Cisco AIR-CB21AG-W-K9 Installation And Configuration Manual page 61

802.11a/b/g wireless lan client adapters windows vista

Hide thumbs Also See for AIR-CB21AG-W-K9:

Datasheet (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

Table of Contents

Chapter 3

Configuring EAP Types

Table 3-1

Connection Settings

Use Protected Access

Credential (PAC)

Allow automatic PAC

provisioning

PAC Authority

Import

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista

OL-16534-01

Connection Settings (continued)

Description

Check this box to enable the use of a PAC to establish a tunnel. When

this box is checked, PAC provisioning is requested. If this box is not

checked, EAP-FAST acts as PEAP and uses only the authenticated

server certificate to establish the tunnel every time.

The PAC is a unique shared credential used to mutually authenticate

a client and a server. The PAC is associated with a specific client

username and a server authority ID. A PAC removes the need for PKI

and digital certificates. The PAC is distributed or imported to the

client automatically or manually.

Manual PAC provisioning generates the PAC file locally on the AAA

or EAP-FAST server. With manual provisioning, the user credentials

are supplied to the server to generate the PAC file for that user. This

PAC must then be manually installed on the client device.

Default: On

Check this box to enable the automatic retrieval of a PAC during

EAP-FAST authentication.

Automatic PAC provisioning enables the automatic retrieval of a PAC

during EAP-FAST authentication. Automatic PAC provisioning uses

TLS with a Diffie-Hellman Key Agreement protocol to establish a

secure tunnel. In addition, MSCHAPv2 is used to authenticate the

client and for early man-in-the-middle (MITM) attack detection.

Default: On

Select a PAC authority from the drop-down list.

Default: None

The drop-down list contains the names of all of the PAC

Note

authorities from which you have previously provisioned a

tunnel PAC. If you have not provisioned a PAC, then "none"

is the only option. You can also select "none" to force the host

to request provisioning a PAC.

Click the Import button to manually import a PAC file. When you

click on this button, the Import Protected Access Credentials (PAC)

File window appears. If you need to enter a password for the PAC file

that you have selected, a password window will appear.

After you have selected and imported a valid PAC file, the PAC

authority is added to the PAC authority drop-down list.

Default: Enabled

Configuring EAP-FAST

3-7

Table of Contents

Troubleshooting

This manual is also suitable for:

Aironet cb21ag Aironet pi21ag

Cisco AIR-CB21AG-W-K9 Installation And Configuration Manual page 61

Troubleshooting

Related Manuals for Cisco AIR-CB21AG-W-K9

Related Products for Cisco AIR-CB21AG-W-K9

This manual is also suitable for:

Table of Contents