Cisco Systems CB21AG manual Static WEP Keys, EAP with Dynamic WEP Keys

Page 81

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Static WEP Keys

Each device (or profile) within your wireless network can be assigned up to four static WEP keys. If a device receives a packet that is not encrypted with the appropriate key (as the WEP keys of all devices that are to communicate with each other must match), the device discards the packet and never delivers it to the intended receiver.

You do not need to re-enter static WEP keys each time the client adapter is inserted or the Windows device is rebooted because the keys are stored (in an encrypted format for security reasons) in the registry of the Windows device. When the driver loads and reads the client adapter’s registry parameters, it also finds the static WEP keys, unencrypts them, and stores them in volatile memory on the adapter.

The Define Pre-Shared Keys window enables you to view the WEP key settings for a particular profile and to assign new WEP keys or overwrite existing WEP keys. Refer to the “Enabling Static WEP” section on page 5-24for instructions.

EAP (with Dynamic WEP Keys)

The standard for wireless LAN security, as defined by IEEE, is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless client and an authentication server, such as a RADIUS server, to which the access point communicates over the wired network.

Five 802.1X authentication types are available in ADU for use with Windows 2000 or XP:

EAP-Cisco Wireless (or LEAP)—This authentication type leverages Cisco Key Integrity Protocol (CKIP) and MMH message integrity check (MIC) for data protection. ADU offers a variety of LEAP configuration options, including how a username and password are entered to begin the authentication process.

The username and password are used by the client adapter to perform mutual authentication with the RADIUS server through the access point. The username and password need to be re-entered each time the client adapter is inserted or the Windows device is rebooted unless you configure your adapter to use saved LEAP credentials.

RADIUS servers that support LEAP include Cisco Secure ACS release 2.6 or later, Cisco Access Registrar release 1.7 or later, Funk Software’s Steel-Belted RADIUS release 4.1 or later, and Meetinghouse Data Communications’ AEGIS release 1.1 or later.

EAP-FAST—This authentication type (Flexible Authentication via Secure Tunneling) uses a three-phased tunneled authentication process to provide advanced 802.1X EAP mutual authentication.

Phase 0 enables the client to dynamically provision a protected access credentials (PAC) when necessary. During this phase, a PAC is generated securely between the user and the network.

Phase 1 uses the PAC to establish a mutually authenticated and secure tunnel between the client and the RADIUS server. RADIUS servers that support EAP-FAST include Cisco Secure ACS version 3.2.3 and later.

Phase 2 performs client authentication in the established tunnel.

ADU offers a variety of EAP-FAST configuration options, including how and when a username and password are entered to begin the authentication process and whether automatic or manual PAC provisioning is used.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

 

OL-4211-03

5-15

 

 

 

