Cisco Systems CB21AG - page 87

5-21

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adap ter Setting Security Parameters

WPA or WPA2 passphrase

(or WPA or WPA2

pre-shared key)

Choose WPA/WPA2 Passphrase

and enter the passphrase Choose a cipher suite, enable Open

Authentication and WPA for the

SSID, and enter a WPA pre-shared

key

Note To allow both WPA and

non-WPA clients to use the

SSID, enable optional

WPA.

LEAP authentication Choose 802.1x and LEAP; then set

LEAP settings Set up and enable WEP and enable

Network-EAP Authentication for

the SSID

LEAP authentication with

WPA or WPA2 Choose WPA/WPA2/CCKM and

LEAP; then set LEAP settings For WPA, choose a cipher suite that

includes TKIP and enable

Network-EAP and Open with EAP

Authentication and WPA for the

SSID

For WPA2, choose a cipher suite

that includes AES-CCMP and

enable Network-EAP and Open

with EAP Authentication and WPA

for the SSID

Note To allow both WPA and

non-WPA clients to use the

SSID, enable optional

WPA.

EAP-FAST authentication Choose 802.1x and EAP-FAST, set

EAP-FAST settings, and enable

automatic provisioning or import a

PAC fi le

Set up and enable WEP and enable

both Network-EAP and Open with

EAP Authentication for the SSID

EAP-FAST authentication

with WPA or WPA2 Choose WPA/WPA2/CCKM and

EAP-FAST, set EAP-FAST

settings, and enable automatic

provisioning or import a PAC file

For WPA, choose a cipher suite that

includes TKIP and enable both

Network-EAP and Open with EAP

Authentication as well as WPA for

the SSID

For WPA2, choose a cipher suite

that includes AES-CCMP and

enable both Network-EAP and

Open with EAP Authentication as

well as WPA for the SSID

Note To allow both WPA and

non-WPA clients to use the

SSID, enable optional

WPA.

Table5-4 Client and Access Point Security Settings (continued)

