CHAP) Version 2), over this encrypted channel to enable server validation. The challenge and response packets
are sent over a non-exposed TLS encrypted channel. The following example describes how to use WPA with AES-
CCMP or TKIP encryption with PEAP authentication.
To set up a client with PEAP Authentication:
Obtain and install a client certificate. Refer to
Set up the Client for TLS authentication or consult your
administrator.
1. Click Profiles on the Intel PROSet/Wireless main window.
2. On the Profile page, click Add to open the Profile Wizard's General Settings.
3. Profile Name: Enter a descriptive profile name.
4. Wireless Network Name (SSID): Enter the network identifier.
5. Operating Mode: Click Network (Infrastructure).
6. Click Next to access the Security Settings.
7. Click Enterprise Security.
8. Network Authentication: Select WPA-Enterprise or WPA2-Enterprise.
9. Data Encryption: Select one of the following:
❍ TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism.
❍ AES-CCMP (Advanced Encryption Standard - Counter CBC-MAC Protocol) is used as the data
encryption method whenever strong data protection is important.
AES-CCMP is recommended.
10. Enable 802.1x: Selected.
11. Authentication Type: Select PEAP to be used with this connection.
Step 1 of 2: PEAP User
PEAP relies on Transport Layer Security (TLS) to allow unencrypted authentication types (for example, EAP-
Generic Token Card (GTC) and One-Time Password (OTP) support).
1. Authentication Protocol: Select either
GTC, MS-CHAP-V2 (Default), or TLS. Refer to
Authentication Protocols.
2. User Credentials: Select one of the following:
■ Use Windows Logon: Allows the 802.1x credentials to match your Windows user
name and password. Before connection, you are prompted for your Windows logon
credentials.
■ Prompt each time I connect: Prompts for user name and password every time you
log onto the network.
■ Use the following: The user name and password are securely (encrypted) saved in the
profile.
■ User Name: This user name must match the user name that is set in the
authentication server.
■ Domain: Name of the domain on the authentication server. The server name
identifies a domain or one of its subdomains (for example, zeelans.com, where
the server is blueberry.zeelans.com). NOTE: Contact your administrator to obtain
the domain name.
■ Password: This password must match the password that is set in the
authentication server. The entered password characters display as asterisks.
■ Confirm Password: Reenter the user password.
■ Roaming Identity: If the Roaming Identity is cleared, %domain%\%username% is the
default.
When 802.1x MS RADIUS is used as an authentication server, the authentication server
authenticates the device with the Roaming Identity user name from the Intel PROSet/
Wireless utility and ignores the Authentication Protocol MS-CHAP-V2 user name. This
feature is the 802.1x identity supplied to the authenticator. Microsoft IAS RADIUS accepts only
a valid user name (dotNet user) for EAP clients. Enter a valid user name whenever 802.1x MS
RADIUS is used. For all other servers, this is optional, therefore, it is recommended that you