Page 80 Page 82
Image 81
Page 80 Page 82
Contents Customer Order Number Text Part Number OL-4211-03 Corporate HeadquartersCopyright 2005 Cisco Systems, Inc All rights reserved Iii N T E N T SAssembling the Antenna Overview Pop-Up Menu Help Exit Vii Select ProfileViii Antenna Installation Warning B-3WPA OL-4211-03 Following topics are covered in this section PrefacePurpose AudienceOrganization XiiXiii ConventionsXiv Obtaining Documentation Related PublicationsCisco.com Documentation DVDOrdering Documentation Cisco Product Security OverviewDocumentation Feedback XviObtaining Technical Assistance Reporting Security Problems in Cisco ProductsCisco Technical Support Website An emergency, you can also reach Psirt by telephone 877 408Submitting a Service Request Definitions of Service Request SeverityXviii Xix Obtaining Additional Publications and InformationOL-4211-03 Product Overview Terminology Introduction to the Client AdaptersClient Adapter Model Number Description AIR-CB21AGRadio Hardware ComponentsRadio Antenna LEDsSoftware Components DriverClient Utilities Ad Hoc Wireless LAN Network Configurations Using Client AdaptersAccess Point Root Unit Wired LAN Preparing for Installation Safety information FCC Safety Compliance StatementSafety Guidelines Unpacking the Client Adapter Package ContentsSystem Requirements Site Requirements For Infrastructure DevicesFor Client Devices OL-4211-03 Installing the Client Adapter Inserting a PC-Cardbus Card Inserting a Client AdapterInserting a PCI Card Changing the BracketBracket screws Inserting the Card Inserting a PCI Card into a PC Assembling the AntennaInserting the Antenna into Its Base Mounting the AntennaBottom of Antenna Base Mounting the Antenna Installing the Client Adapter Software Preparing Setup Window Cisco Aironet Installation Program Window Click Next. The Setup Type window appears see Figure10 Setup Type Window 11 Install Cisco Aironet Site Survey Utility Window 12 Choose Destination Location Window 13 Select Program Folder Window 14 Important Please Read! Window 15 Choose Configuration Tool Window FeatureWith dynamic WEP EAP-TLS or Peap authentication Yes Leap or EAP-FAST authenticationSecurity Static WEP Yes ReceiveClick Properties Installing a Microsoft Hot Fix for Group Policy Delay Page OL-4211-03 Using the Profile Manager Opening Profile Manager Overview of Profile ManagerSSID1 Field DescriptionSSID2 SSID3Available Infrastructure and Ad Hoc Networks Window Creating a New ProfileSNR Profile Management General Window Auto Profile Selection Management Window Including a Profile in Auto Profile SelectionOL-4211-03 Selecting the Active Profile Importing and Exporting Profiles Modifying a ProfileEditing a Profile Deleting a ProfileExporting a Profile Importing a ProfileExport Profile Window Configuring the Client Adapter Parameter Category Number OverviewSetting General Parameters Parameter Description Auto profile selection or configured for use in an ad hoc ReconfiguredClient adapter to roam to that network without having to be Auto profile selectionProfile Management Advanced Window Setting Advanced ParametersRadio Band Transmit Power Level Profile Management Advanced Parameters Network Type Description Parameter Description Parameter Description Default Open Preferred Access Points Window Setting Security ParametersProfile Management Security Window Overview of Security FeaturesEAP with Dynamic WEP Keys Static WEP KeysConfiguring the Client Adapter Setting Security Parameters EAP-FAST, EAP-TLS, Peap EAP-GTC, or Peap EAP-MSCHAP V2, LEAP,Cckm Fast Secure Roaming WPA and WPA2Reporting Access Points that Fail Leap Authentication Additional WEP Key Security Features Synchronizing Security FeaturesSecurity Feature Client Setting Access Point Setting SsidWPA Security Feature Client Setting Access Point Setting Or later, choose a cipher suite that is LEAP, EAP-FAST, EAP-TLSWPA/WPA2/CCKM MICTkip Enabling Static WEPPeap EAP-MSCHAP Interval to any value other thanConfiguring the Client Adapter Setting Security Parameters Define WPA/WPA2 Pre-Shared Key Window Enabling WPA/WPA2 PassphraseEnabling Leap Leap Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling EAP-FAST EAP-FAST Settings Window Configuring the Client Adapter Setting Security Parameters Click Select More Select EAP-FAST PAC Window 10 Import EAP-FAST PAC File Window Configuring the Client Adapter Setting Security Parameters Deleting a Manually Provisioned PAC File Enabling EAP-TLS or Peap 12 Define Certificate Window Enabling EAP-TLSConfiguring the Client Adapter Setting Security Parameters Enabling Peap EAP-GTC 13 Define Peap EAP-GTC Configuration Window 14 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters Enabling Peap EAP-MSCHAP 15 Define Peap EAP-MSCHAP V2 Configuration Window16 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling Wi-Fi Multimedia Disabling Static WEP, WPA/WPA2 Passphrase, or EAPEnabling the QoS Packet Scheduler on Windows 17 Wireless Cisco Connection Properties Window 18 Select Network Component Type Window Click Control Panel Double-clickNetwork Connections Enabling the QoS Packet Scheduler on Windows XPFollow these steps to access the roaming parameters Setting Roaming Parameters in the Windows Control PanelWireless Mode Using EAP Authentication Leap or EAP-FAST Authentication Status Window Using Leap or EAP-FASTStage Explanation After Profile Activation or Card InsertionAfter Your EAP-FAST Password Expires After a Reboot or LogonUsing Leap or EAP-FAST with an Automatically Prompted Login Enter Wireless Network Password Window After Your EAP-FAST Password Expires After Profile Activation Using Leap or EAP-FAST with a Manually Prompted LoginAfter a Reboot, Logon, or Card Insertion Action Drop-Down Menu After Your EAP-FAST Password Expires Using Leap or EAP-FAST with a Saved Username and Password 10 Please Change Password Window Using EAP-TLSUsing Peap EAP-GTC Windows NT or 2000 Domain Databases or Ldap Databases OnlyOTP Databases Only Restarting the Authentication Process Using Peap EAP-MSCHAPOL-4211-03 Viewing Status and Statistics Tool Overview of ADU Status and Statistics ToolsStatus Statistics NumberSignal-to-noise ratio as a percentage Displays the signal strength3interprets each element of the Current Status window Viewing the Current Status of Your Client AdapterStatus Description Status Description 4interprets each element of the Advanced Status window Details on these server-based authentication typesMIC is enabled and is being used with None MIC is disabledMichael MIC is enabled and is being used with WPA and Tkip MMHWMM Status Description Status Description Viewing Statistics for Your Client Adapter Cisco Aironet Desktop Utility Diagnostics WindowAdvanced Statistics Window Statistic Description6interprets each element of the Advanced Statistics window Integrity check MIC value when Ckip was being used Ckip MIC OKPoint OL-4211-03 Using the Aironet System Tray Utility Astu Overview of Astu Infrastructure mode or another client in ad hoc modeAstu Icon Icon DescriptionStatus Element Description Tool Tip WindowConnection Status Description Pop-Up Menu This option enables you to access the online helpHelp Following sections describe each Astu pop-up menu optionExit TroubleshootingOpen Aironet Desktop Utility PreferencesEnable/Disable Radio Manual Login ReauthenticateSelect Profile Connection Status Window Show Connection StatusConnection Status Window Elements Ssid OL-4211-03 Routine Procedures Removing a Client Adapter Removing a PC-Cardbus CardRemoving a PCI Card Upgrading the Client Adapter Software Client Adapter Software ProceduresPrevious Installation Detected Window Choose Update the previous installation and click Next Choose Uninstall the previous installation and click Next Uninstalling the Client Adapter SoftwareADU Procedures Opening ADUExiting ADU Viewing Client Adapter Information Finding the Version of ADUAccessing Online Help Astu ProceduresRefer to for instructions on using Astu Enabling or Disabling Your Client Adapter’s RadioOL-4211-03 10-1 TroubleshootingInterpreting the Indicator LEDs Accessing the Latest Troubleshooting InformationStatus LED green Activity LED amber Condition 10-2Using the Troubleshooting Utility Troubleshooting the Client AdapterTroubleshooting Information Number Diagnosing Your Client Adapter’s