 

Enter a username in the Username field.

 

 

Enter a password in the Password field.

 

 

Confirm password—Enter the password again to verify that it

 

 

was entered correctly.

 

 

Note The maximum number of characters allowed for the username

 

 

and password is 256.

 

 

 

The following three scenarios for credentials entry are supported by the LEAP module:

Boot time—During this state, no users are logged on. The LEAP module uses machine credentials for network authentication. The LEAP module does not prompt the user for information but instead obtains the machine credentials by using Microsoft’s Local Security Authority (LSA) API.

Pre-Logon—During this state, Microsoft’s Layer 2 credential provider (L2NA) queries the LEAP module through Microsoft’s EAPHost APIs for types of credentials that are needed. The LEAP module indicates the appropriate type: Windows, network, or none. The user enters the appropriate credentials in a Microsoft L2NA prompt.

Post-Logon—Although the user has already logged on, the LEAP module might need to prompt the user for network credentials because a card was inserted or because network authentication failed. The LEAP module invokes the EapInvokeInteractiveUI API, which is a Microsoft EAPHost API. A LEAP credentials prompt appears, and the user must enter a username and password.

Finding the Version of the LEAP Module

The LEAP module version number, copyright information, and open-source software information are in About tab (see Figure 3-9).

Overview of PEAP-GTC

Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. While EAP was originally created for use with PPP, it has since been adopted for use with IEEE 802.1X, which is Network Port Authentication. Since its deployment, a number of weaknesses in EAP have become

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

 

OL-16534-01

3-21

 

 

 

