Overview E - Cisco Aironet Installation And Configuration Manual

Appendix E Configuring the Client Adapter through Windows XP
Four 802.1X authentication types are available when configuring your client adapter through
Windows XP:
• EAP-TLS—This authentication type is enabled through the operating system and uses a dynamic
session-based WEP key, which is derived from the client adapter and RADIUS server, to encrypt
data.
RADIUS servers that support EAP-TLS include Cisco Secure ACS version 3.0 or greater and Cisco
Access Registrar version 1.8 or greater.
Note
EAP-MD5—This authentication type is enabled through the operating system and uses static WEP
•
to encrypt data. EAP-MD5 requires you to enter a separate EAP username and password (in addition
to your standard Windows network login) in order to start the EAP authentication process and gain
access to the network.
Note
RADIUS servers that support EAP-MD5 include Cisco Secure ACS version 3.0 or greater and Cisco
Access Registrar version 1.8 or greater.
Protected EAP (or PEAP)—PEAP authentication is designed to support One-Time Password
•
(OTP), Windows NT or 2000 domain, and LDAP user databases over a wireless LAN. It is based on
EAP-TLS authentication but uses a password or PIN instead of a client certificate for authentication.
PEAP is enabled or disabled through the operating system and uses a dynamic session-based WEP
key, which is derived from the client adapter and RADIUS server, to encrypt data. If your network
uses an OTP user database, PEAP requires you to enter either a hardware token password or a
software token PIN to start the EAP authentication process and gain access to the network. If your
network uses a Windows NT or 2000 domain user database or an LDAP user database (such as
NDS), PEAP requires you to enter your username, password, and domain name in order to start the
authentication process.
RADIUS servers that support PEAP authentication include Cisco Secure ACS version 3.1 or greater.
Note
Note
OL-1394-04
EAP-TLS requires the use of a certificate. Refer to Microsoft's documentation for
information on downloading and installing the certificate.
If you want to authenticate without encrypting the data that is transmitted over your
network, you can use EAP-MD5 without static WEP.
To use PEAP authentication, you must install the PEAP supplicant during ACU
installation or Service Pack 1 for Windows XP. This Service Pack includes Microsoft's
PEAP supplicant, which supports a Windows username and password only and does not
interoperate with Cisco's PEAP supplicant. To use Cisco's PEAP supplicant, install ACU
version 5.05 or greater after Service Pack 1 for Windows XP. Otherwise, it will be
overwritten by Microsoft's PEAP supplicant.
PC-Cardbus cards do not support PEAP authentication.
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows
Overview
E-3