Wpa | Cisco Systems CB21AG specification

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Table 5-4	Client and Access Point Security Settings (continued)

Security Feature		Client Setting	Access Point Setting

WPA or WPA2 passphrase		Choose WPA/WPA2 Passphrase	Choose a cipher suite, enable Open
(or WPA or WPA2		and enter the passphrase	Authentication and WPA for the
pre-shared key)			SSID, and enter a WPA pre-shared
			key
			Note To allow both WPA and
			non-WPA clients to use the
			SSID, enable optional
			WPA.

LEAP authentication		Choose 802.1x and LEAP; then set	Set up and enable WEP and enable
		LEAP settings	Network-EAP Authentication for
			the SSID

LEAP authentication with		Choose WPA/WPA2/CCKM and	For WPA, choose a cipher suite that
WPA or WPA2		LEAP; then set LEAP settings	includes TKIP and enable
			Network-EAP and Open with EAP
			Authentication and WPA for the
			SSID
			For WPA2, choose a cipher suite
			that includes AES-CCMP and
			enable Network-EAP and Open
			with EAP Authentication and WPA
			for the SSID
			Note To allow both WPA and
			non-WPA clients to use the
			SSID, enable optional
			WPA.

EAP-FAST authentication		Choose 802.1x and EAP-FAST, set	Set up and enable WEP and enable
		EAP-FAST settings, and enable	both Network-EAP and Open with
		automatic provisioning or import a	EAP Authentication for the SSID
		PAC file

EAP-FAST authentication		Choose WPA/WPA2/CCKM and	For WPA, choose a cipher suite that
with WPA or WPA2		EAP-FAST, set EAP-FAST	includes TKIP and enable both
		settings, and enable automatic	Network-EAP and Open with EAP
		provisioning or import a PAC file	Authentication as well as WPA for
			the SSID
			For WPA2, choose a cipher suite
			that includes AES-CCMP and
			enable both Network-EAP and
			Open with EAP Authentication as
			well as WPA for the SSID
			Note To allow both WPA and
			non-WPA clients to use the
			SSID, enable optional
			WPA.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

