Cisco Systems CB21AG - page 100

5-34

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adapter

Setting Security Parameters

Note LDAP user databases support only manual PAC provisioning while Cisco Secure ACS internal,

Cisco Secure ODBC, and Windows NT/2000/2003 domain user databases support both

automatic and manual PAC provisioning.

Note Provisioning occurs only upon initial negotiation of the PAC or upon PAC expiration. After the

PAC is provisioned, it serves as the per-user key by which authentication transactions are

secured.

Step9 From the Select a PAC Authority To Use with This Profile drop-down box, highlight the PAC authority

that is associated with the network defined by the profile’s SSID. The list contains the names of all the

authentication servers from which you have previously provisioned a PAC.

If the PAC authority drop-down box is empty or does not contain the name of a desired PAC authority,

go to Step 10 to import a PAC file.

Note This step is required for manual PAC provisioning but optional for automatic PAC provisioning.

If automatic provisioning is enabled, automatic provisioning will be initiated during the

authentication process of the EAP-FAST profile if no PAC authority was selected, the PAC could

not be found, or the specified PAC does not match the server ID.

Note If you have multiple PACs for a given PAC authority, you can select a specific PAC from those

that have already been imported or auto-provisioned by following these ste ps:

a. Click Select More.

b. Choose the PAC store from which you want to select a PAC file.

c. Select the desired PAC from the Select the PAC list on the Select EAP-FAST PAC window.

d. Click OK.

e. Go to Step 11.

Step10 If necessary, follow these steps to import a PAC file:

a. Click Select More. The Select EAP-FAST PAC window appears (see Figure 5-9).

