Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Note LDAP user databases support only manual PAC provisioning while Cisco Secure ACS internal, Cisco Secure ODBC, and Windows NT/2000/2003 domain user databases support both automatic and manual PAC provisioning.

Note Provisioning occurs only upon initial negotiation of the PAC or upon PAC expiration. After the PAC is provisioned, it serves as the per-user key by which authentication transactions are secured.

Step 9 From the Select a PAC Authority To Use with This Profile drop-down box, highlight the PAC authority that is associated with the network defined by the profile’s SSID. The list contains the names of all the authentication servers from which you have previously provisioned a PAC.

If the PAC authority drop-down box is empty or does not contain the name of a desired PAC authority, go to Step 10 to import a PAC file.

Note This step is required for manual PAC provisioning but optional for automatic PAC provisioning. If automatic provisioning is enabled, automatic provisioning will be initiated during the authentication process of the EAP-FAST profile if no PAC authority was selected, the PAC could not be found, or the specified PAC does not match the server ID.

Note If you have multiple PACs for a given PAC authority, you can select a specific PAC from those that have already been imported or auto-provisioned by following these steps:

a.Click Select More.

b.Choose the PAC store from which you want to select a PAC file.

c.Select the desired PAC from the Select the PAC list on the Select EAP-FAST PAC window.

d.Click OK.

e.Go to Step 11.

Step 10 If necessary, follow these steps to import a PAC file:

a.Click Select More. The Select EAP-FAST PAC window appears (see Figure 5-9).

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

5-34

OL-4211-03

 

 

Page 100
Image 100
Cisco Systems CB21AG manual Click Select More