	OL-4211-03	5-21

Image 87

Cisco Systems CB21AG manual Wpa

Contents

Customer Order Number Text Part Number OL-4211-03 Corporate Headquarters Copyright 2005 Cisco Systems, Inc All rights reserved Iii N T E N T S Assembling the Antenna Overview Pop-Up Menu Help Exit Vii Select Profile Viii Antenna Installation Warning B-3 WPA OL-4211-03 Following topics are covered in this section Preface Xii AudiencePurpose Organization Xiii Conventions Xiv Documentation DVD Related PublicationsObtaining Documentation Cisco.com Xvi Cisco Product Security OverviewOrdering Documentation Documentation Feedback An emergency, you can also reach Psirt by telephone 877 408 Reporting Security Problems in Cisco ProductsObtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request SeverityXviii Xix Obtaining Additional Publications and Information OL-4211-03 Product Overview AIR-CB21AG Introduction to the Client AdaptersTerminology Client Adapter Model Number Description LEDs Hardware ComponentsRadio Radio Antenna Software Components DriverClient Utilities Ad Hoc Wireless LAN Network Configurations Using Client Adapters Access Point Root Unit Wired LAN Preparing for Installation Safety information FCC Safety Compliance StatementSafety Guidelines Unpacking the Client Adapter Package Contents System Requirements Site Requirements For Infrastructure DevicesFor Client Devices OL-4211-03 Installing the Client Adapter Inserting a PC-Cardbus Card Inserting a Client Adapter Inserting a PCI Card Changing the BracketBracket screws Inserting the Card Inserting a PCI Card into a PC Assembling the Antenna Inserting the Antenna into Its Base Mounting the Antenna Bottom of Antenna Base Mounting the Antenna Installing the Client Adapter Software Preparing Setup Window Cisco Aironet Installation Program Window Click Next. The Setup Type window appears see Figure 10 Setup Type Window 11 Install Cisco Aironet Site Survey Utility Window 12 Choose Destination Location Window 13 Select Program Folder Window 14 Important Please Read! Window 15 Choose Configuration Tool Window Feature Receive Leap or EAP-FAST authenticationWith dynamic WEP EAP-TLS or Peap authentication Yes Security Static WEP Yes Click Properties Installing a Microsoft Hot Fix for Group Policy Delay Page OL-4211-03 Using the Profile Manager Opening Profile Manager Overview of Profile Manager SSID3 Field DescriptionSSID1 SSID2 Available Infrastructure and Ad Hoc Networks Window Creating a New Profile SNR Profile Management General Window Auto Profile Selection Management Window Including a Profile in Auto Profile Selection OL-4211-03 Selecting the Active Profile Deleting a Profile Modifying a ProfileImporting and Exporting Profiles Editing a Profile Exporting a Profile Importing a Profile Export Profile Window Configuring the Client Adapter Parameter Category Number Overview Setting General Parameters Parameter Description Auto profile selection ReconfiguredAuto profile selection or configured for use in an ad hoc Client adapter to roam to that network without having to be Profile Management Advanced Window Setting Advanced Parameters Radio Band Transmit Power Level Profile Management Advanced Parameters Network Type Description Parameter Description Parameter Description Default Open Preferred Access Points Window Setting Security Parameters Profile Management Security Window Overview of Security Features EAP with Dynamic WEP Keys Static WEP Keys Configuring the Client Adapter Setting Security Parameters EAP-FAST, EAP-TLS, Peap EAP-GTC, or Peap EAP-MSCHAP V2, LEAP, Cckm Fast Secure Roaming WPA and WPA2 Reporting Access Points that Fail Leap Authentication Ssid Synchronizing Security FeaturesAdditional WEP Key Security Features Security Feature Client Setting Access Point Setting WPA Security Feature Client Setting Access Point Setting MIC LEAP, EAP-FAST, EAP-TLSOr later, choose a cipher suite that is WPA/WPA2/CCKM Interval to any value other than Enabling Static WEPTkip Peap EAP-MSCHAP Configuring the Client Adapter Setting Security Parameters Define WPA/WPA2 Pre-Shared Key Window Enabling WPA/WPA2 Passphrase Enabling Leap Leap Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling EAP-FAST EAP-FAST Settings Window Configuring the Client Adapter Setting Security Parameters Click Select More Select EAP-FAST PAC Window 10 Import EAP-FAST PAC File Window Configuring the Client Adapter Setting Security Parameters Deleting a Manually Provisioned PAC File Enabling EAP-TLS or Peap 12 Define Certificate Window Enabling EAP-TLS Configuring the Client Adapter Setting Security Parameters Enabling Peap EAP-GTC 13 Define Peap EAP-GTC Configuration Window 14 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters Enabling Peap EAP-MSCHAP 15 Define Peap EAP-MSCHAP V2 Configuration Window 16 Configuration Settings Window Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Configuring the Client Adapter Setting Security Parameters Enabling Wi-Fi Multimedia Disabling Static WEP, WPA/WPA2 Passphrase, or EAPEnabling the QoS Packet Scheduler on Windows 17 Wireless Cisco Connection Properties Window 18 Select Network Component Type Window Click Control Panel Double-clickNetwork Connections Enabling the QoS Packet Scheduler on Windows XP Follow these steps to access the roaming parameters Setting Roaming Parameters in the Windows Control Panel Wireless Mode Using EAP Authentication Leap or EAP-FAST Authentication Status Window Using Leap or EAP-FAST Stage Explanation After Profile Activation or Card Insertion After Your EAP-FAST Password Expires After a Reboot or Logon Using Leap or EAP-FAST with an Automatically Prompted Login Enter Wireless Network Password Window After Your EAP-FAST Password Expires After Profile Activation Using Leap or EAP-FAST with a Manually Prompted Login After a Reboot, Logon, or Card Insertion Action Drop-Down Menu After Your EAP-FAST Password Expires Using Leap or EAP-FAST with a Saved Username and Password 10 Please Change Password Window Using EAP-TLS Using Peap EAP-GTC Windows NT or 2000 Domain Databases or Ldap Databases OnlyOTP Databases Only Restarting the Authentication Process Using Peap EAP-MSCHAP OL-4211-03 Viewing Status and Statistics Number Overview of ADU Status and Statistics ToolsTool Status Statistics Signal-to-noise