Filter
Top Products
E-3
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
OL-4211-03
Appendix E Configuring the Client Adapter through the Windows XP Operating System
Overview
EAP (with Dynamic WEP Keys)
The standard for wireless LAN security, as defined by IEEE, is called 802.1X for 802.11, or simply
802.1X. An access point that supports 802.1X and its protocol, Extensible Authentication Protocol
(EAP), acts as the interface between a wireless client and an authentication server, such as a RADIUS
server, to which the access point communicates over the wired network.
Two 802.1X authentication types are available when configuring your client adapter through
Windows XP:
• EAP-TLS—This authentication type uses a dynamic session-based WEP key derived from the
client adapter and RADIUS server to encrypt data. It uses a client certificate for authentication.
RADIUS servers that support EAP-TLS include Cisco Secure ACS release 3.0 or later and Cisco
Access Registrar release 1.8 or later.
• Protected EAP (or PEAP)—One of the following PEAP authentication types are available,
depending on the software that is installed on your computer:
–
PEAP (EAP-MSCHAP V2)—This PEAP authentication type is available if Cisco’s PEAP
security module (included in the Install Wizard file for Cisco Aironet 340, 350, and CB20A
client adapters) was not previously installed on your computer or was installed prior to Service
Pack 1 for Windows XP.
PEAP (EAP-MSCHAP V2) authentication is based on EAP-TLS authentication but uses a
password instead of a client certificate for authentication. PEAP (EAP-MSCHAP V2) uses a
dynamic session-based WEP key derived from the client adapter and RADIUS server to encrypt
data.
RADIUS servers that support PEAP (EAP-MSCHAP V2) authentication include Cisco Secure
ACS release 3.2 or later.
–
PEAP (EAP-GTC)—Although this authentication type is not officially supported for CB21AG
and PI21AG client adapters, you may be able to use it successfully if Cisco’s PEAP security
module (included in the Install Wizard file for Cisco Aironet 340, 350, and CB20A client
adapters) was previously installed on your computer and installed after Service Pack 1 for
Windows XP.
PEAP (EAP-GTC) authentication is designed to support One-Time Password (OTP), Windows
NT or 2000 domain, and LDAP user databases over a wireless LAN. It is based on EAP-TLS
authentication but uses a password or PIN instead of a client certificate for authentication.
PEAP (EAP-GTC) uses a dynamic session-based WEP key derived from the client adapter and
RADIUS server to encrypt data. If your network uses an OTP user database, PEAP (EAP-GTC)
requires you to enter either a hardware token password or a software token PIN to start the EAP
authentication process and gain access to the network. If your network uses a Windows NT or
2000 domain user database or an LDAP user database (such as NDS), PEAP (EAP-GTC)
requires you to enter your username, password, and domain name in order to start the
authentication process.
RADIUS servers that support PEAP (EAP-GTC) authentication include Cisco Secure ACS
release 3.1 or later and Cisco Access Registrar release 3.5 or later.