Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide Software Release 3.0 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
C O N T E N T S Preface xi Audience Purpose xii xii Organization xii Conventions xiii Related Publications xv Obtaining Documentation xv Cisco.
Contents CHAPTER 2 Preparing for Installation 2-1 Safety information 2-2 FCC Safety Compliance Statement Safety Guidelines 2-2 Warnings 2-2 Unpacking the Client Adapter Package Contents 2-3 System Requirements 2-3 2-4 Site Requirements 2-5 For Infrastructure Devices For Client Devices 2-5 CHAPTER 3 2-2 Installing the Client Adapter 2-5 3-1 Inserting a Client Adapter 3-2 Inserting a PC-Cardbus Card 3-2 Inserting a PCI Card 3-3 Changing the Bracket 3-3 Inserting the Card 3-4 Assembling the Ante
Contents CHAPTER 5 Configuring the Client Adapter Overview 5-1 5-2 Setting General Parameters 5-3 Setting Advanced Parameters 5-6 Setting Security Parameters 5-14 Overview of Security Features 5-14 Static WEP Keys 5-15 EAP (with Dynamic WEP Keys) 5-15 WPA and WPA2 5-19 CCKM Fast Secure Roaming 5-20 Reporting Access Points that Fail LEAP Authentication 5-20 Additional WEP Key Security Features 5-21 Synchronizing Security Features 5-22 Enabling Static WEP 5-26 Enabling WPA/WPA2 Passphrase 5-28 Enabl
Contents After Profile Activation or Card Insertion 6-6 After a Reboot or Logon 6-7 After Your EAP-FAST Password Expires 6-8 Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation 6-9 After a Reboot, Logon, or Card Insertion 6-10 After Your EAP-FAST Password Expires 6-12 6-9 Using LEAP or EAP-FAST with a Saved Username and Password After Profile Activation or Card Insertion 6-13 After a Reboot or Logon 6-13 After Your EAP-FAST Password Expires 6-14 Using EAP-TLS 6-13 6-14 Using
Contents Show Connection Status CHAPTER 9 Routine Procedures 8-9 9-1 Removing a Client Adapter 9-2 Removing a PC-Cardbus Card Removing a PCI Card 9-2 9-2 Client Adapter Software Procedures 9-3 Upgrading the Client Adapter Software 9-3 Manually Installing or Upgrading the Client Adapter Driver 9-6 Uninstalling the Client Adapter Software 9-6 ADU Procedures 9-7 Opening ADU 9-8 Exiting ADU 9-8 Finding the Version of ADU and Other Software Components Viewing Client Adapter Information 9-10 Accessing On
Contents APPENDIX A Technical Specifications APPENDIX B Translated Safety Warnings 25 31 Explosive Device Proximity Warning Antenna Installation Warning Warning for Laptop Users APPENDIX 32 33 34 Declarations of Conformity and Regulatory Information C 37 Manufacturer’s Federal Communication Commission Declaration of Conformity Statement 38 Department of Communications – Canada 39 Canadian Compliance Statement 39 European Community, Switzerland, Norway, Iceland, and Liechtenstein 39 Declar
Contents IEEE 802.
Contents Entering a Comment in the Threshold Log File Viewing the Threshold Log File 94 Deleting the Threshold Log File 95 94 Using AP Scanning 96 Configuring AP Scan Logging 96 Enabling AP Scan Logging 98 Viewing the AP Scan Log 98 Deleting the AP Scan Log 100 Saving the AP Scan List 100 Opening the AP Scan List 101 Viewing the Status Bar 102 Status Messages 102 Indicators 103 Resize Tab 103 Finding the Version of the Site Survey Utility Accessing Online Help 103 Exiting the Site Survey Utility 104
Preface The preface provides an overview of the Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide (OL-4211-04), references related publications, and explains how to obtain other documentation and technical assistance, if necessary.
Preface Audience Audience This publication is for the person responsible for installing, configuring, and maintaining a Cisco Aironet IEEE 802.11a/b/g Wireless LAN Client Adapter (CB21AG or PI21AG) on a computer running the Microsoft Windows 2000 or XP operating system. This person should be familiar with computing devices and with network terms and concepts. Note Windows 2000 and XP are the only supported operating systems.
Preface Conventions • Appendix A, “Technical Specifications,” lists the physical, radio, power, and regulatory specifications for the client adapters. • Appendix B, “Translated Safety Warnings,” provides translations of client adapter safety warnings in nine languages. • Appendix C, “Declarations of Conformity and Regulatory Information,” provides declarations of conformity and regulatory information for the client adapters.
Preface Conventions Varoitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).) Attention Ce symbole d’avertissement indique un danger.
Preface Related Publications Related Publications For more information about Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters for Windows, refer to the following publication: • Release Notes for Cisco Aironet 802.11a/b/g Client Adapters (CB21AG and PI21AG) Install Wizard For more information about related Cisco Aironet products, refer to the publications for your infrastructure device. You can find Cisco Aironet technical documentation at this URL: http://www.cisco.
Preface Documentation Feedback Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Preface Obtaining Technical Assistance Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT: • For Emergencies only — security-alert@cisco.
Preface Obtaining Technical Assistance Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service.
Preface Obtaining Additional Publications and Information Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels. Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Preface Obtaining Additional Publications and Information • Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL: http://www.cisco.com/en/US/products/index.html • Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL: http://www.cisco.
C H A P T E R 1 Product Overview This chapter describes the Cisco Aironet CB21AG and PI21AG client adapters and illustrates their role in a wireless network. The following topics are covered in this chapter: • Introduction to the Client Adapters, page 1-2 • Hardware Components, page 1-3 • Software Components, page 1-4 • Network Configurations Using Client Adapters, page 1-5 Cisco Aironet 802.
Chapter 1 Product Overview Introduction to the Client Adapters Introduction to the Client Adapters The Cisco Aironet IEEE 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) are radio modules that provide wireless data communications among fixed, portable, and mobile devices within both wireless and wired network infrastructures. The client adapters are fully compatible when used in devices supporting “plug-and-play” (PnP) technology.
