Cisco Systems CB21AG

5-33

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-03

Chapter5 Configuring the Client Adap ter Setting Security Parameters

Step4 Perform one of the following:

•If you chose Use Temporary User Name and Password in Step 3, choose one of the following

options:

–

Use Windows User Name and Password—Causes your Windows username and password to

also serve as your EAP-FAST username and password, giving you only one set of credentials to

remember. After you log in, the authentication process begins automatically. This option is the

default setting.

–

Automatically Prompt for User Name and Password—Requires you to ente r a separa te

EAP-FAST username and password (which are registered with the RADIUS server) in addition

to your regular Windows login in order to start the authentication process.

–

Manually Prompt for User Name and Password—Requires you to manually invoke the

EAP-FAST authentication process as needed using the Manual Login option in the Action

drop-down menu or ASTU. You are not prompted to enter an EAP-FAST username and

password during the Windows login. This option might be used to support a software t oken

one-time password system or other systems that require additional software tha t is not available

at login.

•If you chose Use Saved User Name and Password in Step 3, follow these steps:

a. Enter a username and password in the appropriate fields.

b. Re-enter the password in the Confirm Password field.

c. If you wish to specify a domain name that will be passed to the RADIUS server along with your

username, enter it in the Domain field.

Step5 If you work in an environment with multiple domains and therefore want your Windows login domain

to be passed to the RADIUS server along with your username, che ck t he Include Windows Logon

Domain with User Name check box. The default setting is checked.

Note If you chose to use a saved username and password but do not check the Include Windows Logon

Domain with User Name check box, the saved domain name is not passed to the RADIUS server.

Step6 If you want to force the client adapter to disassociate afte r you log off so th at an othe r user c a nnot gain

access to the wireless network using your credentials, check the No Network Connection Unless User

Is Logged In check box. The default setting is checked.

Step7 In the Authentication Timeout Valu e fiel d, choo se the amoun t of time (in seconds) befor e an EAP-FAST

authentication attempt is considered to be failed and an error message appears.

Range: 30 to 500 seconds

Default: 90 seconds

Step8 Perform one of the following:

•If you want to enable automatic PAC provisioning, make sure the Allow Automatic PAC

Provisioning for this Profile check box is checked. A protected access credentials (PAC) is

obtained automatically as needed (for instance, when a PAC expires, when the client adapter

accesses a different server, when the EAP-FAST username cannot be matched to a previously

provisioned PAC, etc.). This is the default setting.

•If you want to enable manual PAC provisioning, uncheck the Allow Automatic PAC Provisioning

for this Profile check box. This option requires you to choose a PAC authority or manually import

a PAC file.