Operation10-4 Troubleshooting Utility Window10-5 Troubleshooting Utility Window with Test Results10-6 Troubleshooting Utility Window Detailed Report10-7 Saving the Detailed Report to a Text FileClient Adapter Recognition Problems Disabling the Microsoft 802.1X Supplicant Windows 2000 Only10-8 Resolving Resource Conflicts Reboot your computerResolving Resource Conflicts in Windows 10-9Problems Associating to an Access Point Resolving Resource Conflicts in Windows XP10-10 Prioritizing Network Connections Problems Connecting to the NetworkParameters Missing from Profile Management Windows 10-1110-12 Error Messages10-13 10-14 10-15 10-16 10-17 10-18 10-19 10-20 10-21 10-22 10-23 10-24 Technical Specifications Radio Specifications Physical SpecificationsESD KV human body modelAppendix a Technical Specifications DBm @ 6, 9, 12, and 18 Mbps Receiver sensitivity 802.11aDBm @ 24 Mbps DBm @ 36 MbpsIndoor typical Outdoor typical Safety and Regulatory Compliance Specifications Power SpecificationsTranslated Safety Warnings Explosive Device Proximity Warning Antenna Installation Warning Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Declarations of Conformity and Regulatory Information USA Models AIR-CB21AG-A-K9, AIR-PI21AG-A-K9Canadian Compliance Statement Department of Communications CanadaOL-4211-03 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client AdapterCisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Japanese TranslationEnglish Translation Chinese Translation 5-GHz Client AdaptersEnglish Translation Communication ACTThis equipment is limited for indoor use GHz Client AdaptersOL-4211-03 Channels, Power Levels, and Antenna Gains Channels Ieee 802.11aRegulatory Domains Ieee 802.11b/g Ieee 802.11b Maximum Power Levels and Antenna GainsData Rate With 1-dBi Antenna GainMbps 31.6 Ieee 802.11gOL-4211-03 P E N D I X E Overview EAP with Dynamic WEP Keys WPA Configuring the Client Adapter Configuring the Client Adapter Page Configuring the Client Adapter Page Enabling EAP-TLS Authentication For EAP type, choose Smart Card or other Certificate Configuring the Client Adapter Enabling Peap Authentication Figure E-6 Protected EAP Properties Window Figure E-7 EAP MSCHAPv2 Properties Window Figure E-8 Peap Properties Window Figure E-9 Generic Token Card Properties Window Figure E-10 Wireless Network Connection Status Window Associating to an Access Point Using Windows XPPerforming a Site Survey Additional Information GuidelinesSelecting the Client Adapter Opening the Site Survey UtilitySpecifying Display Units Using the Associated AP Status TabViewing the Access Point’s Status Table F-1 Site Survey Utility Associated AP Status Description Using the AP Scan List Tab Figure F-5 Site Survey Utility AP Scan List Viewing the AP Scan ListRssi Pausing the AP Scan List CCXValue 1, 2, 3, or Access point’s wireless network Viewing AP DetailsDetailed Information Parameter Description Rssi Figure F-7 Site Survey Utility Log File Generating an AP Scan Log FileUninstalling the Site Survey Utility Accessing Online HelpFinding the Version of the Site Survey Utility Exiting the Site Survey UtilityPage Stations Wireless network composed of stations without access pointsStandard Set of characters that contains both letters and numbersGL-2 GL-3 Setting must be within the range of 64 to 2312 bytesGL-4 Ethernet 802.3 and wireless LAN 802.11 specificationsGL-5 GL-6 Protection and 802.1X for authenticated key management Computing device with an installed client adapter802.1X for authenticated key management GL-7GL-8 Authentication Mode parameter Selecting in ADUIN-1 ADU Pausing ViewingSelecting the active profile IN-2Astu CAMIN-3 Data encryption ADU Site survey utility ADU Windows XPFCC C-2 IN-4IN-5 FCC CRCACK CTS RTSIN-7 MMH MIC Disabling EnablingStatus With Leap Modify button IN-8IN-9 IN-10 IN-11 IN-12 Regulatory compliance Safety Spread spectrum Setting Viewing ADUIN-13 Initial window Third-party tool, enabling in Install WizardWith test results IN-14IN-15 Security featuresIN-16
Related manuals
Manual 34 pages 15 Kb Manual 22 pages 28.37 Kb Manual 170 pages 950 b Manual 22 pages 55.14 Kb
Top Page Image Contents