Cisco Systems CB21AG manual Configuring the Client Adapter Setting Security Parameters

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Note PAC file passwords are optional. The PAC authority determines whether to issue PAC files that require user-supplied passwords. Nevertheless, all PAC files (even those without passwords) are encrypted and protected. PAC file passwords are different from EAP-FAST passwords and need to be entered only once, at the time a PAC is imported.

h.If you try to import a PAC file with the same PAC ID as a previously imported PAC file, you are asked if you want to update the existing PAC. If you click Yes, the existing PAC is replaced by the new one from the imported file.

i.If the PAC file was imported successfully, the following message appears: “EAP-FAST PAC file was imported and ready for use.” Click OK to return to the Select EAP-FAST PAC window.

j.The imported PAC now appears in the Select the PAC list on the Select EAP-FAST PAC window. Click OK to return to the EAP-FAST Settings window.

k.The name of the PAC authority that issued the PAC now appears in the PAC authority drop-down box on the EAP-FAST Settings window. Select the desired PAC authority from the list.

Step 11 Click OK to save your settings and return to the Profile Management (Security) window.

Note If you selected a private PAC and the No Network Connection Unless User Is Logged In check box is unchecked, a message appears indicating that the PAC may not be accessible during the domain logon process or when you are logged off. If you want a copy of the PAC to be added to the global store so that it will be available when you are not logged on, click Yes. If you do not want a copy of the PAC to be added to the global store, click No; then click OK when a message appears indicating that you may need to later reconfigure your profile to use a global PAC if you experience wireless connection problems during domain logon or when you are not logged on.

Step 12 Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates whether the client adapter can associate to an access point that allows both WEP and non-WEP associations:

•Check the Allow Association to Mixed Cells check box if the access point to which the client adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional. Otherwise, the client is unable to establish a connection with the access point.

•Uncheck the Allow Association to Mixed Cells check box if the access point to which the client adapter is to associate (or the VLAN to which the client will be assigned) does not have WEP set to Optional. This is the default setting.

Note This parameter is available only if the 802.1x security option is selected.

Note For security reasons, Cisco recommends that WEP-enabled and WEP-disabled clients not be allowed in the same cell because broadcast packets are sent unencrypted, even to clients running WEP. However, you can enable VLANs on the access point to separate WEP-enabled and WEP-disabled clients.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide