Cisco Systems CB21AG - page 88

5-22

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adapter

Setting Security Parameters

EAP-TLS authentication

If using ADU to

configure card Choose 802.1x and EAP-TLS; then

set EAP-TLS settings Set up and enable WEP and enable

Open with EAP Authentication for

the SSID

If using Windows XP

to configure card Choose Enable network access

control using IEEE 802.1X and

Smart Card or other Certificate as

the EAP Type

Set up and enable WEP and enable

Open with EAP Authentication for

the SSID

EAP-TLS authentication with WPA or WPA2

If using ADU to

configure card Choose WPA/WPA2/CCKM and

EAP-TLS; then set EAP-TLS

settings

For WPA, choose a cipher suite that

includes TKIP; then enable WPA

and Open with EAP Authentication

for the SSID

For WPA2, choose a cipher suite

that includes AES-CCMP; then

enable WPA and Open with EAP

Authentication for the SSID

Note To allow both WPA and

non-WPA clients to use the

SSID, enable optional

WPA.

If using Windows XP

to configure card Enable WPA and choose Enable

network access control using IEEE

802.1X and Smart Card or other

Certificate as the EAP Type

Note WPA2 is not yet available

in the Microsoft Wireless

Configuration Manager in

Windows XP.

For WPA, choose a cipher suite that

includes TKIP; then enable WPA

and Open with EAP Authentication

for the SSID

Note To allow both WPA and

non-WPA clients to use the

SSID, enable optional

WPA.

PEAP authentication

If using ADU to

configure card Choose 802.1x and PEAP

(EAP-GTC) or PEAP

(EAP-MSCHAP V2); then set

PEAP settings

Set up and enable WEP and enable

Open with EAP Authentication for

the SSID

If using Windows XP

to configure card Choose Enable network access

control using IEEE 802.1X and

PEAP as the EAP Type

Set up and enable WEP and enable

Open with EAP Authentication for

the SSID

Table5-4 Client and Access Point Security Settings (continued)

Security Feature Client Setting Access Point Setting

Contents

Main Page CONTENTS Page Page Page Page Page Page Page Preface Audience Purpose Organization Conventions xiv Related Publications Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Product Overview Introduction to the Client Adapters Terminology Hardware Components Radio Radio Antenna LEDs Software Components Driver Client Utilities Network Configurations Using Client Adapters Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LAN Preparing for Installation Safety information FCC Safety Compliance Statement Safety Guidelines Warnings Unpacking the Client Adapter Package Contents System Requirements Site Requirements For Infrastructure Devices For Client Devices Page Installing the Client Adapter Inserting a Client Adapter Inserting a PC-Cardbus Card Inserting a PCI Card Changing the Bracket Inserting the Card Assembling the Antenna Mounting the Antenna Page Page Installing the Client Adapter Software Page Page Page Page Page Page Page Page Page Page Installing a Microsoft Hot Fix for Group Policy Delay Page Page Using the Profile Manager Overview of Profile Manager Opening Profile Manager Page Creating a New Profile Page Page Including a Profile in Auto Profile Selection Page Selecting the Active Profile Modifying a Profile Editing a Profile Deleting a Profile Importing and Exporting Profiles Importing a Profile Exporting a Profile Configuring the Client Adapter Page Setting General Parameters Page Page Setting Advanced Parameters Page Page Page Page Page Page Setting Security Parameters Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) Page Page WPA and WPA2 CCKM Fast Secure Roaming Reporting Access Points that Fail LEAP Authentication Additional WEP Key Security Features Message Integrity Check (MIC) Temporal Key Integrity Protocol (TKIP) Broadcast Key Rotation Synchronizing Security Features Page Page Page Enabling Static WEP Page Enabling WPA/WPA2 Passphrase Enabling LEAP Page Page Page Enabling EAP-FAST Page Page Page Page Page Page Deleting a Manually Provisioned PAC File Enabling EAP-TLS or PEAP Enabling EAP-TLS Page Enabling PEAP (EAP-GTC) Page Page Page Enabling PEAP (EAP-MSCHAP V2) Page Page Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials Page Disabling Static WEP, WPA/WPA2 Passphrase, or EAP Enabling Wi-Fi Multimedia Enabling the QoS Packet Scheduler on Windows 2000 Page Page Enabling the QoS Packet Scheduler on Windows XP Setting Roaming Parameters in the Windows Control Panel Page Using EAP Authentication Using LEAP or EAP-FAST Using LEAP or EAP-FAST with the Windows Username and Password Page Using LEAP or EAP-FAST with an Automatically Prompted Login Page Page Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation After a Reboot, Logon, or Card Insertion Page Page Using LEAP or EAP-FAST with a Saved Username and Password Using EAP-TLS Using PEAP (EAP-GTC) Windows NT or 2000 Domain Databases or LDAP Databases Only OTP Databases Only Using PEAP (EAP-MSCHAP V2) Restarting the Authentication Process Page Viewing Status and Statistics Overview of ADU Status and Statistics Tools Setting Parameters that Affect ADU Status and Statistics Tools Page Viewing the Current Status of Your Client Adapter Page Page Page Page Page Page Page Viewing Statistics for Your Client Adapter Page Page Page Page Using the Aironet System Tray Utility (ASTU) Overview of ASTU The ASTU Icon Tool Tip Window Page Pop-Up Menu Help Page Enable/Disable Radio Manual Login Reauthenticate Select Profile Show Connection Status Page Page Page Routine Procedures Removing a Client Adapter Removing a PC-Cardbus Card Removing a PCI Card Client Adapter Software Procedures Upgrading the Client Adapter Software Page Page Uninstalling the Client Adapter Software ADU Procedures Opening ADU Exiting ADU Finding the Version of ADU Viewing Client Adapter Information Accessing Online Help ASTU Procedures Enabling or Disabling Your Client Adapters Radio Page Troubleshooting Accessing the Latest Troubleshooting Information Interpreting the Indicator LEDs Troubleshooting the Client Adapter Using the Troubleshooting Utility Diagnosing Your Client Adapters Operation Page Page Page Saving the Detailed Report to a Text File Disabling the Microsoft Wireless Configuration Manager (Windows XP Only) Disabling the Microsoft 802.1X Supplicant (Windows 2000 Only) Client Adapter Recognition Problems Resolving Resource Conflicts Resolving Resource Conflicts in Windows 2000 Resolving Resource Conflicts in Windows XP Problems Associating to an Access Point Problems Connecting to the Network Prioritizing Network Connections Parameters Missing from Profile Management Windows Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only) Error Messages Page Page Page Page Page Page Page Page Page Page Page Page A Technical Specifications Page Page Page Page Page B Translated Safety Warnings B-2 Explosive Device Proximity Warning B-3 Antenna Installation Warning B-4 Warning for Laptop Users B-5 B-6 C Declarations of Conformity and Regulatory Information Manufacturers Federal Communication Commission Declaration of Conformity Statement Models: FCC Certification Number: Manufacturer: Department of Communications Canada Canadian Compliance Statement European Community, Switzerland, Norway, Iceland, and Liechtenstein Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC Page C-5 Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter C-6 Cisco Aironet PI21AG Wireless LAN Client Adapter Declaration of Conformity for RF Exposure Guidelines for Operating Cisco Aironet Wireless LAN Client Adapters in Japan Japanese Translation English Translation 03-5549-6500 Administrative Rules for Cisco Aironet Wireless LAN Client Adapters in Taiwan 2.4- and 5-GHz Client Adapters Chinese Translation English Translation 5-GHz Client Adapters Page D Channels, Power Levels, and Antenna Gains Channels IEEE 802.11a IEEE 802.11b/g Maximum Power Levels and Antenna Gains IEEE 802.11a IEEE 802.11b IEEE 802.11g Page E Configuring the Client Adapter through the Windows XP Operating System Overview of Security Features Static WEP Keys EAP (with Dynamic WEP Keys) WPA Configuring the Client Adapter Page Page Page Page Enabling EAP-TLS Authentication Page Page Enabling PEAP Authentication Enabling PEAP (EAP-MSCHAP V2) Page Enabling PEAP (EAP-GTC) Page Associating to an Access Point Using Windows XP Viewing the Current Status of Your Client Adapter F Performing a Site Survey Guidelines Additional Information Opening the Site Survey Utility Selecting the Client Adapter Using the Associated AP Status Tab Specifying Display Units Viewing the Access Points Status Page Page Using the AP Scan List Tab Viewing the AP Scan List Page Pausing the AP Scan List Viewing AP Details Page Generating an AP Scan Log File Page Page GLOSSARY A B C D E F G H I L M O P Q R S T U V W Page INDEX Numerics A Page B C D E F G H I J K M N O P Page Q R S Page T U V W