Cisco Systems CB21AG manual Configuring the Client Adapter Setting Security Parameters

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Step 3 Check the Use Machine Information For Domain Logon check box if you want the client to attempt to log into a domain using machine authentication with a machine certificate and machine credentials rather than user authentication. Doing so enables your computer to connect to the network prior to user logon. The default setting is unchecked.

Note If you do not check the Use Machine Information For Domain Logon check box, machine authentication is not performed. Authentication does not occur until you log on.

Step 4 If you checked the Use Machine Information For Domain Logon check box in the previous step, the Always Do User Authentication check box at the bottom of the window becomes active. Perform one of the following:

•Check the Always Do User Authentication check box if you want the client to switch from using machine authentication to using user authentication after you log on using your username and password. This is the default setting.

•Uncheck the Always Do User Authentication check box if you want the client to continue to use machine authentication after your computer logs into the domain.

Step 5 Choose your server certificate in the Select a Certificate drop-down box.

Step 6 Choose the certificate authority from which the server certificate was downloaded in the Trusted Root Certification Authorities drop-down box.

Step 7 Perform one of the following:

•Leave the Server/Domain Name field blank to allow the client to accept a certificate from any server that supplies a certificate signed by the certificate authority listed in the Trusted Root Certification Authorities drop-down box. This is the recommended option.

•In the Server/Domain Name field, enter the domain name of the server from which the client will accept a certificate.

Step 8 If the Login Name field is not filled in automatically, enter your username in this format: username@domain (for example, jsmith@acs-test.cisco.com).

Step 9 Click OK to save your settings and return to the Profile Management (Security) window.

Step 10 Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates whether the client adapter can associate to an access point that allows both WEP and non-WEP associations:

•Check the Allow Association to Mixed Cells check box if the access point to which the client adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional. Otherwise, the client is unable to establish a connection with the access point.

•Uncheck the Allow Association to Mixed Cells check box if the access point to which the client adapter is to associate (or the VLAN to which the client will be assigned) does not have WEP set to Optional. This is the default setting.

Note This parameter is available only if the 802.1x security option is selected.

Note For security reasons, Cisco recommends that WEP-enabled and WEP-disabled clients not be allowed in the same cell because broadcast packets are sent unencrypted, even to clients running WEP. However, you can enable VLANs on the access point to separate WEP-enabled and WEP-disabled clients.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide