User's Manual
5-42
Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide
OL-4211-05
Chapter 5 Configuring the Client Adapter
Setting Security Parameters
Step 10 Perform one of the following to configure PAC provisioning:
• If you want to enable automatic PAC provisioning, make sure the Allow Automatic PAC
Provisioning check box is checked. A protected access credentials (PAC) is automatically obtained
as needed (for example, when a PAC expires, when the client adapter accesses a different server or
when the EAP-FAST username cannot be matched to a previously provisioned PAC).
• If you want to enable manual PAC provisioning, uncheck the Allow Automatic PAC Provisioning
check box. This option requires you to choose a PAC authority or manually import a PAC file.
Note LDAP user databases support only manual PAC provisioning while Cisco Secure ACS internal,
Cisco Secure ODBC, and Windows NT/2000/2003 domain user databases support both
automatic and manual PAC provisioning.
Note Provisioning occurs only upon initial negotiation of the PAC or upon PAC expiration. After the
PAC is provisioned, it serves as the per-user key by which authentication transactions are
secured.
Step 11 Check the Use Machine Information for Domain Logon check box if you want the client to attempt to
log into a domain using machine authentication with a machine certificate and machine credentials rather
than user authentication. Doing so enables your computer to connect to the network prior to user logon.
The default setting is unchecked.
Note If you do not check the Use Machine Information for Domain Logon check box, machine
authentication is not performed. Authentication does not occur until you log on.
Step 12 If you want to force the client adapter to disassociate after you log off so that another user cannot gain
access to the wireless network using your credentials, check the No Network Connection Unless User
Is Logged In check box. The default setting is checked.
Step 13 Click OK to save your settings and return to the Profile Management (Security) window.
Note If you selected a private PAC and the No Network Connection Unless User Is Logged In check
box is unchecked, a message appears indicating that the PAC may not be accessible during the
domain logon process or when you are logged off. If you want a copy of the PAC to be added to
the global store so that it will be available when you are not logged on, click Yes . If you do not
want a copy of the PAC to be added to the global store, click No; then click OK when a message
appears indicating that you may need to later reconfigure your profile to use a global PAC if you
experience wireless connection problems during domain logon or when you are not logged on.
Step 14 Perform one of the following to set the Allow Association to Mixed Cells parameter, which indicates
whether the client adapter can associate to an access point that allows both WEP and non-WEP
associations:
• Check the Allow Association to Mixed Cells check box if the access point to which the client
adapter is to associate (or the VLAN to which the client will be assigned) has WEP set to Optional.
Otherwise, the client is unable to establish a connection with the access point.
• Uncheck the Allow Association to Mixed Cells check box if the access point to which the client
adapter is to associate (or the VLAN to which the client will be assigned) does not have WEP set to
Optional. This is the default setting.