Enabling Peap (Eap-Mschap V2) Machine Authentication With Machine Credentials - Cisco Aironet CB21AG Installation And Configuration Manual

Chapter 5 Configuring the Client Adapter
Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates
Step 10
whether the client adapter can associate to an access point that allows both WEP and non-WEP
associations:
•
•
Note
Note
If you want to change the value of the Group Policy Delay parameter, enter a new value or use the up
Step 11
and down arrows to select a value between 0 and 65535 seconds. (Microsoft supports only values
between 30 and 600 seconds. The default value is 60 seconds.)
The Group Policy Delay parameter specifies how much time elapses before the Windows logon process
starts Group Policy, a Windows feature used by administrators to specify configuration options for
groups of users. The objective is to delay the start of Group Policy until wireless network authentication
occurs. The value that you set for this parameter goes into effect after the computer reboots with this
profile set as the active profile.
Note
Click OK to save your settings and return to the Cisco Aironet Desktop Utility (Profile Management)
Step 12
window.
Refer to
Step 13

Enabling PEAP (EAP-MSCHAP V2) Machine Authentication with Machine Credentials

The Host Based EAP option in the 802.1x EAP Type drop-down box on the Profile Management
(Security) window enables client adapters that are configured through ADU to attempt to log into a
domain using PEAP (EAP-MSCHAP V2) machine authentication with machine credentials. Doing so
enables your computer to connect to the network prior to user logon. Follow these steps to enable this
authentication type.
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
OL-4211-05
Check the Allow Association to Mixed Cells check box if the access point to which the client
adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional.
Otherwise, the client is unable to establish a connection with the access point.
Uncheck the Allow Association to Mixed Cells check box if the access point to which the client
adapter is to associate (or the VLAN to which the client will be assigned) does not have WEP set to
Optional. This is the default setting.
This parameter is available only if the 802.1x security option is selected.
For security reasons, Cisco recommends that WEP-enabled and WEP-disabled clients not be
allowed in the same cell because broadcast packets are sent unencrypted, even to clients running
WEP. However, you can enable VLANs on the access point to separate WEP-enabled and
WEP-disabled clients.
A Microsoft hot fix is required in order to use this parameter on computers running Windows
2000. Refer to the "Installing a Microsoft Hot Fix for Group Policy Delay" on page 3-21
information on obtaining and installing the hot fix.
Chapter 6 for instructions on authenticating using PEAP (EAP-MSCHAP V2).
Setting Security Parameters
for
5-55