Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Note

Note

Note

If you want to enable CCKM fast secure roaming on the client adapter, you must choose the WPA/WPA2/CCKM security option on the Profile Management (Security) window, regardless of whether you want the adapter to use WPA or WPA2. The configuration of the access point to which your client adapter associates determines whether CCKM will be used with 802.1x, WPA, or WPA2.

Access points must use Cisco IOS Release 12.2(11)JA or later to enable CCKM fast secure roaming. Refer to the documentation for your access point for instructions on enabling this feature.

The Microsoft Wireless Configuration Manager and the Microsoft 802.1X supplicant, if installed, must be disabled in order for CCKM fast secure roaming to operate correctly. If your computer is running Windows XP and you chose to configure your client adapter using ADU during installation, these features should already be disabled. Similarly, if your computer is running Windows 2000, the Microsoft 802.1X supplicant, if installed, should already be disabled. Refer to Chapter 10 if you need additional information.

Reporting Access Points that Fail LEAP Authentication

The CB21AG and PI21AG client adapters and the following access point firmware versions support a feature that is designed to detect access points that fail LEAP authentication:

12.00T or later (access points running VxWorks)

Cisco IOS Release 12.2(4)JA or later (1100 series access points)

Cisco IOS Release 12.2(8)JA or later (1200 series access points)

Cisco IOS Release 12.2(13)JA or later (350 series access points)

An access point running one of these firmware versions records a message in the system log when the client discovers and reports another access point in the wireless network that has failed LEAP authentication.

The process takes place as follows:

1.A client with a LEAP profile attempts to associate to access point A.

2.Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server.

3.The client records the MAC address for access point A and the reason why the association failed.

4.The client associates successfully to access point B.

5.The client sends the MAC address of access point A and the reason code for the failure to access point B.

6.Access point B logs the failure in the system log.

Note This feature does not need to be enabled on the client adapter or access point; it is supported automatically by both devices. However, the access points must use the specified firmware versions or later.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

 

OL-4211-03

5-19

 

 

 

Page 85
Image 85
Cisco Systems CB21AG manual Reporting Access Points that Fail Leap Authentication