Image 75
Contents 800 553-NETS Fax 408 Software ReleaseAmericas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CATurn the television or radio antenna until the interference stops Preface Network Configurations Using Client AdaptersAd Hoc Wireless LAN FCC Safety Compliance StatementInserting the Card Advanced Roaming SettingTwo-Phase Tunneled Authentication Obtaining Client Adapter SoftwareFinding the Version of the LEAP Module Accessing LEAP Properties for ConfigurationConfiguring LEAP Configuring and Starting LoggingEnglish Translation D-7 Creating Strong Passwords A-9Antenna Installation Warning EAP Messages A-1English Translation ChannelsAcknowledgments and Licensing F-1 Chinese TranslationOL-16534-01 viiiAudience, page Purpose, page Organization, page Conventions, page PrefaceAudience PurposeConventions OrganizationVaroitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Obtaining Documentation, Obtaining Support, and Security Guidelines Related PublicationsInstalling the Client Adapter Driver and Software, page Product Overview and InstallationNetwork Configurations Using Client Adapters, page Safety information, page Unpacking the Client Adapter, pagecard Introduction to the Client AdaptersTerminology PC-CardbusLEDs Hardware ComponentsRadio Radio AntennaNetwork Configurations Using Client Adapters Ad Hoc Wireless LANSoftware Components Figure 1-1 Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LANSafety information FCC Safety Compliance StatementSafety Guidelines Warnings Unpacking the Client Adapterhttp//support.microsoft.com/kb/935222 Package ContentsSystem Requirements http//support.microsoft.com/kb/932063Site Requirements For Infrastructure DevicesFor Client Devices Inserting the Client Adapter Inserting a PC-Cardbus Card1-10 Assemble the antenna see the “Assembling the Antenna” section on page Inserting a PCI CardChanging the Bracket Insert the card see the “Inserting the Card” section on page1-12 Inserting the Card1-13 Assembling the Antenna1-14 Mounting the AntennaStep 1 Perform one of the following 1-15Step 8 If the Found New Hardware Wizard window appears, click Cancel 1-16Step 6 Click Client Adapters and Client Software Step 5 Click Wireless SoftwareStep 7 Click Cisco Aironet Wireless LAN Client Adapters Obtaining Client Adapter Software1-18 Installing the Client Adapter Driver and Software1-19 Figure 1-11 Cisco Aironet Installation Program WindowHardware Insertion Figure 1-13 Cisco Aironet Installation Program-Setup Status Window 1-20Step 8 Click Finish 1-211-22 Creating a New Profile and Configuring Basic Settings, page Configuring Wireless ProfilesOverview of Wireless Profiles, page Accessing Microsoft Vista Network and Sharing Center, pageAccessing Microsoft Vista Network and Sharing Center Overview of Wireless ProfilesCreating a New Profile and Configuring Basic Settings Cisco Aironet 802.11a/b/g Wireless Adapter see Figure Chapter 2 Configuring Wireless Profiles Step 7 In this dialog box, enter information for the wireless network that you want to add.Table 2-1 lists and describes general settings for the profile. Follow the instructions in the table to configure these settings Encryption Types” section on page SettingWhat to Enter Chapter 3, “Configuring EAP Types.” The enterprise network EAP and Encryption Types” section on pageProfile Management General Settings continued What to Enter 2-10 Security and Encryption TypesWEP Shared Security with Static WEP Keys WPA and WPA22-11 802.1X with Dynamic WEP KeysAccessing a Profile That Was Created Previously CCKM Fast Secure Roaming2-12 Viewing and Changing the Settings of a Profile 2-13Figure 2-7 Network and Sharing Center Window Figure 2-8 Wireless Network properties Dialog Box-Connection Tab 2-14in Table 2-1 on page is available, Choose Control Panel Manage Wireless NetworksSettings dialog box. See the “Radio Measurement” section on page 2-18 and the “Advanced Roaming Setting” section on pageFigure 2-9 Wireless Network properties Dialog Box-Security Tab 2-162-17 2-18 Radio Measurement2-19 Advanced Roaming Setting2-20 Configuring PEAP-GTC, page Configuring EAP TypesConfiguring EAP-FAST, page Overview of LEAP, page How LEAP Works, page Configuring LEAP, pageHow EAP-FAST Works Two-Phase Tunneled AuthenticationTwo-Phase Tunneled Authentication, page Protected Access Credentials, pageServer Certificate Validation Protected Access CredentialsConfiguring EAP-FAST Settings in the Connection Tab, page Configuring EAP-FASTAccessing EAP-FAST Properties for Configuration Accessing EAP-FAST Properties for Configuration, pageConfiguring EAP-FAST Settings in the Connection Tab Default anonymous Default OnUse Protected Access Default OnDefault None Default EnabledPAC box and the Validate Server Certificate box at the same time Default OffUsernames and Passwords Overview of the User Credentials TabClient Certificates Configuring EAP-FAST Settings in the User Credentials Tab 3-10Figure 3-3 User Credentials Tab in EAP-FAST Properties Window information about OTP, see the “Understanding PIN Mode and Token Mode with OTP” section on page3-11 Figure 3-5 Next Token Prompt Window Understanding PIN Mode and Token Mode with OTP3-12 Figure 3-4 New PIN Prompt Window3-13 Configuring EAP-FAST Settings in the Authentication Tab3-14 Table 3-3 lists and describes options for authenticationFigure 3-6 Authentication Tab in EAP-FAST Properties Window Select an authentication Default Disableda certificate on this computer radio button in the User 3-15Finding the Version of the EAP-FAST Module 3-16Figure 3-7 About Tab in EAP-FAST Properties Window Overview of LEAP How LEAP Works3-17 Configuring LEAP Settings in the Network Credentials Tab, page Configuring LEAPAccessing LEAP Properties for Configuration Accessing LEAP Properties for Configuration, pageConfiguring LEAP Settings in the Network Credentials Tab 3-19Figure 3-8 Wireless Network Properties Window LEAP Network Credentials 3-20Settings Table 3-4 LEAP Network Credentials SettingsOverview of PEAP-GTC Finding the Version of the LEAP Module3-21 3-22 How PEAP-GTC WorksConfiguring PEAP-GTC Settings in the Connection Tab, page Configuring