Chapter 1 Product Overview Hardware Components Hardware Components The client adapters have three major hardware components: a radio, a radio antenna, and two LEDs. Radio The client adapters contain a dual-band radio that is both IEEE 802.11a and 802.11b/g compliant. The radio uses both direct-sequence spread spectrum (DSSS) technology and orthogonal frequency division multiplexing (OFDM) technology for client applications in the 2.
Chapter 1 Product Overview Software Components Software Components The client adapters have two major software components: a driver and client utilities. These components are installed together by running a single executable Install Wizard file that is available from Cisco.com. This file can be run on Windows 2000 or XP and can be used only with CB21AG and PI21AG client adapters. Note Chapter 3 provides instructions on using the Install Wizard to install these software components.
Chapter 1 Product Overview Network Configurations Using Client Adapters Network Configurations Using Client Adapters Client adapters can be used in a variety of network configurations. In some configurations, access points provide connections to your network or act as repeaters to increase wireless communication range. The maximum communication range is based on how you configure your wireless network.
Chapter 1 Product Overview Network Configurations Using Client Adapters Wireless Infrastructure with Workstations Accessing a Wired LAN A microcellular network can be created by placing two or more access points on a LAN. Figure 1-2 shows a microcellular network with workstations accessing a wired LAN through several access points.
C H A P T E R 2 Preparing for Installation This chapter provides information that you need to know before installing a client adapter. The following topics are covered in this chapter: • Safety information, page 2-2 • Unpacking the Client Adapter, page 2-3 • System Requirements, page 2-4 • Site Requirements, page 2-5 Cisco Aironet 802.
Chapter 2 Preparing for Installation Safety information Safety information Follow the guidelines in this section to ensure proper operation and safe use of the client adapter. FCC Safety Compliance Statement The FCC, with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified equipment.
Chapter 2 Preparing for Installation Unpacking the Client Adapter Warning This device has been tested and complies with FCC RF Exposure (SAR) limits in typical laptop computer configurations and this device can be used in desktop or laptop computers with side mounted PC Card slots that can provide at least 0.394 in (1 cm) separation distance from the antenna to the body of the user or a nearby person. Thin laptop computers may need special attention to maintain antenna spacing while operating.
Chapter 2 Preparing for Installation System Requirements System Requirements In addition to the items shipped with the client adapter, you also need the following items in order to install and use the adapter: • One of the following computing devices running Windows 2000 or XP: – Laptop or notebook computer equipped with a 32-bit Cardbus slot – Desktop personal computer equipped with an empty PCI expansion slot Note Cisco recommends a 300-MHz (or greater) processor.
Chapter 2 Preparing for Installation Site Requirements Site Requirements This section discusses the site requirements for both infrastructure and client devices. For Infrastructure Devices Because of differences in component configuration, placement, and physical environment, every network application is a unique installation.
Chapter 2 Preparing for Installation Site Requirements Cisco Aironet 802.
C H A P T E R 3 Installing the Client Adapter This chapter provides instructions for installing the client adapter. The following topics are covered in this chapter: • Inserting a Client Adapter, page 3-2 • Installing the Client Adapter Software, page 3-9 • Installing the Intermediate Driver Manually, page 3-20 • Installing a Microsoft Hot Fix for Group Policy Delay, page 3-21 Cisco Aironet 802.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Inserting a Client Adapter This section provides instructions for inserting a PC-Cardbus card or PCI card into your computer. Caution These procedures and the physical connections they describe apply generally to conventional Cardbus slots and PCI expansion slots. In cases of custom or nonconventional equipment, be alert to possible differences in Cardbus slot and PCI expansion slot configurations.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Step 4 If the Found New Hardware Wizard window appears, click Cancel. If you do not click Cancel, the wizard will attempt to install software for the client adapter but will be unable to find it. Note Step 5 Go to the “Installing the Client Adapter Software” section on page 3-9.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Step 2 Slide the bracket away from the card; then tilt the bracket to free the antenna cable. Caution Do not pull on the antenna cable or detach it from the PCI card. The antenna is meant to be permanently attached to the card. Step 3 Hold the low-profile bracket to the card so that the LEDs slip through their corresponding holes on the bracket.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Figure 3-3 STATUS ACTIVITY 2 Inserting a PCI Card into a PC 3 1 95582 STATUS ACTIVITY 1 Antenna cable 2 LEDs 3 Card edge connector Step 6 Tilt the card to enable the LEDs to slip through the opening in the CPU back panel. See the enlarged view in Figure 3-3. Step 7 Press the card into the empty slot until its connector is firmly seated.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Figure 3-4 Inserting the Antenna into Its Base 1 2 95584 3 1 Antenna 2 Notch 3 Antenna base Step 3 Press the antenna cable into the receptacle on the top of the base as shown in Figure 3-4. Step 4 Press the antenna straight down into the receptacle until it clicks into place.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Follow the steps below to position the PCI card’s antenna on a flat horizontal surface or to mount it to a wall. Step 1 Step 2 Perform one of the following: • If you want to use the antenna on a flat horizontal surface, position the antenna so it is pointing straight up. Then go to Step 7. • If you want to mount the antenna to a wall, go to Step 2. Drill two holes in the wall that are 1.09 in. (2.8 cm) apart.
Chapter 3 Installing the Client Adapter Inserting a Client Adapter Mounting the Antenna 95595 Figure 3-6 Step 6 The antenna rotates 90 degrees from its base. For optimal reception, position the antenna so it is pointing straight up (see Figure 3-7). Rotating the Antenna 95596 Figure 3-7 Step 7 Boot up your PC. The green LED lights when the card is inserted properly. Step 8 If the Found New Hardware Wizard window appears, click Cancel.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Installing the Client Adapter Software This section describes how to install Cisco Aironet CB21AG or PI21AG client adapter driver and utilities from a single executable file named WinClient-802.11a-b-g-Ins-Wizard-vx.exe, where x represents the release number. Follow these steps to install these client adapter software components on a computer running Windows 2000 or XP.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 14 Click the Install Wizard file (WinClient-802.11a-b-g-Ins-Wizard-vxx.exe), where xx is the version number. Step 15 If prompted, enter your CCO username and password, and click OK. Step 16 Complete the encryption authorization form, read and accept the terms and conditions of the Software License Agreement, select the file again to download it, and save the file on your computer’s Desktop.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Figure 3-9 Step 19 Cisco Aironet Installation Program Window Click Next. The Setup Type window appears (see Figure 3-10). Cisco Aironet 802.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Figure 3-10 Step 20 Setup Type Window Choose one of the following options and click Next: Note To ensure compatibility among software components, Cisco recommends that you install the client utilities and driver. • Install Client Utilities and Driver—Installs the client adapter driver and client utilities. • Install Driver Only—Installs only the client adapter driver.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 21 When the Install Cisco Aironet Site Survey Utility window appears (see Figure 3-11), check the Install Cisco Aironet Site Survey Utility check box if you want to install a utility that helps you to determine the best placement of infrastructure devices within your wireless network. Click Next.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Figure 3-12 Step 23 Choose Destination Location Window Perform one of the following: • If you chose the first option in Step 20, click Next to install the client utility files in the C:\Program Files\Cisco Aironet directory. Note • If you want to install the client utilities in a different directory, click Browse, choose a different directory, click OK, and click Next.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 24 The Select Program Folder window appears (see Figure 3-13). Figure 3-13 Step 25 Select Program Folder Window Click Next to add program icons to the Cisco Aironet program folder. Note If you want to specify a different program folder, choose a folder from the Existing Folders list or type a new folder name in the Program Folder field and click Next. Cisco Aironet 802.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 26 If your computer is running Windows 2000, go to Step 32. If your computer is running Windows XP, the window titled IMPORTANT: Please Read! appears (see Figure 3-14). Figure 3-14 IMPORTANT: Please Read! Window Cisco Aironet 802.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 27 Read the information displayed and click Next. The Choose Configuration Tool window appears (see Figure 3-15). Figure 3-15 Step 28 Choose Configuration Tool Window Choose one of the following options: • Cisco Aironet Desktop Utility (ADU)—Enables you to configure your client adapter using ADU.
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Table 3-1 Comparison of Windows XP and ADU Client Adapter Features (continued) Feature Windows XP ADU Static WEP Yes Yes LEAP or EAP-FAST authentication with dynamic WEP No Yes EAP-TLS or PEAP authentication Yes Yes Limited Extensive No Yes Security Status and statistics Status window Statistics window (transmit & receive) Note If you choose Cisco Aironet Desktop Utility (ADU) above, the Microsoft Wireless
Chapter 3 Installing the Client Adapter Installing the Client Adapter Software Step 31 Check the Enable Cisco Aironet System Tray Utility (ASTU) check box if you want to be able to use ASTU even though you have chosen to configure your client adapter through a third-party tool instead of ADU and click Next. Step 32 When prompted to insert your client adapter, click OK. The Setup Status window appears (see Figure 3-17).
Chapter 3 Installing the Client Adapter Installing the Intermediate Driver Manually e. Choose Use the following IP address and enter the IP address, subnet mask, and default gateway address of your computer (which can be obtained from your system administrator). f. • Click OK to close each open window. Windows XP a. Double-click My Computer, Control Panel, and Network Connections. b. Right-click Wireless Network Connection x (where x represents the number of the connection). c. Click Properties. d.
Chapter 3 Installing the Client Adapter Installing a Microsoft Hot Fix for Group Policy Delay Step 3 Right click on the Cisco CB21AG instance, and left click on Properties. Step 4 Choose the "Install" option and then add a new service. Step 5 Choose the "Have disk" button. Go to \windows\system32 directory and choose wsimd.inf. Step 6 Highlight and select "Wireless Intermediate Driver" and click "ok" button. The wireless IMD is bound to the adapter. Step 7 Reboot system.
Chapter 3 Installing the Client Adapter Installing a Microsoft Hot Fix for Group Policy Delay Step 10 Copy the hot fix file (userenv.dll) to %systemroot%\System32 and overwrite the existing version of this file. Step 11 Delete the copy of userenv.dll in %systemroot%\System32\DllCache. Step 12 Reboot your computer. Cisco Aironet 802.
C H A P T E R 4 Using the Profile Manager This chapter explains how to use the ADU profile manager feature to create and manage profiles for your client adapter.
Chapter 4 Using the Profile Manager Overview of Profile Manager Overview of Profile Manager The ADU profile manager feature enables you to create and manage up to 16 profiles (saved configurations) for your client adapter. These profiles enable you to use your client adapter in different locations, each of which requires different configuration settings. For example, you may want to set up profiles for using your client adapter at the office, at home, and in public areas such as airports.
Chapter 4 Using the Profile Manager Opening Profile Manager Table 4-1 provides a description of the status fields on the Cisco Aironet Desktop Utility (Profile Management) window. Table 4-1 Description of Status Fields on Profile Management Window Field Description Network Type The type of network that is configured for the selected profile. Value: Infrastructure or Ad Hoc Note Security Mode Refer to the Network Type parameter in Table 5-3 for instructions on setting the network type.
Chapter 4 Using the Profile Manager Creating a New Profile Creating a New Profile Follow the steps below to create a new profile. Step 1 Perform one of the following: • If you want to create a new profile from scratch, click New on the Cisco Aironet Desktop Utility (Profile Management) window. Then go to Step 4. • If you want to find an available network and create a profile based on it, click Scan on the Cisco Aironet Desktop Utility (Profile Management) window.
Chapter 4 Using the Profile Manager Creating a New Profile Figure 4-3 Configure Scan List Columns Window All of the fields that can be displayed on the Available Infrastructure and Ad Hoc Networks window appear in the Available Columns box. Highlight the fields that you want to be displayed and click the right arrow to move those fields to the Selected Columns box.
Chapter 4 Using the Profile Manager Creating a New Profile Table 4-2 Description of Fields on Available Infrastructure and Ad Hoc Networks Window Field Description Key icon SSIDs that are designated with a key icon are being advertised as secure networks. Signal-to-Noise Ratio (SNR) The difference between the signal strength and the current noise level. The higher the value, the better the client adapter’s ability to communicate with the access point.
Chapter 4 Using the Profile Manager Creating a New Profile Figure 4-4 Note Step 5 If you are creating a profile after scanning for an available network, the SSID of the network appears in the SSID1 field. Perform one of the following: • If you want this profile to use the default values, click OK. The profile is added to the profiles list on the Cisco Aironet Desktop Utility (Profile Management) window.
Chapter 4 Using the Profile Manager Including a Profile in Auto Profile Selection Including a Profile in Auto Profile Selection After you have created profiles for your client adapter, you can choose to include them in the profile manager’s auto profile selection feature. Then when auto profile selection is enabled, the client adapter automatically selects a profile from the list of profiles that were included in auto profile selection and uses it to establish a connection to the network.
Chapter 4 Using the Profile Manager Including a Profile in Auto Profile Selection Step 3 The profiles that you created are listed in the Available Profiles box. Highlight each one that you want to include in auto profile selection and click the Add button. The profiles appear in the Auto Selected Profiles box. The following rules apply to auto profile selection: • You must include at least two profiles in the Auto Selected Profiles box.
Chapter 4 Using the Profile Manager Selecting the Active Profile Selecting the Active Profile Follow the steps below to specify the profile that the client adapter is to use. Note You can use ASTU instead of the ADU Profile Manager to select the active profile. Refer to Chapter 8 for instructions. Step 1 Open ADU and click the Profile Management tab. The Cisco Aironet Desktop Utility (Profile Management) window appears (see Figure 4-1).
Chapter 4 Using the Profile Manager Modifying a Profile Modifying a Profile Follow the steps in the appropriate section below to edit or delete an existing profile. Editing a Profile Step 1 Open ADU and click the Profile Management tab. The Cisco Aironet Desktop Utility (Profile Management) window appears (see Figure 4-1). Step 2 In the profiles list, select the profile that you want to edit. Step 3 Click Modify.
Chapter 4 Using the Profile Manager Importing and Exporting Profiles Importing a Profile Step 1 If the profile that you want to import is on a floppy disk, insert the disk into your computer’s floppy drive. Step 2 Open ADU and click the Profile Management tab. The Cisco Aironet Desktop Utility (Profile Management) window appears (see Figure 4-1). Step 3 Click Import. The Import Profile window appears (see Figure 4-6).
Chapter 4 Using the Profile Manager Importing and Exporting Profiles Step 4 Click Export. The Export Profile window appears (see Figure 4-7). Figure 4-7 Export Profile Window The profile name appears in the File name box . Step 5 Choose a directory (such as your computer’s floppy disk drive or a location on the network) from the Save in drop-down box. Note The default location is the directory where ADU is installed (such as C:\Program Files\Cisco Aironet). Step 6 Click Save.
Chapter 4 Using the Profile Manager Importing and Exporting Profiles Cisco Aironet 802.
C H A P T E R 5 Configuring the Client Adapter This chapter explains how to configure profile parameters. The following topics are covered in this chapter: • Overview, page 5-2 • Setting General Parameters, page 5-3 • Setting Advanced Parameters, page 5-6 • Setting Security Parameters, page 5-14 • Enabling Wi-Fi Multimedia, page 5-59 • Setting Roaming Parameters in the Windows Control Panel, page 5-63 Cisco Aironet 802.
Chapter 5 Configuring the Client Adapter Overview Overview When you choose to create a new profile or modify an existing profile on the Cisco Aironet Desktop Utility (Profile Management) window, the Profile Management windows appear. These windows enable you to set the configuration parameters for that profile. Note If you do not change any of the configuration parameters for a newly created profile, the default values are used.
Chapter 5 Configuring the Client Adapter Setting General Parameters Setting General Parameters The Profile Management (General) window (see Figure 5-1) enables you to set parameters that prepare the client adapter for use in a wireless network. This window appears after you click New or Modify on the Cisco Aironet Desktop Utility (Profile Management) window. Figure 5-1 Profile Management (General) Window Cisco Aironet 802.
Chapter 5 Configuring the Client Adapter Setting General Parameters Table 5-2 lists and describes the client adapter’s general parameters. Follow the instructions in the table to change any parameters. Table 5-2 Profile Management General Parameters Parameter Description Profile Name The name assigned to the configuration profile. Range: You can key in up to 32 ASCII characters. Default: A blank field Client Name A logical name for your workstation.
Chapter 5 Configuring the Client Adapter Setting General Parameters Table 5-2 Profile Management General Parameters (continued) Parameter Description SSID2 An optional SSID that identifies a second distinct network and enables the client adapter to roam to that network without having to be reconfigured. Range: You can key in up to 32 ASCII characters (case sensitive).
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Setting Advanced Parameters The Profile Management (Advanced) window (see Figure 5-2) enables you to set parameters that control how the client adapter operates within an infrastructure or ad hoc network. To open this window, click the Advanced tab from any Profile Management window. Figure 5-2 Profile Management (Advanced) Window Cisco Aironet 802.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 lists and describes the client adapter’s advanced parameters. Follow the instructions in the table to change any parameters. Table 5-3 Profile Management Advanced Parameters Parameter Description Transmit Power Level Specifies the preferred power level at which your client adapter transmits.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 Profile Management Advanced Parameters (continued) Parameter Description Power Save Mode Sets your client adapter to its optimum power consumption setting.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 Profile Management Advanced Parameters (continued) Parameter Description Network Type Specifies the type of network in which your client adapter is installed. Options: Infrastructure or Ad Hoc Default: Infrastructure 802.11b Preamble Network Type Description Ad Hoc Often referred to as peer to peer.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 Profile Management Advanced Parameters (continued) Parameter Description Wireless Mode Specifies the frequency and rate at which your client adapter should transmit packets to or receive packets from access points. Options: 5 GHz 54 Mbps, 2.4 GHz 54 Mbps, and 2.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 Profile Management Advanced Parameters (continued) Parameter Description Channel Specifies the channel that your client adapter uses for communications in a 2.4-GHz ad hoc network. The available channels conform to the IEEE 802.11 Standard for your regulatory domain. The channel of the client adapter must be set to match the channel used by the other clients in the wireless network.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters Table 5-3 Profile Management Advanced Parameters (continued) Parameter Description 802.11 Authentication Mode Specifies how your client adapter attempts to authenticate to an access point. Open and shared authentication do not rely on a RADIUS server on your network. Options: Auto, Open, or Shared Default: Open 802.
Chapter 5 Configuring the Client Adapter Setting Advanced Parameters If this profile is configured for use in an infrastructure network and you want to specify up to four access points to which the client adapter should attempt to associate, click Preferred APs. The Preferred Access Points window appears (see Figure 5-3).
Chapter 5 Configuring the Client Adapter Setting Security Parameters Setting Security Parameters The Profile Management (Security) window (see Figure 5-4) enables you to set parameters that control how the client adapter associates to an access point, authenticates to the wireless network, and encrypts and decrypts data. To access this window, click the Security tab from any Profile Management window.
Chapter 5 Configuring the Client Adapter Setting Security Parameters The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your adapter or dynamically created as part of the EAP authentication process. The information in the “Static WEP Keys” and “EAP (with Dynamic WEP Keys)” sections below can help you to decide which type of WEP keys you want to use. Dynamic WEP keys with EAP offer a higher degree of security than static WEP keys.
Chapter 5 Configuring the Client Adapter Setting Security Parameters • EAP-FAST—This authentication type (Flexible Authentication via Secure Tunneling) uses a three-phased tunneled authentication process to provide advanced 802.1X EAP mutual authentication. – Phase 0 enables the client to dynamically provision a protected access credential (PAC) when necessary. During this phase, a PAC is generated securely between the user and the network.
Chapter 5 Configuring the Client Adapter Setting Security Parameters EAP-FAST authentication is designed to support the following user databases over a wireless LAN: – Cisco Secure ACS internal user database – Cisco Secure ACS ODBC user database – Windows NT/2000/2003 domain user database – LDAP user database LDAP user databases (such as NDS) support only manual PAC provisioning while the other three user databases support both automatic and manual PAC provisioning.
Chapter 5 Configuring the Client Adapter Setting Security Parameters 2. Communicating through the access point, the client and RADIUS server complete the authentication process, with the password (LEAP and PEAP), PAC (EAP-FAST), or certificate (EAP-TLS and PEAP) being the shared secret for authentication. The password and PAC are never transmitted during the process. 3. If authentication is successful, the client and RADIUS server derive a dynamic, session-based WEP key that is unique to the client.
Chapter 5 Configuring the Client Adapter Setting Security Parameters 4. The RADIUS server transmits the key to the access point using a secure channel on the wired LAN. 5. For the length of a session, or time period, the access point and the client use this key to encrypt or decrypt all unicast packets (and broadcast packets if the access point is set up to do so) that travel between them.
Chapter 5 Configuring the Client Adapter Setting Security Parameters CCKM Fast Secure Roaming Some applications that run on a client device may require fast roaming between access points. Voice applications, for example, require it to prevent delays and gaps in conversation. CCKM fast secure roaming is enabled automatically for CB21AG and PI21AG clients using WPA/WPA2/CCKM with LEAP, EAP-FAST, EAP-TLS, PEAP (EAP-GTC), or PEAP (EAP-MSCHAP V2). However, this feature must be enabled on the access point.
Chapter 5 Configuring the Client Adapter Setting Security Parameters The process takes place as follows: Note 1. A client with a LEAP profile attempts to associate to access point A. 2. Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server. 3. The client records the MAC address for access point A and the reason why the association failed. 4.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Synchronizing Security Features In order to use any of the security features discussed in this section, both your client adapter and the access point to which it will associate must be set appropriately. Table 5-4 indicates the client and access point settings required for each security feature. This chapter provides specific instructions for enabling the security features on your client adapter.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Table 5-4 Client and Access Point Security Settings (continued) Security Feature Client Setting Access Point Setting EAP-FAST authentication Choose 802.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Table 5-4 Client and Access Point Security Settings (continued) Security Feature If using Windows XP to configure card Client Setting Access Point Setting Enable WPA and choose Enable network access control using IEEE 802.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Table 5-4 Client and Access Point Security Settings (continued) Security Feature Client Setting CCKM fast secure roaming Choose WPA/WPA2/CCKM and LEAP, EAP-FAST, EAP-TLS, PEAP (EAP-GTC), or PEAP (EAP MSCHAP V2); then set the EAP authentication settings Note Access Point Setting Use Cisco IOS Release 12.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling Static WEP Follow the steps below to enable static WEP for this profile. Step 1 Choose Pre-Shared Key (Static WEP) on the Profile Management (Security) window. Step 2 Click Configure. The Define Pre-Shared Keys window appears (see Figure 5-5).
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 5 Obtain the static WEP key from your system administrator and enter it in the blank field for the key you are creating.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling WPA/WPA2 Passphrase Follow the steps below to enable WPA/WPA2 passphrase (also known as WPA/WPA2 pre-shared key) for this profile. Note To use WPA passphrase, access points must use Cisco IOS Release 12.2(11)JA or later. To use WPA2 passphrase, access points must use Cisco IOS Release 12.3(2)JA or later. Step 1 Choose WPA/WPA2 Passphrase on the Profile Management (Security) window. Step 2 Click Configure.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling LEAP Before you can enable LEAP authentication, your network devices must meet the following requirements: • Access points to which your client adapter may attempt to authenticate must use the following firmware versions or later: 11.23T (access points running VxWorks), Cisco IOS Release 12.2(4)JA (1100 series access points), Cisco IOS Release 12.2(8)JA (1200 series access points), Cisco IOS Release 12.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 2 Click Configure. The Configure LEAP window appears (see Figure 5-7). Figure 5-7 Step 3 Configure LEAP Window Choose one of the following LEAP username and password setting options: • Use Temporary User Name and Password—Requires you to enter the LEAP username and password each time the computer reboots in order to authenticate and gain access to the network, unless you choose Use Windows User Name and Password.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 4 Perform one of the following: • If you chose Use Temporary User Name and Password in Step 3, choose one of the following options: – Use Windows User Name and Password—Causes your Windows username and password to also serve as your LEAP username and password, giving you only one set of credentials to remember. After you log in, the LEAP authentication process begins automatically. This option is the default setting.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 6 If you work in an environment with multiple domains and therefore want your Windows login domain to be passed to the RADIUS server along with your username, check the Include Windows Logon Domain with User Name check box. The default setting is checked.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 12 Note When the “Finding Domain Controller” step is reached during the authentication process, a timer starts based on the number of seconds you specified for finding the domain controller. If either this value or the LEAP authentication timeout value expires before the domain controller is found, the authentication process times out.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling EAP-FAST Before you can enable EAP-FAST authentication, your network devices must meet the following requirements: • • Access points to which your client adapter may attempt to authenticate must use the following firmware versions or later: 11.23T (340 and 350 series access points), 11.54T (1200 series access points), Cisco IOS Release 12.3(4)JA (1130 series and BR 1310 series access points), Cisco IOS Release 12.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 2 Click Configure. The Configure EAP-FAST window appears (see Figure 5-8). Figure 5-8 Step 3 Configure EAP-FAST Window Choose an authentication method from the EAP-FAST Authentication Method drop-down list and click Configure. Cisco Aironet 802.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 4 If you chose GTC Token/Password in Step 3, do the following in the Configure GTC Token/Password window (see Figure 5-9): Figure 5-9 1.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 5 3. To configure the remaining options in this window, refer to “Enabling PEAP (EAP-GTC)” on page 5-48. 4. Click OK to save your settings and return to the Configure EAP-FAST window. If you chose MSCHAPv2 User Name and Password in Step 3, do the following in the Configure MSCHAPv2 User Name and Password window (see Figure 5-10): Figure 5-10 1.
Chapter 5 Configuring the Client Adapter Setting Security Parameters 3. Choose a certificate authority from which the server certificate was downloaded in the Trusted Root Certification Authorities drop-down box, or, if applicable, choose . 4. To use a temporary username and password, choose Use Temporary User Name and Password.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 6 If you chose TLS Client Certificate in Step 3, refer to “Enabling EAP-TLS” on page 5-45 (Step 5 to Step 10) to configure the options in the Configure TLS Client Certificate window (Figure 5-11). Figure 5-11 Step 7 Configure TLS Client Certificate Window In the Select One or More PAC Authorities list, select the PAC authorities and PAC authority groups that are associated with the network defined by the profile’s SSID.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 8 If necessary, follow these steps to import or modify the grouping of PAC files: a. Click Manage. The Manage PACs window appears (see Figure 5-12). Figure 5-12 Manage PACs Window b. To create a new group, click New Group. c. To move a PAC from one group to another, just drag it to the destination group. d. Click Import. The Import EAP-FAST PAC File window appears (see Figure 5-13). Figure 5-13 e.
Chapter 5 Configuring the Client Adapter Setting Security Parameters f. Choose one of these PAC store options to determine where the imported PAC file will be stored and to whom it will be accessible: • Global—PACs that are stored in the global PAC store can be accessed and used by any user at any logon stage. Global PACs are available before or during logon or after the user is logged off if the profile is not configured with the No Network Connection Unless User Is Logged In option.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 10 Step 11 Perform one of the following to configure PAC provisioning: • If you want to enable automatic PAC provisioning, make sure the Allow Automatic PAC Provisioning check box is checked. A protected access credentials (PAC) is automatically obtained as needed (for example, when a PAC expires, when the client adapter accesses a different server or when the EAP-FAST username cannot be matched to a previously provisioned PAC).
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 15 Note This parameter is available only if the 802.1x security option is selected. Note For security reasons, Cisco recommends that WEP-enabled and WEP-disabled clients not be allowed in the same cell because broadcast packets are sent unencrypted, even to clients running WEP. However, you can enable VLANs on the access point to separate WEP-enabled and WEP-disabled clients.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 16 If you want to change the value of the Group Policy Delay parameter, enter a new value or use the up and down arrows to select a value between 0 and 65535 seconds. (Microsoft supports only values between 30 and 600 seconds. The default value is 60 seconds.