Security Feature Client Setting Access Point Setting

Contents

Main Page CONTENTS Page Page Page Page Page Page Page Preface Audience Purpose Organization Conventions xiv Related Publications Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Product Overview Introduction to the Client Adapters Terminology Hardware Components Radio Radio Antenna LEDs Software Components Driver Client Utilities Network Configurations Using Client Adapters Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LAN Preparing for Installation Safety information FCC Safety Compliance Statement Safety Guidelines Warnings Unpacking the Client Adapter Package Contents System Requirements Site Requirements For Infrastructure Devices For Client Devices Page Installing the Client Adapter Inserting a Client Adapter Inserting a PC-Cardbus Card Inserting a PCI Card Changing the Bracket Inserting the Card Assembling the Antenna Mounting the Antenna Page Page Installing the Client Adapter Software Page Page Page Page Page Page Page Page Page Page Installing a Microsoft Hot Fix for Group Policy Delay Page Page Using the Profile Manager Overview of Profile Manager Opening Profile Manager Page Creating a New Profile Page Page Including a Profile in Auto Profile Selection Page Selecting the Active Profile Modifying a Profile Editing a Profile Deleting a Profile Importing and Exporting Profiles Importing a Profile Exporting a Profile Configuring the Client Adapter Page Setting General Parameters Page Page Setting Advanced Parameters Page Page Page Page Page Page Setting Security Parameters Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) Page Page WPA and WPA2 CCKM Fast Secure Roaming Reporting Access Points that Fail LEAP Authentication Additional WEP Key Security Features Message Integrity Check (MIC) Temporal Key Integrity Protocol (TKIP) Broadcast Key Rotation Synchronizing Security Features Page Page Page Enabling Static WEP Page Enabling WPA/WPA2 Passphrase Enabling LEAP Page Page Page Enabling EAP-FAST Page Page Page Page Page Page Deleting a Manually Provisioned PAC File Enabling EAP-TLS or PEAP Enabling EAP-TLS Page Enabling PEAP (EAP-GTC) Page Page Page Enabling PEAP (EAP-MSCHAP V2) Page Page Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials Page Disabling Static WEP, WPA/WPA2 Passphrase, or EAP Enabling Wi-Fi Multimedia Enabling the QoS Packet Scheduler on Windows 2000 Page Page Enabling the QoS Packet Scheduler on Windows XP Setting Roaming Parameters in the Windows Control Panel Page Using EAP Authentication Using LEAP or EAP-FAST Using LEAP or EAP-FAST with the Windows Username and Password Page Using LEAP or EAP-FAST with an Automatically Prompted Login Page Page Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation After a Reboot, Logon, or Card Insertion Page Page Using LEAP or EAP-FAST with a Saved Username and Password Using EAP-TLS Using PEAP (EAP-GTC) Windows NT or 2000 Domain Databases or LDAP Databases Only OTP Databases Only Using PEAP (EAP-MSCHAP V2) Restarting the Authentication Process Page Viewing Status and Statistics Overview of ADU Status and Statistics Tools Setting Parameters that Affect ADU Status and Statistics Tools Page Viewing the Current Status of Your Client Adapter Page Page Page Page Page Page Page Viewing Statistics for Your Client Adapter Page Page Page Page Using the Aironet System Tray Utility (ASTU) Overview of ASTU The ASTU Icon Tool Tip Window Page Pop-Up Menu Help Page Enable/Disable Radio Manual Login Reauthenticate Select Profile Show Connection Status Page Page Page Routine Procedures Removing a Client Adapter Removing a PC-Cardbus Card Removing a PCI Card Client Adapter Software Procedures Upgrading the Client Adapter Software Page Page Uninstalling the Client Adapter Software ADU Procedures Opening ADU Exiting ADU Finding the Version of ADU Viewing Client Adapter Information Accessing Online Help ASTU Procedures Enabling or Disabling Your Client Adapters Radio Page Troubleshooting Accessing the Latest Troubleshooting Information Interpreting the Indicator LEDs Troubleshooting the Client Adapter Using the Troubleshooting Utility Diagnosing Your Client Adapters Operation Page Page Page Saving the Detailed Report to a Text File Disabling the Microsoft Wireless Configuration Manager (Windows XP Only) Disabling the Microsoft 802.1X Supplicant (Windows 2000 Only) Client Adapter Recognition Problems Resolving Resource Conflicts Resolving Resource Conflicts in Windows 2000 Resolving Resource Conflicts in Windows XP Problems Associating to an Access Point Problems Connecting to the Network Prioritizing Network Connections Parameters Missing from Profile Management Windows Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only) Error Messages Page Page Page Page Page Page Page Page Page Page Page Page A Technical Specifications Page Page Page Page Page B Translated Safety Warnings B-2 Explosive Device Proximity Warning B-3 Antenna Installation Warning B-4 Warning for Laptop Users B-5 B-6 C Declarations of Conformity and Regulatory Information Manufacturers Federal Communication Commission Declaration of Conformity Statement Models: FCC Certification Number: Manufacturer: Department of Communications Canada Canadian Compliance Statement European Community, Switzerland, Norway, Iceland, and Liechtenstein Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Page C-5 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter C-6 Cisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Wireless LAN Client Adapters in Japan Japanese Translation English Translation 03-5549-6500 Administrative Rules for Cisco Aironet Wireless LAN Client Adapters in Taiwan 2.4- and 5-GHz Client Adapters Chinese Translation English Translation 5-GHz Client Adapters Page D Channels, Power Levels, and Antenna Gains Channels IEEE 802.11a IEEE 802.11b/g Maximum Power Levels and Antenna Gains IEEE 802.11a IEEE 802.11b IEEE 802.11g Page E Configuring the Client Adapter through the Windows XP Operating System Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) WPA Configuring the Client Adapter Page Page Page Page Enabling EAP-TLS Authentication Page Page Enabling PEAP Authentication Enabling PEAP (EAP-MSCHAP V2) Page Enabling PEAP (EAP-GTC) Page Associating to an Access Point Using Windows XP Viewing the Current Status of Your Client Adapter F Performing a Site Survey Guidelines Additional Information Opening the Site Survey Utility Selecting the Client Adapter Using the Associated AP Status Tab Specifying Display Units Viewing the Access Points Status Page Page Using the AP Scan List Tab Viewing the AP Scan List Page Pausing the AP Scan List Viewing AP Details Page Generating an AP Scan Log File Page Page GLOSSARY A B C D E F G H I L M O P Q R S T U V W Page INDEX Numerics A Page B C D E F G H I J K M N O P Page Q R S Page T U V W