Chapter 5 Configuring the Client Adapter

 

 

 

 

 

Setting Security Parameters

 

 

 

 

Table 5-4

Client and Access Point Security Settings (continued)

 

 

 

 

 

 

 

 

Security Feature

Client Setting

Access Point Setting

 

 

 

 

 

 

 

 

 

 

 

PEAP authentication with WPA or WPA2

 

 

 

 

 

 

 

 

 

 

 

 

 

If using ADU to

Choose WPA/WPA2/CCKM and

For WPA, choose a cipher suite that

 

 

configure card

PEAP (EAP-GTC) or PEAP

includes TKIP; then enable WPA

 

 

 

 

(EAP-MSCHAP V2); then set

and Open with EAP Authentication

 

 

 

 

PEAP settings

for the SSID

 

 

 

 

 

For WPA2, choose a cipher suite

 

 

 

 

 

that includes AES-CCMP; then

 

 

 

 

 

enable WPA and Open with EAP

 

 

 

 

 

Authentication for the SSID

 

 

 

 

 

Note To allow both WPA and

 

 

 

 

 

non-WPA clients to use the

 

 

 

 

 

SSID, enable optional

 

 

 

 

 

WPA.

 

 

 

 

 

 

 

 

If using Windows XP

Enable WPA and choose Enable

For WPA, choose a cipher suite that

 

 

to configure card

network access control using IEEE

includes TKIP; then enable WPA

 

 

 

 

802.1X and PEAP as the EAP Type

and Open with EAP Authentication

 

 

 

 

Note WPA2 is not yet available

for the SSID

 

 

 

 

 

 

 

 

 

 

 

 

 

in the Microsoft Wireless

Note To allow both WPA and

 

 

 

 

Configuration Manager in

non-WPA clients to use the

 

 

 

 

Windows XP.

SSID, enable optional

 

 

 

 

 

WPA.

 

 

 

 

 

 

 

 

CCKM fast secure roaming

Choose WPA/WPA2/CCKM and

Use Cisco IOS Release 12.2(11)JA

 

 

 

 

LEAP, EAP-FAST, EAP-TLS,

or later, choose a cipher suite that is

 

 

 

 

PEAP (EAP-GTC), or PEAP (EAP

compatible with CCKM, enable

 

 

 

 

MSCHAP V2); then set the EAP

both Network-EAP and Open with

 

 

 

 

authentication settings

EAP Authentication and CCKM

 

 

 

 

Note If you want to enable

for the SSID, and configure for

 

 

 

 

participation in wireless domain

 

 

 

 

CCKM, you must choose

 

 

 

 

services (WDS)

 

 

 

 

WPA/WPA2/CCKM,

 

 

 

 

 

 

 

 

 

 

 

 

 

regardless of whether you

Note To allow both 802.1X

 

 

 

 

want the client adapter to

clients and non-802.1X

 

 

 

 

use WPA or WPA2. The

clients to use the SSID,

 

 

 

 

configuration of the access

enable optional CCKM.

 

 

 

 

point to which your client

 

 

 

 

 

 

 

 

 

adapter associates

 

 

 

 

 

 

 

 

 

determines whether CCKM

 

 

 

 

 

 

 

 

 

will be used with 802.1x,

 

 

 

 

 

 

 

 

 

WPA, or WPA2.

 

 

 

 

 

 

 

 

 

 

 

 

 

Reporting access points

No settings required; automatically

No settings required; automatically

 

 

that fail LEAP

 

enabled

enabled in the firmware versions

 

 

authentication

 

 

listed on page 5-19.

 

 

 

 

 

 

 

 

 

MIC

 

No settings required; automatically

Set up and enable WEP with full

 

 

 

 

enabled

encryption, set MIC to MMH or

 

 

 

 

 

check the Enable MIC check box,

 

 

 

 

 

and set Use Aironet Extensions to

 

 

 

 

 

Yes

 

 

 

 

 

 

 

 

 

 

 

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

 

 

 

 

 

 

OL-4211-03

 

 

 

 

5-23

 

 

 

 

 

 

 

 

Page 88 Page 90
Page 89
Image 89
Cisco Systems CB21AG manual Leap, Eap-Fast, Eap-Tls, Or later, choose a cipher suite that is, WPA/WPA2/CCKM, Mic
Page 88 Page 90
Top Page Image Contents