Cisco Systems CB21AG Overview of Security Features

5-14

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adapter

Setting Security Parameters

Figure5-4 Profile Management (Security) Window

This window is different from the other Profile Management windows in that it includes many security

features, each of which involves a number of steps. In addition, the security features themselves are

complex and need to be understood before they are implemented. Therefore, this section pr ovides an

overview of the security features as well as procedures for enabling them.

Overview of Security Features

You can protect your data as it is transmitted through your wireless network by encrypting it through the

use of wired equivalent privacy (WEP) encryption keys. With WEP encryption, the transmitting device

encrypts each packet with a WEP key, and the receiving device uses that same key to decrypt each

packet.

The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your

adapter or dynamically created as part of the EAP authentication process. The information in the “Static

WEP Keys” and “EAP (with Dynamic WEP Keys)” sections below can help you to decide which type

of WEP keys you want to use. Dynamic WEP keys with EAP offer a higher degree of security than static

WEP keys.

WEP keys, whether static or dynamic, are either 40 or 128 bits in l engt h. 12 8-b it WEP keys offer a

greater level of security than 40-bit WEP keys.

Note Refer to the “Additional WEP Key Security Features” section on page5-20 for information on three

security features that can make your WEP keys even more secure.

Contents

Main Page CONTENTS Page Page Page Page Page Page Page Preface Audience Purpose Organization Conventions xiv Related Publications Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Product Overview Introduction to the Client Adapters Terminology Hardware Components Radio Radio Antenna LEDs Software Components Driver Client Utilities Network Configurations Using Client Adapters Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LAN Preparing for Installation Safety information FCC Safety Compliance Statement Safety Guidelines Warnings Unpacking the Client Adapter Package Contents System Requirements Site Requirements For Infrastructure Devices For Client Devices Page Installing the Client Adapter Inserting a Client Adapter Inserting a PC-Cardbus Card Inserting a PCI Card Changing the Bracket Inserting the Card Assembling the Antenna Mounting the Antenna Page Page Installing the Client Adapter Software Page Page Page Page Page Page Page Page Page Page Installing a Microsoft Hot Fix for Group Policy Delay Page Page Using the Profile Manager Overview of Profile Manager Opening Profile Manager Page Creating a New Profile Page Page Including a Profile in Auto Profile Selection Page Selecting the Active Profile Modifying a Profile Editing a Profile Deleting a Profile Importing and Exporting Profiles Importing a Profile Exporting a Profile Configuring the Client Adapter Page Setting General Parameters Page Page Setting Advanced Parameters Page Page Page Page Page Page Setting Security Parameters Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) Page Page WPA and WPA2 CCKM Fast Secure Roaming Reporting Access Points that Fail LEAP Authentication Additional WEP Key Security Features Message Integrity Check (MIC) Temporal Key Integrity Protocol (TKIP) Broadcast Key Rotation Synchronizing Security Features Page Page Page Enabling Static WEP Page Enabling WPA/WPA2 Passphrase Enabling LEAP Page Page Page Enabling EAP-FAST Page Page Page Page Page Page Deleting a Manually Provisioned PAC File Enabling EAP-TLS or PEAP Enabling EAP-TLS Page Enabling PEAP (EAP-GTC) Page Page Page Enabling PEAP (EAP-MSCHAP V2) Page Page Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials Page Disabling Static WEP, WPA/WPA2 Passphrase, or EAP Enabling Wi-Fi Multimedia Enabling the QoS Packet Scheduler on Windows 2000 Page Page Enabling the QoS Packet Scheduler on Windows XP Setting Roaming Parameters in the Windows Control Panel Page Using EAP Authentication Using LEAP or EAP-FAST Using LEAP or EAP-FAST with the Windows Username and Password Page Using LEAP or EAP-FAST with an Automatically Prompted Login Page Page Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation After a Reboot, Logon, or Card Insertion Page Page Using LEAP or EAP-FAST with a Saved Username and Password Using EAP-TLS Using PEAP (EAP-GTC) Windows NT or 2000 Domain Databases or LDAP Databases Only OTP Databases Only Using PEAP (EAP-MSCHAP V2) Restarting the Authentication Process Page Viewing Status and Statistics Overview of ADU Status and Statistics Tools Setting Parameters that Affect ADU Status and Statistics Tools Page Viewing the Current Status of Your Client Adapter Page Page Page Page Page Page Page Viewing Statistics for Your Client Adapter Page Page Page Page Using the Aironet System Tray Utility (ASTU) Overview of ASTU The ASTU Icon Tool Tip Window Page Pop-Up Menu Help Page Enable/Disable Radio Manual Login Reauthenticate Select Profile Show Connection Status Page Page Page Routine Procedures Removing a Client Adapter Removing a PC-Cardbus Card Removing a PCI Card Client Adapter Software Procedures Upgrading the Client Adapter Software Page Page Uninstalling the Client Adapter Software ADU Procedures Opening ADU Exiting ADU Finding the Version of ADU Viewing Client Adapter Information Accessing Online Help ASTU Procedures Enabling or Disabling Your Client Adapters Radio Page Troubleshooting Accessing the Latest Troubleshooting Information Interpreting the Indicator LEDs Troubleshooting the Client Adapter Using the Troubleshooting Utility Diagnosing Your Client Adapters Operation Page Page Page Saving the Detailed Report to a Text File Disabling the Microsoft Wireless Configuration Manager (Windows XP Only) Disabling the Microsoft 802.1X Supplicant (Windows 2000 Only) Client Adapter Recognition Problems Resolving Resource Conflicts Resolving Resource Conflicts in Windows 2000 Resolving Resource Conflicts in Windows XP Problems Associating to an Access Point Problems Connecting to the Network Prioritizing Network Connections Parameters Missing from Profile Management Windows Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only) Error Messages Page Page Page Page Page Page Page Page Page Page Page Page A Technical Specifications Page Page Page Page Page B Translated Safety Warnings B-2 Explosive Device Proximity Warning B-3 Antenna Installation Warning B-4 Warning for Laptop Users B-5 B-6 C Declarations of Conformity and Regulatory Information Manufacturers Federal Communication Commission Declaration of Conformity Statement Models: FCC Certification Number: Manufacturer: Department of Communications Canada Canadian Compliance Statement European Community, Switzerland, Norway, Iceland, and Liechtenstein Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Page C-5 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter C-6 Cisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Wireless LAN Client Adapters in Japan Japanese Translation English Translation 03-5549-6500 Administrative Rules for Cisco Aironet Wireless LAN Client Adapters in Taiwan 2.4- and 5-GHz Client Adapters Chinese Translation English Translation 5-GHz Client Adapters Page D Channels, Power Levels, and Antenna Gains Channels IEEE 802.11a IEEE 802.11b/g Maximum Power Levels and Antenna Gains IEEE 802.11a IEEE 802.11b IEEE 802.11g Page E Configuring the Client Adapter through the Windows XP Operating System Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) WPA Configuring the Client Adapter Page Page Page Page Enabling EAP-TLS Authentication Page Page Enabling PEAP Authentication Enabling PEAP (EAP-MSCHAP V2) Page Enabling PEAP (EAP-GTC) Page Associating to an Access Point Using Windows XP Viewing the Current Status of Your Client Adapter F Performing a Site Survey Guidelines Additional Information Opening the Site Survey Utility Selecting the Client Adapter Using the Associated AP Status Tab Specifying Display Units Viewing the Access Points Status Page Page Using the AP Scan List Tab Viewing the AP Scan List Page Pausing the AP Scan List Viewing AP Details Page Generating an AP Scan Log File Page Page GLOSSARY A B C D E F G H I L M O P Q R S T U V W Page INDEX Numerics A Page B C D E F G H I J K M N O P Page Q R S Page T U V W