ratio as a percentage Displays the signal strength 3interprets each element of the Current Status window Viewing the Current Status of Your Client Adapter Status Description Status Description 4interprets each element of the Advanced Status window Details on these server-based authentication types MMH None MIC is disabledMIC is enabled and is being used with Michael MIC is enabled and is being used with WPA and Tkip WMM Status Description Status Description Viewing Statistics for Your Client Adapter Cisco Aironet Desktop Utility Diagnostics Window Advanced Statistics Window Statistic Description 6interprets each element of the Advanced Statistics window Integrity check MIC value when Ckip was being used Ckip MIC OKPoint OL-4211-03 Using the Aironet System Tray Utility Astu Icon Description Infrastructure mode or another client in ad hoc modeOverview of Astu Astu Icon Status Element Description Tool Tip Window Connection Status Description Following sections describe each Astu pop-up menu option This option enables you to access the online helpPop-Up Menu Help Preferences TroubleshootingExit Open Aironet Desktop Utility Enable/Disable Radio Manual Login ReauthenticateSelect Profile Connection Status Window Show Connection Status Connection Status Window Elements Ssid OL-4211-03 Routine Procedures Removing a Client Adapter Removing a PC-Cardbus CardRemoving a PCI Card Upgrading the Client Adapter Software Client Adapter Software Procedures Previous Installation Detected Window Choose Update the previous installation and click Next Choose Uninstall the previous installation and click Next Uninstalling the Client Adapter Software ADU Procedures Opening ADUExiting ADU Viewing Client Adapter Information Finding the Version of ADU Enabling or Disabling Your Client Adapter’s Radio Astu ProceduresAccessing Online Help Refer to for instructions on using Astu OL-4211-03 10-1 Troubleshooting 10-2 Accessing the Latest Troubleshooting InformationInterpreting the Indicator LEDs Status LED green Activity LED amber Condition Diagnosing Your Client Adapter’s Operation Troubleshooting the Client AdapterUsing the Troubleshooting Utility Troubleshooting Information Number 10-4 Troubleshooting Utility Window 10-5 Troubleshooting Utility Window with Test Results 10-6 Troubleshooting Utility Window Detailed Report 10-7 Saving the Detailed Report to a Text File Client Adapter Recognition Problems Disabling the Microsoft 802.1X Supplicant Windows 2000 Only10-8 10-9 Reboot your computerResolving Resource Conflicts Resolving Resource Conflicts in Windows Problems Associating to an Access Point Resolving Resource Conflicts in Windows XP10-10 10-11 Problems Connecting to the NetworkPrioritizing Network Connections Parameters Missing from Profile Management Windows 10-12 Error Messages 10-13 10-14 10-15 10-16 10-17 10-18 10-19 10-20 10-21 10-22 10-23 10-24 Technical Specifications KV human body model Physical SpecificationsRadio Specifications ESD Appendix a Technical Specifications DBm @ 36 Mbps Receiver sensitivity 802.11aDBm @ 6, 9, 12, and 18 Mbps DBm @ 24 Mbps Indoor typical Outdoor typical Safety and Regulatory Compliance Specifications Power Specifications Translated Safety Warnings Explosive Device Proximity Warning Antenna Installation Warning Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Appendix B Translated Safety Warnings Declarations of Conformity and Regulatory Information USA Models AIR-CB21AG-A-K9, AIR-PI21AG-A-K9 Canadian Compliance Statement Department of Communications Canada OL-4211-03 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter Cisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Japanese TranslationEnglish Translation Communication ACT 5-GHz Client AdaptersChinese Translation English Translation This equipment is limited for indoor use GHz Client Adapters OL-4211-03 Channels, Power Levels, and Antenna Gains Channels Ieee 802.11aRegulatory Domains Ieee 802.11b/g With 1-dBi Antenna Gain Maximum Power Levels and Antenna GainsIeee 802.11b Data Rate Mbps 31.6 Ieee 802.11g OL-4211-03 P E N D I X E Overview EAP with Dynamic WEP Keys WPA Configuring the Client Adapter Configuring the Client Adapter Page Configuring the Client Adapter Page Enabling EAP-TLS Authentication For EAP type, choose Smart Card or other Certificate Configuring the Client Adapter Enabling Peap Authentication Figure E-6 Protected EAP Properties Window Figure E-7 EAP MSCHAPv2 Properties Window Figure E-8 Peap Properties Window Figure E-9 Generic Token Card Properties Window Figure E-10 Wireless Network Connection Status Window Associating to an Access Point Using Windows XP Performing a Site Survey Additional Information Guidelines Selecting the Client Adapter Opening the Site Survey Utility Specifying Display Units Using the Associated AP Status Tab Viewing the Access Point’s Status Table F-1 Site Survey Utility Associated AP Status Description Using the AP Scan List Tab Figure F-5 Site Survey Utility AP Scan List Viewing the AP Scan List Rssi Pausing the AP Scan List CCXValue 1, 2, 3, or Access point’s wireless network Viewing AP DetailsDetailed Information Parameter Description Rssi Figure F-7 Site Survey Utility Log File Generating an AP Scan Log File Exiting the Site Survey Utility Accessing Online HelpUninstalling the Site Survey Utility Finding the Version of the Site Survey UtilityPage Set of characters that contains both letters and numbers Wireless network composed of stations without access pointsStations Standard GL-2 GL-3 Setting must be within the range of 64 to 2312 bytes GL-4 Ethernet 802.3 and wireless LAN 802.11 specifications GL-5 GL-6 GL-7 Computing device with an installed client adapterProtection and 802.1X for authenticated key management 802.1X for authenticated key management GL-8 Authentication Mode parameter Selecting in ADUIN-1 IN-2 Pausing ViewingADU Selecting the active profile Astu CAMIN-3 IN-4 ADU Windows XPData encryption ADU Site survey utility FCC C-2 IN-5 RTS CRCFCC ACK CTS IN-7 IN-8 Disabling EnablingMMH MIC Status With Leap Modify button IN-9 IN-10 IN-11 IN-12 Regulatory compliance Safety Spread spectrum Setting Viewing ADUIN-13 IN-14 Third-party tool, enabling in Install WizardInitial window With test results IN-15 Security features IN-16