Cisco Systems CB21AG manual Configuring the Client Adapter Setting Security Parameters

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Step 4 Perform one of the following:

•If you chose Use Temporary User Name and Password in Step 3, choose one of the following options:

–Use Windows User Name and Password—Causes your Windows username and password to also serve as your EAP-FAST username and password, giving you only one set of credentials to remember. After you log in, the authentication process begins automatically. This option is the default setting.

–Automatically Prompt for User Name and Password—Requires you to enter a separate EAP-FAST username and password (which are registered with the RADIUS server) in addition to your regular Windows login in order to start the authentication process.

–Manually Prompt for User Name and Password—Requires you to manually invoke the EAP-FAST authentication process as needed using the Manual Login option in the Action drop-down menu or ASTU. You are not prompted to enter an EAP-FAST username and password during the Windows login. This option might be used to support a software token one-time password system or other systems that require additional software that is not available at login.

•If you chose Use Saved User Name and Password in Step 3, follow these steps:

a.Enter a username and password in the appropriate fields.

b.Re-enter the password in the Confirm Password field.

c.If you wish to specify a domain name that will be passed to the RADIUS server along with your username, enter it in the Domain field.

Step 5 If you work in an environment with multiple domains and therefore want your Windows login domain to be passed to the RADIUS server along with your username, check the Include Windows Logon Domain with User Name check box. The default setting is checked.

Note If you chose to use a saved username and password but do not check the Include Windows Logon Domain with User Name check box, the saved domain name is not passed to the RADIUS server.

Step 6 If you want to force the client adapter to disassociate after you log off so that another user cannot gain access to the wireless network using your credentials, check the No Network Connection Unless User Is Logged In check box. The default setting is checked.

Step 7 In the Authentication Timeout Value field, choose the amount of time (in seconds) before an EAP-FAST authentication attempt is considered to be failed and an error message appears.

Range: 30 to 500 seconds

Default: 90 seconds

Step 8 Perform one of the following:

•If you want to enable automatic PAC provisioning, make sure the Allow Automatic PAC Provisioning for this Profile check box is checked. A protected access credentials (PAC) is obtained automatically as needed (for instance, when a PAC expires, when the client adapter accesses a different server, when the EAP-FAST username cannot be matched to a previously provisioned PAC, etc.). This is the default setting.

•If you want to enable manual PAC provisioning, uncheck the Allow Automatic PAC Provisioning for this Profile check box. This option requires you to choose a PAC authority or manually import a PAC file.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide