Cisco Systems CB21AG manual Configuring the Client Adapter Setting Security Parameters

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials

The Host Based EAP option in the 802.1x EAP Type drop-down box on the Profile Management (Security) window enables client adapters that are configured through ADU to attempt to log into a domain using PEAP (EAP-MSCHAP V2) machine authentication with machine credentials. Doing so enables your computer to connect to the network prior to user logon. Follow these steps to enable this authentication type.

Note This procedure enables you to use PEAP (EAP-MSCHAP V2) machine authentication with machine credentials. If you want to enable PEAP (EAP-MSCHAP V2) machine authentication with user credentials, follow the instructions in the “Enabling PEAP (EAP-MSCHAP V2)” section on page 5-46.

Note Because this feature requires the Microsoft Wireless Configuration Manager to start and stop as you switch between host-based EAP and non-host-based EAP profiles, it works only for users with administrator or power-user privileges. An error message appears if you attempt to switch to or from a host-based EAP profile and you do not have the proper permissions.

Note To use this feature on a computer running Windows 2000, your computer must have the Microsoft 802.1X supplicant installed.

Note Host Based EAP is not included in the list of WPA/WPA2/CCKM EAP Type options on the Profile Management (Security) window in ADU because this feature is not supported for use with WPA or WPA2.

Step 1 Choose 802.1x under Set Security Options and Host Based EAP in the 802.1x EAP Type drop-down box.

Step 2 If you want to change the value of the Group Policy Delay parameter, enter a new value or use the up and down arrows to select a value between 0 and 65535 seconds. (Microsoft supports only values between 30 and 600 seconds. The default value is 60 seconds.)

The Group Policy Delay parameter specifies how much time elapses before the Windows logon process starts Group Policy, a Windows feature used by administrators to specify configuration options for groups of users. The objective is to delay the start of Group Policy until wireless network authentication occurs. The value that you set for this parameter goes into effect after the computer reboots with this profile set as the active profile.

Note A Microsoft hot fix is required in order to use this parameter on computers running Windows 2000. Refer to the “Installing a Microsoft Hot Fix for Group Policy Delay” section on page 3-20for information on obtaining and installing the hot fix.

Step 3 Click OK to save your settings.

Step 4 Activate this profile on the Cisco Aironet Desktop Utility (Profile Management) window. The Microsoft Wireless Configuration Manager starts.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide