Cisco Systems CB21AG

5-41

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adap ter Setting Security Parameters

Step3 Check the Use Machine Information For Domain Logon check box if you want the c lient to a ttem pt

to log into a domain using machine authentication with a machine certificate and machine credentials

rather than user authentication. Doing so enables your computer to connect to the network prior to user

logon. The default setting is unchecked.

Note If you do not check the Use Machine Information For Domain Logon check box, machine

authentication is not performed. Authentication does not occur until you log on.

Step4 If you checked the Use Machine Information For Domain Logon check box in the previous step, the

Always Do User Authentication check box at the bottom of the window becomes active. Perform one of

the following:

•Check the Always Do User Authentication check box if you want the client to switch from using

machine authentication to using user authentication after you log o n u si ng you r u ser na me a nd

password. This is the default setting.

•Uncheck the Always Do User Authentication check box if you want the client to continue to use

machine authentication after your computer logs into the domain.

Step5 Choose your server certificate in the Select a Certificate drop-down box.

Step6 Choose the certificate authority from which the server certificate was downloaded in the Trusted Root

Certification Authorities drop-down box.

Step7 Perform one of the following:

•Leave the Server/Domain Name field blank to allo w the cl ient to a ccept a certif icate from an y ser ver

that supplies a certificate signed by the certificate authority listed in the Trusted Root Certification

Authorities drop-down box. This is the recommended option.

•In the Server/Domain Name field, enter the domain name of the server from which the client will

accept a certificate.

Step8 If the Login Name field is not filled in automatically, enter your username in this format:

username@domain (for example, jsmith@acs-test.cisco.com).

Step9 Click OK to save your settings and return to the Profile Management (Security) window.

Step10 Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates

whether the client adapter can associate to an access point that allows both WEP and non-WEP

associations:

•Check the Allow Association to Mixed Cells check box if the access point to which the client

adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional.

Otherwise, the client is unable to establish a connection with the access point.

•Uncheck the Allow Association to Mixed Cells check box if the access point to which the client

adapter is to associate (or the VLAN to which the client will be assigned) does not have WEP set to

Optional. This is the default setting.

Note This parameter is available only if the 802.1x security option is selected.

Note For security reasons, Cisco recommends that WEP-enabled and WEP-disabled clients not be

allowed in the same cell because broadcast packets are sent unencrypted, even to clients r unning

WEP. However, you can enable VLANs on the access point to separate WEP-enabled and

WEP-disabled clients.