User's Manual

ManualsBrandsCisco Systems ManualsComputers & Accessories802.11 a/g Cardbus Adapter

111

112

113

114

115

116

117

118

119

120

5-50

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-05

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Note If you choose Token, you must use a hardware token device or the Secure Computing SofToken

program (release 2.1 or later) to obtain the one-time password and enter the password when

prompted during the authentication process. Secure Computing PremierAccess release 3.1.1 or

later is the only supported token server.

Step 7 If you chose Token in Step 6, perform one of the following:

• Check the Always Resume the Secure Session check box at the top of the window if you want the

PEAP (EAP-GTC) supplicant to always attempt to resume the previous session without prompting

you to re-enter your credentials whenever the client adapter becomes disassociated. The session

resumes after the client temporarily loses connection to the access point (such as by roaming in and

out of coverage) or wakes up from suspend or hibernate mode. This is the default setting.

• Uncheck the Always Resume the Secure Session check box if you want to be prompted to re-enter

your PEAP (EAP-GTC) username and password whenever your client adapter temporarily loses

association by roaming out of coverage or wakes up from suspend or hibernate mode.

Note Checking this check box gives you the convenience of not having to re-enter your username and

password when your client adapter experiences momentary losses of association. However, if

you leave your device unattended during the period of time when the PEAP (EAP-GTC) session

can be resumed without re-entering user credentials, be aware that someone can resume your

PEAP (EAP-GTC) session and access the network.

Note The Always Resume the Secure Session check box is disabled if you chose Static Password in

Step 6.

Step 8 Perform one of the following to specify the username that will be used for inner PEAP tunnel

authentication:

• If you want your Windows username to also serve as your PEAP username, check the Use Windows

User Name check box. This option gives you only one username to remember.

Note If you chose the Static Password option in Step 6, the check box reads Use Windows User

Name and Password.

• If you want to enter a separate PEAP username (which is registered with the RADIUS server) in

addition to your regular Windows username in order to start the PEAP authentication process, enter

your PEAP username in the User Name field.

Note Your Windows username is filled in automatically. Simply delete your Windows username

and enter your separate PEAP username.

Step 9 If you entered a PEAP username in the previous step and chose the Static Password option in Step 6,

enter your PEAP authentication password (which is registered with the RADIUS server) in both the

Password and Confirm Password fields.

Step 10 If the Use Windows User Name and Password check box is unchecked and you want to implement added

security by further refining the network certificate that will be accepted and controlling the string used to set

up the outer PEAP tunnel, follow the steps in “Configuring Advanced Settings” on page 5-58.