Network Card User Manual

ManualsBrandsIntel ManualsNetwork Card3945ABG

CHAP) Version 2), over this encrypted channel to enable server validation. The challenge and response packets

are sent over a non-exposed TLS encrypted channel. The following example describes how to use WPA with AES-

CCMP or TKIP encryption with PEAP authentication.

To set up a client with PEAP Authentication:

Obtain and install a client certificate. Refer to

Set up the Client for TLS authentication or consult your

administrator.

1. Click Profiles on the Intel PROSet/Wireless main window.

2. On the Profile page, click Add to open the Profile Wizard's General Settings.

3. Profile Name: Enter a descriptive profile name.

4. Wireless Network Name (SSID): Enter the network identifier.

5. Operating Mode: Click Network (Infrastructure).

6. Click Next to access the Security Settings.

7. Click Enterprise Security.

8. Network Authentication: Select WPA-Enterprise or WPA2-Enterprise.

9. Data Encryption: Select one of the following:

❍ TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism.

❍ AES-CCMP (Advanced Encryption Standard - Counter CBC-MAC Protocol) is used as the data

encryption method whenever strong data protection is important.

AES-CCMP is recommended.

10. Enable 802.1x: Selected.

11. Authentication Type: Select PEAP to be used with this connection.

Step 1 of 2: PEAP User

PEAP relies on Transport Layer Security (TLS) to allow unencrypted authentication types (for example, EAP-

Generic Token Card (GTC) and One-Time Password (OTP) support).

1. Authentication Protocol: Select either

GTC, MS-CHAP-V2 (Default), or TLS. Refer to

Authentication Protocols.

2. User Credentials: Select one of the following:

■ Use Windows Logon: Allows the 802.1x credentials to match your Windows user

name and password. Before connection, you are prompted for your Windows logon

credentials.

■ Prompt each time I connect: Prompts for user name and password every time you

log onto the network.

■ Use the following: The user name and password are securely (encrypted) saved in the

profile.

■ User Name: This user name must match the user name that is set in the

authentication server.

■ Domain: Name of the domain on the authentication server. The server name

identifies a domain or one of its subdomains (for example, zeelans.com, where

the server is blueberry.zeelans.com). NOTE: Contact your administrator to obtain

the domain name.

■ Password: This password must match the password that is set in the

authentication server. The entered password characters display as asterisks.

■ Confirm Password: Reenter the user password.

■ Roaming Identity: If the Roaming Identity is cleared, %domain%\%username% is the

default.

When 802.1x MS RADIUS is used as an authentication server, the authentication server

authenticates the device with the Roaming Identity user name from the Intel PROSet/

Wireless utility and ignores the Authentication Protocol MS-CHAP-V2 user name. This

feature is the 802.1x identity supplied to the authenticator. Microsoft IAS RADIUS accepts only

a valid user name (dotNet user) for EAP clients. Enter a valid user name whenever 802.1x MS

RADIUS is used. For all other servers, this is optional, therefore, it is recommended that you