Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems CB21AG a certificate on this computer radio button in the User, Default Disabled

Models: CB21AG PI21AG

1 170

Download 170 pages 950 b

Page 69

Select an authentication

Chapter 3 Configuring EAP Types

					Configuring EAP-FAST
Table 3-3	Authentication Settings

Authentication Settings		Description

Select an authentication		Select the inner tunnel EAP method from the drop-down list.
method		Available methods are EAP-GTC, EAP-MSCHAPv2, EAP-TLS, and
		Any Method.
		The Any Method option allows the EAP-FAST module to choose any
		of the supported methods that the EAP server requests. The method
		must also be appropriate to the user credentials that are used.
		Default: Any Method
		Note EAP-GTC is the only option available if you selected the Use
				one-time password radio button in the User Credentials tab.
		Note EAP-TLS is the only option available if you selected the Use
				a certificate on this computer radio button in the User
				Credentials tab.

		Note The use of the Any Method value to allow all methods is
					unsupported by Cisco or Microsoft and is not recommended.
					This configuration is used “as-is”; Cisco makes no guarantee
					that there will not be adverse performance to the system if
					unsupported methods are used. Unsupported methods should
					never be used in a production environment.


Configure		Click the Configure button to configure EAP-TLS options. This
		option is available only if EAP-TLS is the selected authentication
		method. When you click this button, the standard Windows Vista
		EAP-TLS Properties Screen appears.
		Default: Disabled

Enable fast reconnect		Check this box to allow session resumption.
		The EAP-FAST module supports fast reconnect (also called session
		resumption) by using the User Authorization PAC. When you enable
		fast reconnect, you can roam or return from suspend mode without
		re-entering your credentials. Fast reconnect can be used across
		different network access servers.
		Default: On
		Note If you switch profiles, logs off, or reboot, fast reconnect is not
				attempted. You must be reauthenticated.

Enable posture validation		Check this box to allow the health information of the host machine to
		be queried.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

	OL-16534-01	3-15

Image 69

Cisco Systems CB21AG, PI21AG a certificate on this computer radio button in the User, Default Disabled, 3-15, Default On

Contents

Americas Headquarters Software ReleaseCisco Systems, Inc 170 West Tasman Drive San Jose, CA 800 553-NETS Fax 408Turn the television or radio antenna until the interference stops Ad Hoc Wireless LAN Network Configurations Using Client AdaptersFCC Safety Compliance Statement PrefaceTwo-Phase Tunneled Authentication Advanced Roaming SettingObtaining Client Adapter Software Inserting the CardConfiguring LEAP Accessing LEAP Properties for ConfigurationConfiguring and Starting Logging Finding the Version of the LEAP ModuleAntenna Installation Warning Creating Strong Passwords A-9EAP Messages A-1 English Translation D-7Acknowledgments and Licensing F-1 ChannelsChinese Translation English Translationviii ContentsOL-16534-01 Audience PrefacePurpose Audience, page Purpose, page Organization, page Conventions, pageConventions OrganizationVaroitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Obtaining Documentation, Obtaining Support, and Security Guidelines Related PublicationsNetwork Configurations Using Client Adapters, page Product Overview and InstallationSafety information, page Unpacking the Client Adapter, page Installing the Client Adapter Driver and Software, pageTerminology Introduction to the Client AdaptersPC-Cardbus cardRadio Hardware ComponentsRadio Antenna LEDsNetwork Configurations Using Client Adapters Ad Hoc Wireless LANSoftware Components Figure 1-1 Ad Hoc Wireless LAN Wireless Infrastructure with Workstations Accessing a Wired LANSafety information FCC Safety Compliance StatementSafety Guidelines Warnings Unpacking the Client AdapterSystem Requirements Package Contentshttp//support.microsoft.com/kb/932063 http//support.microsoft.com/kb/935222Site Requirements For Infrastructure DevicesFor Client Devices Inserting the Client Adapter Inserting a PC-Cardbus Card1-10 Changing the Bracket Inserting a PCI CardInsert the card see the “Inserting the Card” section on page Assemble the antenna see the “Assembling the Antenna” section on page1-12 Inserting the Card1-13 Assembling the Antenna1-14 Mounting the AntennaStep 1 Perform one of the following 1-15Step 8 If the Found New Hardware Wizard window appears, click Cancel 1-16Step 7 Click Cisco Aironet Wireless LAN Client Adapters Step 5 Click Wireless SoftwareObtaining Client Adapter Software Step 6 Click Client Adapters and Client Software1-18 Installing the Client Adapter Driver and Software1-19 Figure 1-11 Cisco Aironet Installation Program WindowHardware Insertion Figure 1-13 Cisco Aironet Installation Program-Setup Status Window 1-20Chapter 1 Product Overview and Installation 1-21Installing the Client Adapter Driver and Software Step 8 Click FinishChapter 1 Product Overview and Installation 1-22Installing the Client Adapter Driver and Software OL-16534-01Overview of Wireless Profiles, page Configuring Wireless ProfilesAccessing Microsoft Vista Network and Sharing Center, page Creating a New Profile and Configuring Basic Settings, pageAccessing Microsoft Vista Network and Sharing Center Overview of Wireless ProfilesCreating a New Profile and Configuring Basic Settings Cisco Aironet 802.11a/b/g Wireless Adapter see Figure Chapter 2 Configuring Wireless Profiles Creating a New Profile and Configuring Basic SettingsOL-16534-01 Step 7 In this dialog box, enter information for the wireless network that you want to add.Table 2-1 lists and describes general settings for the profile. Follow the instructions in the table to configure these settings Encryption Types” section on page SettingWhat to Enter Chapter 3, “Configuring EAP Types.” The enterprise network EAP and Encryption Types” section on pageProfile Management General Settings continued What to Enter SettingWEP Shared Security with Static WEP Keys Security and Encryption TypesWPA and WPA2 2-102-11 802.1X with Dynamic WEP KeysAccessing a Profile That Was Created Previously CCKM Fast Secure Roaming2-12 Viewing and Changing the Settings of a Profile 2-13Figure 2-7 Network and Sharing Center Window Figure 2-8 Wireless Network properties Dialog Box-Connection Tab 2-14Settings dialog box. See the “Radio Measurement” section on is available, Choose Control Panel Manage Wireless Networkspage 2-18 and the “Advanced Roaming Setting” section on page in Table 2-1 on pageFigure 2-9 Wireless Network properties Dialog Box-Security Tab 2-162-17 SettingWhat to Enter 2-18 Radio Measurement2-19 Advanced Roaming SettingChapter 2 Configuring Wireless Profiles 2-20Viewing and Changing the Settings of a Profile OL-16534-01Configuring EAP-FAST, page Overview of LEAP, page Configuring EAP TypesHow LEAP Works, page Configuring LEAP, page Configuring PEAP-GTC, pageTwo-Phase Tunneled Authentication, page Two-Phase Tunneled AuthenticationProtected Access Credentials, page How EAP-FAST WorksServer Certificate Validation Protected Access CredentialsAccessing EAP-FAST Properties for Configuration Configuring EAP-FASTAccessing EAP-FAST Properties for Configuration, page Configuring EAP-FAST Settings in the Connection Tab, pageConfiguring EAP-FAST Settings in the Connection Tab Default anonymous Default OnDefault None Default OnDefault Enabled Use Protected AccessPAC box and the Validate Server Certificate box at the same time Default OffDefault Off Default NoneUsernames and Passwords Overview of the User Credentials TabClient Certificates 3-10 Configuring EAP-FAST Settings in the User Credentials TabChapter 3 Configuring EAP Types Configuring EAP-FAST Figure 3-3 User Credentials Tab in EAP-FAST Properties WindowMode with OTP” section on page information about OTP, see the “Understanding PIN Mode and Token3-11 Default Off3-12 Understanding PIN Mode and Token Mode with OTPFigure 3-4 New PIN Prompt Window Figure 3-5 Next Token Prompt Window3-13 Configuring EAP-FAST Settings in the Authentication TabTable 3-3 lists and describes options for authentication 3-14Figure 3-6 Authentication Tab in EAP-FAST Properties Window Chapter 3 Configuring EAP Types Configuring EAP-FASTa certificate on this computer radio button in the User Default Disabled3-15 Select an authenticationFinding the Version of the EAP-FAST Module 3-16Figure 3-7 About Tab in EAP-FAST Properties Window Overview of LEAP How LEAP Works3-17 Accessing LEAP Properties for Configuration Configuring LEAPAccessing LEAP Properties for Configuration, page Configuring LEAP Settings in the Network Credentials Tab, pageConfiguring LEAP Settings in the Network Credentials Tab 3-19Figure 3-8 Wireless Network Properties Window Settings 3-20Default On Table 3-4 LEAP Network Credentials SettingsFinding the Version of the LEAP Module Overview of PEAP-GTC3-21 Default Off3-22 How PEAP-GTC WorksAccessing PEAP-GTC Properties for Configuration Configuring PEAP-GTCAccessing PEAP-GTC Properties for Configuration, page Configuring PEAP-GTC Settings in the Connection Tab, pageFigure 3-10 Wireless Network Properties Window 3-24Chapter 3 Configuring EAP Types Configuring PEAP-GTC OL-16534-013-25 Configuring PEAP-GTC Settings in the Connection TabChapter 3 Configuring EAP Types Configuring PEAP-GTC Figure 3-11 Connection Tab in PEAP-GTC Properties WindowIf the Validate server certificate box is checked and the Do not Default anonymousprompt user to authorize new servers or trusted certificate If the Validate server certificate box is checked but the Do not3-27 Configuring PEAP-GTC Settings in the User Credentials TabDefault None Default Offpassword option Default Offand Token Mode with OTP” section on page which is the case for the Prompt automatically for username andDefault Off 3-29Default Off Understanding PIN Mode and Token Mode with OTPFinding the Version of the PEAP-GTC Module Understanding PEAP-GTC Authentication3-30 Figure 3-14 Next Token Prompt WindowUsing Microsoft Tools to Perform Administrative Tasks, page Performing Administrative TasksThe EAP-FAST XML Schema, page The PEAP-GTC XML Schema, page The LEAP XML Schema, page Logging for EAP Modules, pageOverview of Group Policy Objects Using Microsoft Tools to Perform Administrative TasksAdding a Group Policy Object Editor Overview of Group Policy Objects, pageCreating a EAP Group Policy Object in Windows Vista a. Go to File Add/Remove Snap-ing. From the Select Group Policy Object dialog box, click Finish Configuring Machine Authentication for EAP-FAST Configuring Single Sign-On for EAP-FAST Configuring Machine Authentication for PEAP-GTCConfiguring Single Sign-On for PEAP-GTC and LEAP The EAP-FAST XML Schema xsdocumentation xselement xschoice xselement name=authenticateWithToken xscomplexType xssequence xselement xselement name=sendViaInnerMethod xscomplexType xsall 4-10xscomplexType name=PasswordFromProfile xssimpleContent 4-11xsannotation xselement 4-12xsannotation xselement xschoice xselement name=enableFastReconnect 4-13xsannotation 4-14xssimpleType xsrestriction base=xsstring xsenumeration value=exactly 4-15xselement name=anyServerName type=Empty xsannotation 4-164-17 The PEAP-GTC XML Schemaxselement name=authenticateWithPassword xscomplexType xssequence 4-18xscomplexContent xscomplexType xscomplexType name=IdentityPattern 4-19xscomplexType name=TokenSource xschoice 4-20xschoice xssequence xscomplexType 4-21xsextension base=NonEmptyString xsattribute name=match use=required 4-224-23 The LEAP XML SchemaattributeFormDefault=unqualified xselement name=eapLeap type=EapLeap 4-24xschoice 4-25Configuring and Starting Logging, page Configuring and Starting LoggingStep 1 Choose Start All Programs Accessories Step 2 Right-click Command Prompt and select Run as administratorwevtutil sl Cisco-EAP-FAST/Debug /efalse Disabling Logging and Flushing Internal Bufferswevtutil sl Cisco-EAP-PEAP/Debug /efalse wevtutil sl Cisco-EAP-LEAP/Debug /efalsewevtutil sl Cisco-EAP-FAST/Debug /lfn“pathtoetllogfile” Locating Log Fileswevtutil sl Cisco-EAP-PEAP/Debug /lfn“pathtoetllogfile” wevtutil sl Cisco-EAP-LEAP/Debug /lfn“pathtoetllogfile”Removing a Client Adapter, page Routine ProceduresUpgrading the Client Adapter Software, page C H A P T E RRemoving a Client Adapter Removing a PC-Cardbus CardRemoving a PCI Card Upgrading the Client Adapter Software Step 5 Click Update the previous installation Figure 5-3 Cisco Aironet Installation Program-Setup Status Window Chapter 5 Routine Procedures Upgrading the Client Adapter SoftwareOL-16534-01 Chapter 5 Routine Procedures Upgrading the Client Adapter Software Step 8 Click FinishOL-16534-01 Troubleshooting with Cisco Aironet Client Diagnostics, page Troubleshooting and DiagnosticsEnabling Client Reporting, page C H A P T E RFigure 6-1 Network and Sharing Center Window Troubleshooting with Cisco Aironet Client DiagnosticsFigure 6-3 Cisco Aironet Client Diagnostics Dialog Box-Choose Adapter Figure 6-2 Cisco Aironet Client Diagnostics Dialog BoxFigure 6-5 Cisco Aironet Client Diagnostics Dialog Box-Testing Delay Figure 6-7 Aironet Desktop Utility-Stop Running Diagnostics Figure 6-6 Cisco Aironet Client Diagnostics Dialog Box-Test WindowEnabling Client Reporting EAP-FAST Error Messages and Prompts, page A-1 EAP-FAST Error Messages and PromptsPEAP-GTC and LEAP Error Messages and Prompts, page A-6 Creating Strong Passwords, page A-9Appendix A EAP Messages EAP-FAST Error Messages and Prompts Page Recommended Action Enter a username Recommended Action Press OK to continue PEAP-GTC and LEAP Error Messages and Prompts Page Page Creating Strong Passwords Characteristics of Strong PasswordsCharacteristics of Weak Passwords A-10 Password Security BasicsTechnical Specifications Radio Specifications, page B-3A P P E N D I X B Physical Specifications Radio Specifications 5250 to 5350 MHz 5150 to 5250 MHz5470 to 5725 MHz 5725 to 5805 MHzOutdoor typical Indoor typicalIndoor typical Outdoor typicalSafety and Regulatory Compliance Specifications Power SpecificationsAntenna Installation Warning, page C-3 Translated Safety WarningsA P P E N D I X C Explosive Device Proximity Warning, page C-2Explosive Device Proximity Warning Antenna Installation Warning Warning for Laptop Users Page Page A P P E N D I X D Declarations of Conformity and Regulatory InformationDepartment of Communications - Canada, page D-3 Declaration of Conformity for RF Exposure, page D-7FCC Certification Number LDK102050 CB21AG Department of Communications - Canada European Community, Switzerland, Norway, Iceland, and LiechtensteinCanadian Compliance Statement Page Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client AdapterAppendix D Declarations of Conformity and Regulatory Information European Community, Switzerland, Norway, Iceland, and LiechtensteinAppendix D Declarations of Conformity and Regulatory Information Cisco Aironet PI21AG Wireless LAN Client AdapterEuropean Community, Switzerland, Norway, Iceland, and Liechtenstein OL-16534-01Japanese Translation Declaration of Conformity for RF ExposureEnglish Translation 03-6434-65002.4- and 5-GHz Client Adapters Chinese TranslationEnglish Translation 5-GHz Client Adapters Brazil/Anatel ApprovalChinese Translation English TranslationD-10 AIR-CB21AG-W-K9Appendix D Declarations of Conformity and Regulatory Information Brazil/Anatel ApprovalD-11 AIR-PI21AG-W-K9Appendix D Declarations of Conformity and Regulatory Information Brazil/Anatel ApprovalAppendix D Declarations of Conformity and Regulatory Information D-12Brazil/Anatel Approval OL-16534-01Channels, page E-2 Maximum Power Levels and Antenna Gains, page E-4 A P P E N D I X EChannels, Power Levels, and Antenna Gains IEEE 802.11a ChannelsRegulatory Domains IEEE 802.11b/gMaximum Power Levels and Antenna Gains IEEE 802.11bIEEE 802.11a IEEE 802.11g Appendix E Channels, Power Levels, and Antenna Gains Maximum Power Levels and Antenna GainsOL-16534-01 A P P E N D I X F Acknowledgments and LicensingAppendix F Acknowledgments and Licensing OL-16534-01 Appendix F Acknowledgments and LicensingOL-16534-01 Appendix F Acknowledgments and LicensingA P P E N D I X G AbbreviationsList of Acronyms continued Table G-1