Home » Cisco Manuals » Wireless » Cisco AIR-CB21AG-W-K9 » Manual Viewer

Cisco AIR-CB21AG-W-K9 Configuration Guide - Page 75

Finding the Version of the LEAP Module, Overview of PEAP-GTC

View all Cisco AIR-CB21AG-W-K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 75 highlights

Chapter 3 Configuring EAP Types Overview of PEAP-GTC Table 3-4 LEAP Network Credentials Settings (continued) LEAP Network Credentials Settings Prompt automatically for username and password Use saved username and password Description Click this radio button to require the user to enter a separate LEAP username and password, which are registered with the backend server, in addition to a Windows username and password with every authentication attempt. Default: Off Click this radio button so that the user is not required to enter a LEAP username and password with each Windows login. Authentication occurs automatically as needed using a saved username and password, which are registered with the backend server. Default: Off When selecting this option, the user must do the following: • Enter a username in the Username field. • Enter a password in the Password field. • Confirm password-Enter the password again to verify that it was entered correctly. Note The maximum number of characters allowed for the username and password is 256. The following three scenarios for credentials entry are supported by the LEAP module: • Boot time-During this state, no users are logged on. The LEAP module uses machine credentials for network authentication. The LEAP module does not prompt the user for information but instead obtains the machine credentials by using Microsoft's Local Security Authority (LSA) API. • Pre-Logon-During this state, Microsoft's Layer 2 credential provider (L2NA) queries the LEAP module through Microsoft's EAPHost APIs for types of credentials that are needed. The LEAP module indicates the appropriate type: Windows, network, or none. The user enters the appropriate credentials in a Microsoft L2NA prompt. • Post-Logon-Although the user has already logged on, the LEAP module might need to prompt the user for network credentials because a card was inserted or because network authentication failed. The LEAP module invokes the EapInvokeInteractiveUI API, which is a Microsoft EAPHost API. A LEAP credentials prompt appears, and the user must enter a username and password. Finding the Version of the LEAP Module The LEAP module version number, copyright information, and open-source software information are in About tab (see Figure 3-9). Overview of PEAP-GTC Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. While EAP was originally created for use with PPP, it has since been adopted for use with IEEE 802.1X, which is Network Port Authentication. Since its deployment, a number of weaknesses in EAP have become Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista OL-16534-01 3-21

Section	Page
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista	1
Contents	3
Preface	9
Product Overview and Installation	13
Introduction to the Client Adapters	14
Terminology	14
Hardware Components	15
Radio	15
Radio Antenna	15
LEDs	15
Software Components	16
Network Configurations Using Client Adapters	16
Ad Hoc Wireless LAN	16
Wireless Infrastructure with Workstations Accessing a Wired LAN	17
Safety information	18
FCC Safety Compliance Statement	18
Safety Guidelines	18
Warnings	19
Unpacking the Client Adapter	19
Package Contents	20
System Requirements	20
Site Requirements	21
For Infrastructure Devices	21
For Client Devices	21
Inserting the Client Adapter	22
Inserting a PC-Cardbus Card	22
Inserting a PCI Card	23
Changing the Bracket	23
Inserting the Card	24
Assembling the Antenna	25
Mounting the Antenna	26
Obtaining Client Adapter Software	29
Installing the Client Adapter Driver and Software	30
Configuring Wireless Profiles	35
Overview of Wireless Profiles	36
Accessing Microsoft Vista Network and Sharing Center	36
Creating a New Profile and Configuring Basic Settings	37
Security and Encryption Types	44
WEP (Shared) Security with Static WEP Keys	44
WPA and WPA2	44
802.1X with Dynamic WEP Keys	45
CCKM Fast Secure Roaming	46
Accessing a Profile That Was Created Previously	46
Viewing and Changing the Settings of a Profile	47
Radio Measurement	52
Advanced Roaming Setting	53
Configuring EAP Types	55
Overview of EAP-FAST	55
How EAP-FAST Works	56
Two-Phase Tunneled Authentication	56
Protected Access Credentials	57
Server Certificate Validation	57
Configuring EAP-FAST	58
Accessing EAP-FAST Properties for Configuration	58
Configuring EAP-FAST Settings in the Connection Tab	59
Overview of the User Credentials Tab	63
Client Certificates	63
Usernames and Passwords	63
Configuring EAP-FAST Settings in the User Credentials Tab	64
Understanding PIN Mode and Token Mode with OTP	66
Configuring EAP-FAST Settings in the Authentication Tab	67
Finding the Version of the EAP-FAST Module	70
Overview of LEAP	71
How LEAP Works	71
Configuring LEAP	72
Accessing LEAP Properties for Configuration	72
Configuring LEAP Settings in the Network Credentials Tab	73
Finding the Version of the LEAP Module	75
Overview of PEAP-GTC	75
How PEAP-GTC Works	76
Configuring PEAP-GTC	77
Accessing PEAP-GTC Properties for Configuration	77
Configuring PEAP-GTC Settings in the Connection Tab	79
Configuring PEAP-GTC Settings in the User Credentials Tab	81
Understanding PIN Mode and Token Mode with OTP	83
Understanding PEAP-GTC Authentication	84
Finding the Version of the PEAP-GTC Module	84
Performing Administrative Tasks	85
Using Microsoft Tools to Perform Administrative Tasks	86
Overview of Group Policy Objects	86
Adding a Group Policy Object Editor	86
Creating a EAP Group Policy Object in Windows Vista	87
Configuring Machine Authentication for EAP-FAST	88
Configuring Single Sign-On for EAP-FAST	89
Configuring Machine Authentication for PEAP-GTC	89
Configuring Single Sign-On for PEAP-GTC and LEAP	89
The EAP-FAST XML Schema	90
The PEAP-GTC XML Schema	101
The LEAP XML Schema	107
Logging for EAP Modules	110
Configuring and Starting Logging	110
Disabling Logging and Flushing Internal Buffers	111
Locating Log Files	112
Routine Procedures	113
Removing a Client Adapter	114
Removing a PC-Cardbus Card	114
Removing a PCI Card	114
Upgrading the Client Adapter Software	115
Troubleshooting and Diagnostics	119
Troubleshooting with Cisco Aironet Client Diagnostics	120
Enabling Client Reporting	124
EAP Messages	125
EAP-FAST Error Messages and Prompts	125
PEAP-GTC and LEAP Error Messages and Prompts	130
Creating Strong Passwords	133
Characteristics of Strong Passwords	133
Characteristics of Weak Passwords	133
Password Security Basics	134
Technical Specifications	135
Translated Safety Warnings	141
Explosive Device Proximity Warning	142
Antenna Installation Warning	143
Warning for Laptop Users	144
Declarations of Conformity and Regulatory Information	147
Manufacturer’s Federal Communication Commission Declaration of Conformity Statement	148
Models: AIR-CB21AG-A-K9, AIR-PI21AG-A-K9	148
FCC Certification Number: LDK102050 (CB21AG) LDK102051 (PI21AG)	148
Manufacturer: Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA	148
Department of Communications - Canada	149
Canadian Compliance Statement	149
European Community, Switzerland, Norway, Iceland, and Liechtenstein	149
Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC	149
Declaration of Conformity Statement	151
Cisco Aironet CB21AG Wireless LAN Client Adapter	151
Cisco Aironet PI21AG Wireless LAN Client Adapter	152
Declaration of Conformity for RF Exposure	153
Guidelines for Operating Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters in Japan	153
Japanese Translation	153
English Translation	153
Administrative Rules for Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters in Taiwan	154
2.4- and 5-GHz Client Adapters	154
Chinese Translation	154
English Translation	154
5-GHz Client Adapters	155
Chinese Translation	155
English Translation	155
Brazil/Anatel Approval	155
AIR-CB21AG-W-K9	156
AIR-PI21AG-W-K9	157
Channels, Power Levels, and Antenna Gains	159
Channels	160
IEEE 802.11a	160
IEEE 802.11b/g	161
Maximum Power Levels and Antenna Gains	162
IEEE 802.11a	162
IEEE 802.11b	162
IEEE 802.11g	163
Acknowledgments and Licensing	165

Match case Limit results 1 per page

3-21

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

OL-16534-01

Chapter 3

Configuring EAP Types

Overview of PEAP-GTC

The following three scenarios for credentials entry are supported by the LEAP module:

•

Boot time—During this state, no users are logged on. The LEAP module uses machine credentials

for network authentication. The LEAP module does not prompt the user for information but instead

obtains the machine credentials by using Microsoft’s Local Security Authority (LSA) API.

•

Pre-Logon—During this state, Microsoft’s Layer 2 credential provider (L2NA) queries the LEAP

module through Microsoft’s EAPHost APIs for types of credentials that are needed. The LEAP

module indicates the appropriate type: Windows, network, or none. The user enters the appropriate

credentials in a Microsoft L2NA prompt.

•

Post-Logon—Although the user has already logged on, the LEAP module might need to prompt the

user for network credentials because a card was inserted or because network authentication failed.

The LEAP module invokes the EapInvokeInteractiveUI API, which is a Microsoft EAPHost API. A

LEAP credentials prompt appears, and the user must enter a username and password.

Finding the Version of the LEAP Module

The LEAP module version number, copyright information, and open-source software information are in

About tab (see

Figure 3-9

Overview of PEAP-GTC

Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. While

EAP was originally created for use with PPP, it has since been adopted for use with IEEE 802.1X, which

is Network Port Authentication. Since its deployment, a number of weaknesses in EAP have become

Prompt automatically for

username and password

Click this radio button to require the user to enter a separate LEAP

username and password, which are registered with the backend

server, in addition to a Windows username and password with every

authentication attempt.

Default:

Off

Use saved username and

password

Click this radio button so that the user is not required to enter a LEAP

username and password with each Windows login. Authentication

occurs automatically as needed using a saved username and

password, which are registered with the backend server.

Default:

Off

When selecting this option, the user must do the following:

•

Enter a username in the

Username

field.

•

Enter a password in the

Password

field.

•

Confirm password—Enter the password again to verify that it

was entered correctly.

Note

The maximum number of characters allowed for the username

and password is 256.

Table 3-4

LEAP Network Credentials Settings (continued)

LEAP Network Credentials

Settings

Description