Cisco Systems CB21AG Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials

5-49

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adap ter Setting Security Parameters

Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials

The Host Based EAP option in the 802.1x EAP Type drop-down box on the Profile Management

(Security) window enables client adapters that are configured through ADU to attempt to log into a

domain using PEAP (EAP-MSCHAP V2) machine authentication with machine credentials. Doing so

enables your computer to connect to the network prior to user logon. Follow these steps to enable this

authentication type.

Note This procedure enables you to use PEAP (EAP-MSCHAP V2) machine authentication with machine

credentials. If you want to enable PEAP (EAP-MSCHAP V2) machine authentication with user

credentials, follow the instructions in the “Enabling PEA P ( EAP- MSCHA P V2 )” sect ion on page 5-46.

Note Because this feature requires the Microsoft Wireless Configuration Manager to start and stop as you

switch between host-based EAP and non-host-based EAP profiles, it works only for users with

administrator or power-user privileges. An error message appears if you attempt to switch to or from a

host-based EAP profile and you do not have the proper permissions.

Note To use this feature on a computer running Windows 2000, your computer must have the Microsoft

802.1X supplicant installed.

Note Host Based EAP is not included in the list of WPA/WPA2/CCKM EAP Type options on the Profile

Management (Security) window in ADU because this feature is not supported for use with WPA or

WPA2.

Step1 Choose 802.1x under Set Security Options and Host Based EAP in the 802.1x EAP Type drop-down

box.

Step2 If you want to change the value of the Group Policy Delay parameter, enter a new value or use the up

and down arrows to select a value between 0 and 65535 seconds. (Micro soft supp orts onl y values

between 30 and 600 seconds. The default value is 60 seconds.)

The Group Policy Delay parameter specifies how much time elapses before the Windows logon process

starts Group Policy, a Windows feature used by administrators to specify configuration options for

groups of users. The objective is to delay the start of Group Policy until wireless network authenticatio n

occurs. The value that you set for this parameter goes into effect after the computer reboots with this

profile set as the active profile.

Note A Microsoft hot fix is required in order to use this parameter on com puters ru nning Windows

2000. Refer to the “Installing a Microsoft Hot Fix for Group Policy Delay” section on pa ge 3-20

for information on obtaining and installing the hot fix.

Step3 Click OK to save your settings.

Step4 Activate this profile on the Cisco Aironet Desktop Utility (Profile Management) window. The Microsoft

Wireless Configuration Manager starts.