Filter
Top Products
E-4
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
OL-4211-03
Appendix E Configuring the Client Adapter through the Windows XP Operating System
Overview
When you enable EAP on your access point and configure your client adapter for EAP-TLS or PEAP
using Windows XP, authentication to the network occurs in the following sequence:
1. The client adapter associates to an access point and begins the authentication process.
Note The client does not gain full access to the network until authentication between the client
and the RADIUS server is successful.
2. Communicating through the access point, the client and RADIUS server complete the authentication
process, with the password (PEAP) or certificate (EAP-TLS) being the shared secret for
authentication. The password is never transmitted during the process.
3. If authentication is successful, the client and RADIUS server derive a dynamic, session-based WEP
key that is unique to the client.
4. The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.
5. For the length of a session, or time period, the access point and the client use this key to encrypt or
decrypt all unicast packets (and broadcast packets if the access point is set up to do so) that travel
between them.
Note Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following
URL for additional information on RADIUS servers:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918
6a00800ca7ab.html
WPA
Wi-Fi Protected Access (WPA) is a standards-based security solution from the Wi-Fi Alliance that
provides data protection and access control for wireless LAN systems. It is compatible with the IEEE
802.11i standard but was implemented prior to the standard’s ratification. WPA uses Temporal Key
Integrity Protocol (TKIP) and message integrity check (MIC) for data protection and 802.1X for
authenticated key management.
WPA supports two mutually exclusive key management types: WPA and WPA passphrase (also known
as WPA pre-shared key or WPA-PSK). Using WPA, clients and the authentication server authenticate to
each other using an EAP authentication method, and the client and server generate a pairwise master key
(PMK). The server generates the PMK dynamically and passes it to the access point. Using WPA
passphrase, however, you configure a passphrase (or pre-shared key) on both the client and the access
point, and that passphrase is used as the PMK.
In order to use WPA, your computer must be running Windows XP Service Pack 2.
Note WPA must also be enabled on the access point. Access points must use Cisco IOS Release 12.2(11)JA
or later to enable WPA. Refer to the documentation for your access point for instructions on enabling
this feature.