Chapter 5 Configuring the Client Adapter Setting Security Parameters • Access points to which your client adapter may attempt to authenticate must use the following firmware versions or later: 12.00T (access points running VxWorks), Cisco IOS Release 12.2(4)JA (1100 series access points), Cisco IOS Release 12.2(8)JA (1200 series access points), Cisco IOS Release 12.3(4)JA (1130 series and BR 1310 series access points), Cisco IOS Release 12.3(7)JA (1240 series access points), or Cisco IOS Release 12.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 2 Click Configure. The Configure EAP-TLS window appears (see Figure 5-15). Figure 5-15 Step 3 Check the Use Machine Information for Domain Logon check box if you want the client to attempt to log into a domain using machine authentication with a machine certificate and machine credentials rather than user authentication. Doing so enables your computer to connect to the network prior to user logon.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 8 Perform one of the following: • Leave the Server/Domain Name field blank to allow the client to accept a certificate from any server that supplies a certificate signed by the certificate authority listed in the Trusted Root Certification Authorities drop-down box. This is the recommended option. • In the Server/Domain Name field, enter the domain name of the server from which the client will accept a certificate.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling PEAP (EAP-GTC) Follow these steps to enable PEAP (EAP-GTC) authentication for this profile. Step 1 Perform one of the following: • If you want to enable PEAP (EAP-GTC) without WPA or WPA2, choose 802.1x under Set Security Options and PEAP (EAP-GTC) in the 802.1x EAP Type drop-down box.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 2 Click Configure. The Configure PEAP (EAP-GTC) window appears (see Figure 5-16). Figure 5-16 Step 3 Configure PEAP (EAP-GTC) Window Check the Use Machine Information for Domain Logon check box if you want the client to attempt to log into a domain using machine authentication with user credentials rather than user authentication. Doing so enables your computer to connect to the network prior to user logon.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Note Step 7 Step 8 If you choose Token, you must use a hardware token device or the Secure Computing SofToken program (release 2.1 or later) to obtain the one-time password and enter the password when prompted during the authentication process. Secure Computing PremierAccess release 3.1.1 or later is the only supported token server.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 11 Click OK to save your settings and return to the Profile Management (Security) window.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Enabling PEAP (EAP-MSCHAP V2) Follow the steps below to enable PEAP (EAP-MSCHAP V2) for this profile. Step 1 Step 2 Perform one of the following: • If you want to enable PEAP (EAP-MSCHAP V2) without WPA or WPA2, choose 802.1x under Set Security Options and PEAP (EAP-MSCHAP V2) in the 802.1x EAP Type drop-down box.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Figure 5-17 Step 3 Configure PEAP (EAP-MSCHAP V2) Window Check the Use Machine Information for Domain Logon check box if you want the client to attempt to log into a domain using machine authentication with user credentials rather than user authentication. Doing so enables your computer to connect to the network prior to user logon. The default setting is checked.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 7 Perform one of the following to specify the username and password that will be used for inner PEAP tunnel authentication: • If you want your Windows username and password to also serve as your PEAP username and password, check the Use Windows User Name and Password check box.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 10 Step 11 Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates whether the client adapter can associate to an access point that allows both WEP and non-WEP associations: • Check the Allow Association to Mixed Cells check box if the access point to which the client adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Note This procedure enables you to use PEAP (EAP-MSCHAP V2) machine authentication with machine credentials. If you want to enable PEAP (EAP-MSCHAP V2) machine authentication with user credentials, follow the instructions in the “Enabling PEAP (EAP-MSCHAP V2)” on page 5-52.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Step 8 Perform one of the following: • On Windows 2000, click the Authentication tab. • On Windows XP, choose the Wireless Networks tab, make sure that the Use Windows to configure my wireless network settings check box is checked, click the SSID of the access point to which you want the client adapter to associate from the list of available networks, click Configure, and choose the Authentication tab.
Chapter 5 Configuring the Client Adapter Setting Security Parameters Configuring Advanced Settings To specify a server or domain name and a login name to use for authenticating user credentials (see Figure 5-19), follow these steps: Figure 5-19 Configure Advanced Settings Step 1 Leave the Specific Server or Domain field blank to allow the client to accept a certificate from any server that supplies a certificate signed by the selected certificate authority or enter the domain name of the server from w
Chapter 5 Configuring the Client Adapter Enabling Wi-Fi Multimedia Enabling Wi-Fi Multimedia Wi-Fi Multimedia (WMM) is a component of the IEEE 802.11e wireless LAN standard for quality of service (QoS). It specifically supports priority tagging and queuing. QoS is an access point feature that enables networking professionals to provide preferential treatment to certain traffic at the expense of other traffic.
Chapter 5 Configuring the Client Adapter Enabling Wi-Fi Multimedia Figure 5-20 Wireless Cisco Connection Properties Window Step 4 If the QoS Packet Scheduler is already installed, it is included in the list of components that this connection uses. If it appears in the list, go to Step 8. Otherwise, go to the next step to install it. Step 5 Click Install. The Select Network Component Type window appears (see Figure 5-21). Cisco Aironet 802.
Chapter 5 Configuring the Client Adapter Enabling Wi-Fi Multimedia Figure 5-21 Step 6 Select Network Component Type Window Choose Service and click Add. The Select Network Service window appears (see Figure 5-22). Figure 5-22 Select Network Service Window Step 7 Click QoS Packet Scheduler and OK. The Wireless Cisco Connection Properties window reappears, and the QoS Packet Scheduler is included in the list of connections. Step 8 Check the QoS Packet Scheduler check box if it is not checked.
Chapter 5 Configuring the Client Adapter Enabling Wi-Fi Multimedia Enabling the QoS Packet Scheduler on Windows XP Follow these steps to enable the QoS Packet Scheduler on a computer running Windows XP. Step 1 Click Control Panel. Step 2 Double-click Network Connections. Step 3 Right-click your wireless network connection. Step 4 Click Properties. The Wireless Network Connection Properties window appears (see Figure 5-23).
Chapter 5 Configuring the Client Adapter Setting Roaming Parameters in the Windows Control Panel Setting Roaming Parameters in the Windows Control Panel The Cisco Aironet 802.11a/b/g Wireless Adapter Properties window (see Figure 5-24) in the Windows Control Panel enables you to set two parameters that regulate the client adapter’s roaming capabilities. Figure 5-24 Cisco Aironet 802.11a/b/g Wireless Adapter Properties Window Follow these steps to access the roaming parameters.
Chapter 5 Configuring the Client Adapter Setting Roaming Parameters in the Windows Control Panel Table 5-5 Roaming Parameters (in the Windows Control Panel) Parameter Description BSS Aging Interval The amount of time (in seconds) that the client keeps an access point in its roaming scanlist after it can no longer communicate to that device. The higher the value, the greater the number of access points to which the client may roam.
