Cisco AIR-CB21AG-W-K9 Configuration Guide - Page 81

Chapter 3 Configuring EAP Types Configuring PEAP-GTC Table 3-5 PEAP-GTC Connection Settings (continued) PEAP-GTC Connection Settings Description Trusted Root Certificate Authority (CA) Select one of more Trusted Root CA certificates from the list of certificates that are installed on the system. Only trusted CA certificates that are installed on the host system are displayed in the drop-down list, so you must make sure that the desired trusted root CA certificate is installed. To view details about the selected Trusted Root CA certificate, double-click the certificate name. Double-clicking the certificate name opens the Windows certificate property screen, where certificate details are available. Default: None Do not prompt user to authorize new servers or trusted certificate authorities. Check this box if you do not want the user to be prompted to authorize a connection when the server name does not match or the server certificate is not signed by one of the Trusted Root CA certiticates that was selected. If this box is checked and the server certificate is not trusted, the authentication fails. Default: Off Enable fast reconnect Check this box to allow session resumption. The PEAP-GTC module supports fast reconnect (also called session resumption). When you enable fast reconnect, you can roam without re-entering your credentials. Fast reconnect can be used across different network access servers. Default: On Note If you switch profiles, log off, or reboot, fast reconnect is not attempted. You must be reauthenticated. Configuring PEAP-GTC Settings in the User Credentials Tab The PEAP-GTC module supports OTP and a username and password as user credentials for authentication. The user provides one of the following types of username and password: • One-time password (OTP)-The user must manually enter a OTP. New PIN mode and next token mode for OTP are supported. • Windows username and password-The Windows username and password are used as network access credentials. The user is always prompted to enter a password unless PEAP-GTC is configured to use single sign-on (SSO) or the password is cached. • Prompted user credentials-The user is prompted during authentication for credentials. These credentials are credentials that are separate from the Windows username and password, such as Lightweight Directory Access Protocol (LDAP) credentials. • Saved user credentials-These are user credentials that are entered as part of the PEAP-GTC configuration. The user is not prompted for credentials during authentication unless the saved credentials fail or have expired. New credentials that the user enters after successful authentication are saved automatically in the configuration. The user does not have to return to the configuration screen to change the old saved credentials. Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista OL-16534-01 3-27