Cisco Aironet CB21AG Installation And Configuration Manual page 84

Cisco aironet 802.11a/b/g wireless lan client adapters

Hide thumbs Also See for Aironet CB21AG:

Installation and configuration manual (286 pages)

Install wizard (34 pages)

User manual (22 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Setting Security Parameters

EAP-FAST—This authentication type (Flexible Authentication via Secure Tunneling) uses a

•

three-phased tunneled authentication process to provide advanced 802.1X EAP mutual

authentication.

–

ADU offers a variety of EAP-FAST configuration options, including how and when a username and

password are entered to begin the authentication process and whether automatic or manual PAC

provisioning is used.

The client adapter uses the username, password, and PAC to perform mutual authentication with the

RADIUS server through the access point. The username and password need to be re-entered each

time the client adapter is inserted or the Windows device is rebooted unless you configure your

adapter to use saved EAP-FAST credentials.

PACs are created by Cisco Secure ACS and are identified by an ID. The user obtains his or her own

copy of the PAC from the server, and the ID links the PAC to the profile created in ADU. When

manual PAC provisioning is enabled, the PAC is manually copied from the server and imported onto

the client device. The following rules govern PAC storage:

–

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

5-16

Phase 0 enables the client to dynamically provision a protected access credential (PAC) when

necessary. During this phase, a PAC is generated securely between the user and the network.

Phase 1 uses the PAC to establish a mutually authenticated and secure tunnel between the client

and the RADIUS server. RADIUS servers that support EAP-FAST include Cisco Secure ACS

version 3.2.3 and later.

Phase 2 performs client authentication in the established tunnel.

PACs are stored as encrypted data files in either the global or private store on the user's

computer.

Global PACs can be accessed and used by any user at any logon stage. They are available

•

before or during logon or after the user is logged off if the profile is not configured with the

No Network Connection Unless User Is Logged In option.

Private PACs can be accessed and used only by the user who provisioned them or the system

•

administrator.

Note

Global PACs are stored on C:\Document and Settings\All Users\Application

Data\Cisco\cscostore, and private PACs are stored on C:\Document and Settings\user\

Application Data\Cisco\cscostore.

If automatic PAC provisioning is enabled and it occurs after the user is logged on, the PAC is

stored in the private store of the currently logged-on user. Otherwise, the PAC is stored in the

global store.

PAC files can be added or overwritten using the import feature.

PAC files can be removed using the delete feature. They are also deleted when you uninstall the

client adapter software.

PAC files are tied to the machine, so they cannot be used if copied to another machine.

Chapter 5

Configuring the Client Adapter

OL-4211-05

Table of Contents

This manual is also suitable for:

Aironet pi21ag

Cisco Aironet CB21AG Installation And Configuration Manual page 84

Related Manuals for Cisco Aironet CB21AG

Related Products for Cisco Aironet CB21AG

This manual is also suitable for:

Table of Contents