Chapter 5 Configuring the Client Adapter Configuring Band Usage Configuring Band Usage If your AP coverage permits it, follow these steps to configure the client profile only in ADU to use the 5GHz (802.11a) or 2.4GHz (802.11b/g) band, not both: Step 1 Launch ADU. Step 2 Click Profile Management. Step 3 Select the profile of interest and click Modify. Step 4 Click Advanced. Step 5 Under Wireless Mode, uncheck the rates that you do not intend to use.
Chapter 5 Configuring the Client Adapter Configuring Band Usage Cisco Aironet 802.
C H A P T E R 6 Using EAP Authentication This chapter explains the sequence of events that occurs and the actions you must take when a profile that is set for EAP authentication is activated.
Chapter 6 Using EAP Authentication Overview Overview This chapter explains the sequence of events that occurs after you (or auto profile selection) activate a profile that uses EAP authentication or you eject and reinsert the client adapter, reboot the computer, log on while this profile is active, or are informed that your password has expired or is invalid.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with the Windows Username and Password This window provides information about the status of LEAP or EAP-FAST authentication. Table 6-1 lists and explains the stages of LEAP or EAP-FAST authentication. As each stage is completed, a status message (such as Success) appears in the Status field. If any error messages appear, refer to the “Error Messages” section on page 10-12 for an explanation and the recommended action to take.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with the Windows Username and Password After Profile Activation or Card Insertion After you (or auto profile selection) activate a profile that uses your Windows username and password for LEAP or EAP-FAST authentication or you eject and reinsert the client adapter while this profile is active, the following events occur: 1. The LEAP or EAP-FAST Authentication Status window appears. 2.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with the Windows Username and Password After Your EAP-FAST Password Expires If the EAP-FAST password for your current profile expires or becomes invalid, follow these steps to change your password.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with an Automatically Prompted Login Using LEAP or EAP-FAST with an Automatically Prompted Login After Profile Activation or Card Insertion After you (or auto profile selection) activate a profile that uses a separate username and password for LEAP or EAP-FAST authentication or you eject and reinsert the client adapter while this profile is active, follow these steps to authenticate.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with an Automatically Prompted Login After a Reboot or Logon After your computer reboots or you log on, follow these steps to authenticate using LEAP or EAP-FAST. Step 1 When the Windows login window appears, enter your Windows username and password and click OK. Step 2 When the Enter Wireless Network Password window appears (see Figure 6-4), enter your LEAP or EAP-FAST username and password and click OK.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with an Automatically Prompted Login After Your EAP-FAST Password Expires If the EAP-FAST password for your current profile expires or becomes invalid, follow these steps to change your password. Step 1 When the Please Change Password window appears (see Figure 6-5) to indicate that your password is invalid, enter your old password in the Old Password field.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with a Manually Prompted Login Using LEAP or EAP-FAST with a Manually Prompted Login After Profile Activation After you (or auto profile selection) activate a profile that uses LEAP or EAP-FAST authentication with a manually prompted login, follow these steps to authenticate. Note If auto profile selection is enabled, this procedure is applicable the first time auto profile selection activates a manual LEAP or manual EAP-FAST profile.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with a Manually Prompted Login Step 2 If your profile is configured for EAP-FAST and a message appears asking if you want to auto-provision a PAC, click Yes. Step 3 If your client adapter authenticates, the window shows that each stage was successful and then disappears. ASTU and the Link Status field on the ADU Current Status window show Authenticated.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with a Manually Prompted Login Figure 6-8 Note Step 3 ASTU Pop-Up Menu In ACAU, you can enable the Manual Login option in ASTU by clicking the Global Settings tab, double-clicking Global Settings, double-clicking ASTU Settings, and choosing Yes under Manual Login. When the Enter Wireless Network Password window appears (see Figure 6-9), enter your LEAP or EAP-FAST username and password and click OK.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with a Manually Prompted Login Step 4 If your profile is configured for EAP-FAST and a message appears asking if you want to auto-provision a PAC, click Yes. Step 5 If your client adapter authenticates, the window shows that each stage was successful and then disappears. ASTU and the Link Status field on the ADU Current Status window show Authenticated.
Chapter 6 Using EAP Authentication Using LEAP or EAP-FAST with a Saved Username and Password Using LEAP or EAP-FAST with a Saved Username and Password After Profile Activation or Card Insertion After you (or auto profile selection) activate a profile that uses LEAP or EAP-FAST authentication with a saved LEAP or EAP-FAST username and password or you eject and reinsert the client adapter while this profile is active, the following events occur: 1. The LEAP or EAP-FAST Authentication Status window appears.
Chapter 6 Using EAP Authentication Using EAP-TLS After Your EAP-FAST Password Expires If the EAP-FAST password for your current profile expires or becomes invalid, follow these steps to change your password. Step 1 When the Please Change Password window appears (see Figure 6-11) to indicate that your password is invalid, enter your old password in the Old Password field. Figure 6-11 Please Change Password Window Step 2 Enter your new password in both the New Password and Verify New Password fields.
Chapter 6 Using EAP Authentication Using PEAP (EAP-GTC) Using PEAP (EAP-GTC) After you (or auto profile selection) activate a profile that uses PEAP (EAP-GTC) authentication or you eject and reinsert the client adapter, reboot the computer, or log on while this profile is active, follow the steps in one of the sections below to EAP authenticate. Choose the section appropriate for your user database.
Chapter 6 Using EAP Authentication Using PEAP (EAP-MSCHAP V2) Using PEAP (EAP-MSCHAP V2) After you (or auto profile selection) activate a profile that uses PEAP (EAP-MSCHAP V2) authentication or you eject and reinsert the client adapter, reboot the computer, or log on while this profile is active, the EAP authentication process begins automatically.