Contents

Main Page CONTENTS Page Page Page Page Page Page Page Preface Audience Purpose Organization Conventions xiv Related Publications Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Product Overview Introduction to the Client Adapters Terminology Hardware Components Radio Radio Antenna LEDs Software Components Driver Client Utilities Network Configurations Using Client Adapters Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LAN Preparing for Installation Safety information FCC Safety Compliance Statement Safety Guidelines Warnings Unpacking the Client Adapter Package Contents System Requirements Site Requirements For Infrastructure Devices For Client Devices Page Installing the Client Adapter Inserting a Client Adapter Inserting a PC-Cardbus Card Inserting a PCI Card Changing the Bracket Inserting the Card Assembling the Antenna Mounting the Antenna Page Page Installing the Client Adapter Software Page Page Page Page Page Page Page Page Page Page Installing a Microsoft Hot Fix for Group Policy Delay Page Page Using the Profile Manager Overview of Profile Manager Opening Profile Manager Page Creating a New Profile Page Page Including a Profile in Auto Profile Selection Page Selecting the Active Profile Modifying a Profile Editing a Profile Deleting a Profile Importing and Exporting Profiles Importing a Profile Exporting a Profile Configuring the Client Adapter Page Setting General Parameters Page Page Setting Advanced Parameters Page Page Page Page Page Page Setting Security Parameters Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) Page Page WPA and WPA2 CCKM Fast Secure Roaming Reporting Access Points that Fail LEAP Authentication Additional WEP Key Security Features Message Integrity Check (MIC) Temporal Key Integrity Protocol (TKIP) Broadcast Key Rotation Synchronizing Security Features Page Page Page Enabling Static WEP Page Enabling WPA/WPA2 Passphrase Enabling LEAP Page Page Page Enabling EAP-FAST Page Page Page Page Page Page Deleting a Manually Provisioned PAC File Enabling EAP-TLS or PEAP Enabling EAP-TLS Page Enabling PEAP (EAP-GTC) Page Page Page Enabling PEAP (EAP-MSCHAP V2) Page Page Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials Page Disabling Static WEP, WPA/WPA2 Passphrase, or EAP Enabling Wi-Fi Multimedia Enabling the QoS Packet Scheduler on Windows 2000 Page Page Enabling the QoS Packet Scheduler on Windows XP Setting Roaming Parameters in the Windows Control Panel Page Using EAP Authentication Using LEAP or EAP-FAST Using LEAP or EAP-FAST with the Windows Username and Password Page Using LEAP or EAP-FAST with an Automatically Prompted Login Page Page Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation After a Reboot, Logon, or Card Insertion Page Page Using LEAP or EAP-FAST with a Saved Username and Password Using EAP-TLS Using PEAP (EAP-GTC) Windows NT or 2000 Domain Databases or LDAP Databases Only OTP Databases Only Using PEAP (EAP-MSCHAP V2) Restarting the Authentication Process Page Viewing Status and Statistics Overview of ADU Status and Statistics Tools Setting Parameters that Affect ADU Status and Statistics Tools Page Viewing the Current Status of Your Client Adapter Page Page Page Page Page Page Page Viewing Statistics for Your Client Adapter Page Page Page Page Using the Aironet System Tray Utility (ASTU) Overview of ASTU The ASTU Icon Tool Tip Window Page Pop-Up Menu Help Page Enable/Disable Radio Manual Login Reauthenticate Select Profile Show Connection Status Page Page Page Routine Procedures Removing a Client Adapter Removing a PC-Cardbus Card Removing a PCI Card Client Adapter Software Procedures Upgrading the Client Adapter Software Page Page Uninstalling the Client Adapter Software ADU Procedures Opening ADU Exiting ADU Finding the Version of ADU Viewing Client Adapter Information Accessing Online Help ASTU Procedures Enabling or Disabling Your Client Adapters Radio Page Troubleshooting Accessing the Latest Troubleshooting Information Interpreting the Indicator LEDs Troubleshooting the Client Adapter Using the Troubleshooting Utility Diagnosing Your Client Adapters Operation Page Page Page Saving the Detailed Report to a Text File Disabling the Microsoft Wireless Configuration Manager (Windows XP Only) Disabling the Microsoft 802.1X Supplicant (Windows 2000 Only) Client Adapter Recognition Problems Resolving Resource Conflicts Resolving Resource Conflicts in Windows 2000 Resolving Resource Conflicts in Windows XP Problems Associating to an Access Point Problems Connecting to the Network Prioritizing Network Connections Parameters Missing from Profile Management Windows Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only) Error Messages Page Page Page Page Page Page Page Page Page Page Page Page A Technical Specifications Page Page Page Page Page B Translated Safety Warnings B-2 Explosive Device Proximity Warning B-3 Antenna Installation Warning B-4 Warning for Laptop Users B-5 B-6 C Declarations of Conformity and Regulatory Information Manufacturers Federal Communication Commission Declaration of Conformity Statement Models: FCC Certification Number: Manufacturer: Department of Communications Canada Canadian Compliance Statement European Community, Switzerland, Norway, Iceland, and Liechtenstein Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Page C-5 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter C-6 Cisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Wireless LAN Client Adapters in Japan Japanese Translation English Translation 03-5549-6500 Administrative Rules for Cisco Aironet Wireless LAN Client Adapters in Taiwan 2.4- and 5-GHz Client Adapters Chinese Translation English Translation 5-GHz Client Adapters Page D Channels, Power Levels, and Antenna Gains Channels IEEE 802.11a IEEE 802.11b/g Maximum Power Levels and Antenna Gains IEEE 802.11a IEEE 802.11b IEEE 802.11g Page E Configuring the Client Adapter through the Windows XP Operating System Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) WPA Configuring the Client Adapter Page Page Page Page Enabling EAP-TLS Authentication Page Page Enabling PEAP Authentication Enabling PEAP (EAP-MSCHAP V2) Page Enabling PEAP (EAP-GTC) Page Associating to an Access Point Using Windows XP Viewing the Current Status of Your Client Adapter F Performing a Site Survey Guidelines Additional Information Opening the Site Survey Utility Selecting the Client Adapter Using the Associated AP Status Tab Specifying Display Units Viewing the Access Points Status Page Page Using the AP Scan List Tab Viewing the AP Scan List Page Pausing the AP Scan List Viewing AP Details Page Generating an AP Scan Log File Page Page GLOSSARY A B C D E F G H I L M O P Q R S T U V W Page INDEX Numerics A Page B C D E F G H I J K M N O P Page Q R S Page T U V W