PEAP-GTCAccessing PEAP-GTC Properties for Configuration Accessing PEAP-GTC Properties for Configuration, pageFigure 3-10 Wireless Network Properties Window 3-24Configuring PEAP-GTC Settings in the Connection Tab 3-25Figure 3-11 Connection Tab in PEAP-GTC Properties Window If the Validate server certificate box is checked but the Do not Default anonymousIf the Validate server certificate box is checked and the Do not prompt user to authorize new servers or trusted certificate3-27 Configuring PEAP-GTC Settings in the User Credentials Tabwhich is the case for the Prompt automatically for username and Default Offpassword option and Token Mode with OTP” section on page3-29 PEAP-GTC User Credentials Options continuedFigure 3-13 New PIN Prompt Window Figure 3-14 Next Token Prompt Window Understanding PEAP-GTC AuthenticationFinding the Version of the PEAP-GTC Module 3-30The LEAP XML Schema, page Logging for EAP Modules, page Performing Administrative TasksUsing Microsoft Tools to Perform Administrative Tasks, page The EAP-FAST XML Schema, page The PEAP-GTC XML Schema, pageOverview of Group Policy Objects, page Using Microsoft Tools to Perform Administrative TasksOverview of Group Policy Objects Adding a Group Policy Object EditorCreating a EAP Group Policy Object in Windows Vista a. Go to File Add/Remove Snap-ing. From the Select Group Policy Object dialog box, click Finish Configuring Machine Authentication for EAP-FAST Configuring Single Sign-On for EAP-FAST Configuring Machine Authentication for PEAP-GTCConfiguring Single Sign-On for PEAP-GTC and LEAP The EAP-FAST XML Schema xsdocumentation xselement xschoice xselement name=authenticateWithToken xscomplexType xssequence xselement xselement name=sendViaInnerMethod xscomplexType xsall 4-10xscomplexType name=PasswordFromProfile xssimpleContent 4-114-12 xsannotation xselement xschoice xselement name=enableFastReconnect 4-134-14 xssimpleType xsrestriction base=xsstring xsenumeration value=exactly 4-15xselement name=anyServerName type=Empty xsannotation 4-164-17 The PEAP-GTC XML Schema4-18 xscomplexContent xscomplexType xscomplexType name=IdentityPattern 4-19xscomplexType name=TokenSource xschoice 4-20xschoice xssequence xscomplexType 4-214-22 4-23 The LEAP XML SchemaattributeFormDefault=unqualified xselement name=eapLeap type=EapLeap 4-244-25 Step 2 Right-click Command Prompt and select Run as administrator Configuring and Starting LoggingConfiguring and Starting Logging, page Step 1 Choose Start All Programs Accessorieswevtutil sl Cisco-EAP-LEAP/Debug /efalse Disabling Logging and Flushing Internal Bufferswevtutil sl Cisco-EAP-FAST/Debug /efalse wevtutil sl Cisco-EAP-PEAP/Debug /efalsewevtutil sl Cisco-EAP-LEAP/Debug /lfn“pathtoetllogfile” Locating Log Fileswevtutil sl Cisco-EAP-FAST/Debug /lfn“pathtoetllogfile” wevtutil sl Cisco-EAP-PEAP/Debug /lfn“pathtoetllogfile”Routine Procedures Removing a Client Adapter, pageUpgrading the Client Adapter Software, page Removing a Client Adapter Removing a PC-Cardbus CardRemoving a PCI Card Upgrading the Client Adapter Software Step 5 Click Update the previous installation Figure 5-3 Cisco Aironet Installation Program-Setup Status Window Chapter 5 Routine Procedures Upgrading the Client Adapter Software Troubleshooting and Diagnostics Troubleshooting with Cisco Aironet Client Diagnostics, pageEnabling Client Reporting, page Figure 6-1 Network and Sharing Center Window Troubleshooting with Cisco Aironet Client DiagnosticsFigure 6-3 Cisco Aironet Client Diagnostics Dialog Box-Choose Adapter Figure 6-2 Cisco Aironet Client Diagnostics Dialog BoxFigure 6-5 Cisco Aironet Client Diagnostics Dialog Box-Testing Delay Figure 6-7 Aironet Desktop Utility-Stop Running Diagnostics Figure 6-6 Cisco Aironet Client Diagnostics Dialog Box-Test WindowEnabling Client Reporting Creating Strong Passwords, page A-9 EAP-FAST Error Messages and PromptsEAP-FAST Error Messages and Prompts, page A-1 PEAP-GTC and LEAP Error Messages and Prompts, page A-6Appendix A EAP Messages EAP-FAST Error Messages and Prompts Page Recommended Action Enter a username Recommended Action Press OK to continue PEAP-GTC and LEAP Error Messages and Prompts Page Page Creating Strong Passwords Characteristics of Strong PasswordsCharacteristics of Weak Passwords A-10 Password Security BasicsTechnical Specifications Radio Specifications, page B-3A P P E N D I X B Physical Specifications Radio Specifications 5725 to 5805 MHz 5150 to 5250 MHz5250 to 5350 MHz 5470 to 5725 MHzOutdoor typical Indoor typicalSafety and Regulatory Compliance Specifications Power SpecificationsExplosive Device Proximity Warning, page C-2 Translated Safety WarningsAntenna Installation Warning, page C-3 A P P E N D I X CExplosive Device Proximity Warning Antenna Installation Warning Warning for Laptop Users Page Page Declaration of Conformity for RF Exposure, page D-7 Declarations of Conformity and Regulatory InformationA P P E N D I X D Department of Communications - Canada, page D-3FCC Certification Number LDK102050 CB21AG Department of Communications - Canada European Community, Switzerland, Norway, Iceland, and LiechtensteinCanadian Compliance Statement Page Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client AdapterCisco Aironet PI21AG Wireless LAN Client Adapter 03-6434-6500 Declaration of Conformity for RF ExposureJapanese Translation English Translation2.4- and 5-GHz Client Adapters Chinese TranslationEnglish Translation 5-GHz Client Adapters Brazil/Anatel ApprovalD-10 AIR-CB21AG-W-K9D-11 AIR-PI21AG-W-K9D-12 Channels, page E-2 Maximum Power Levels and Antenna Gains, page E-4 A P P E N D I X EChannels, Power Levels, and Antenna Gains IEEE 802.11a ChannelsRegulatory Domains IEEE 802.11b/gIEEE 802.11b Maximum Power Levels and Antenna GainsIEEE 802.11g Appendix E Channels, Power Levels, and Antenna Gains A P P E N D I X F Acknowledgments and LicensingAppendix F Acknowledgments and Licensing OL-16534-01 Appendix F Acknowledgments and LicensingOL-16534-01 A P P E N D I X G AbbreviationsList of Acronyms continued Table G-1
Related manuals
Manual 34 pages 15 Kb Manual 286 pages 35.03 Kb Manual 22 pages 28.37 Kb Manual 22 pages 55.14 Kb