Filter
Top Products
5-39
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
OL-4211-03
Chapter 5 Configuring the Client Adapter
Setting Security Parameters
Enabling EAP-TLS or PEAP
Before you can enable EAP-TLS or PEAP authentication, your network devices must meet the following
requirements:
• You must have a valid Windows username and password, and the password cannot be blank.
• The appropriate certificates must be installed on your computer. EAP-TLS requires both a
Certificate Authority (CA) certificate and a user certificate while PEAP requires only a CA
certificate.
Note Contact your system administrator if you need help obtaining and importing the necessary
certificates.
• To support EAP-TLS machine authentication with machine credentials:
–
A machine certificate must be obtained from the server, and client machine access must be
enabled on the server.
–
Permissions for the MachineKeys folder, which stores the certificate pair keys for both the
computer and users, must be set correctly. Refer to Microsoft knowledgebase article Q278381
for information on correctly setting up folder permissions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q278381
Note If you ever change permissions on higher-level directories and those settings are applied
to all subdirectories, you may need to reset the permissions for the MachineKeys folder.
• To use WPA2 with EAP-TLS or PEAP authentication, client adapters must use the software included
in Install Wizard 2.0 or later.
• Access points to which your client adapter may attempt to authenticate must use the following
firmware versions or later: 12.00T (access points running VxWorks), Cisco IOS Release 12.2(4)JA
(1100 series access points), Cisco IOS Release 12.2(8)JA (1200 series access points), or Cisco IOS
Release 12.2(13)JA (350 series access points).
Note To use WPA or CCKM, access points must use Cisco IOS Release 12.2(11)JA or later. To
use WPA2, access points must use Cisco IOS Release 12.3(2)JA or later.
• All necessary infrastructure devices (such as access points, servers, gateways, user databases, etc.)
must be properly configured for the authentication type you plan to enable on the client.
Follow the instructions in one of the sections below to enable EAP-TLS or PEAP authentication for this
profile:
• Enabling EAP-TLS, 5-40
• Enabling PEAP (EAP-GTC), 5-42
• Enabling PEAP (EAP-MSCHAP V2), 5-46
• Enabling PEAP (EAP-MSCHAP V2) machine authentication with machine certificates, 5-49