Intel(R) PROSet/Wireless WiFi Connection Utility User's Guide Supported wireless adapters: ● ● ● ● ● ● ● ● ● Intel(R) Intel(R) Intel(R) Intel(R) Intel(R) Intel(R) Intel(R) Intel(R) Intel(R) WiMAX/WiFi Link 5350 WiMAX/WiFi Link 5150 WiFi Link 5300 WiFi Link 5100 Wireless WiFi Link 4965AGN Wireless WiFi Link 4965AG_ PRO/Wireless 3945ABG Network Connection PRO/Wireless 2915ABG Network Connection PRO/Wireless 2200BG Network Connection With your wireless network card, you can access wireless networks, share f
● ● ● ● ● ● ● ● ● ● ● Wireless Network Overview Administrator Tool Create Administrator Packages Create Profiles for Windows XP* Security Overview Safety and Regulatory Information Specifications Troubleshooting Glossary Customer Support Warranty Information in this document is subject to change without notice. © 2004–2008 Intel Corporation. All rights reserved. Intel Corporation, 5200 N.E.
that affect radio operation and to ensure electromagnetic compliance (EMC). These parameters include, without limitation, RF power, spectrum usage, channel scanning, and human exposure. For these reasons Intel cannot permit any manipulation by third parties of the software provided in binary format with the wireless LAN adapters (e.g., the EEPROM and firmware). Furthermore, if you use any patches, utilities, or code with the Intel wireless LAN adapters that have been manipulated by an unauthorized party (i.
Back to Contents Use the Intel(R) PROSet/Wireless WiFi Connection Utility Software Use Intel(R) PROSet/Wireless WiFi Connection Utility as your Wireless Manager Start Intel(R) PROSet/Wireless WiFi Connection Utility Start Intel(R) PROSet/Wireless WiFi Connection Utility from the Taskbar ● ● Taskbar Icons Tool Tips and Desktop Alerts Intel(R) PROSet/Wireless WiFi Connection Utility Main Window ● ● ● ● ● First Time Connection WiFi Networks list Connection Status Icons Network Properties Connection Detail
Use Intel(R) PROSet/Wireless WiFi Connection Utility as Your Wireless Manager Intel(R) PROSet/Wireless WiFi software is used to set up, edit, and manage network profiles to connect to a network. It also includes advanced settings such as power management and channel selection for setting up ad-hoc networks. If you use Microsoft* Windows XP* Wireless Zero Configuration as your wireless manager, you can disable it from the Microsoft Windows Wireless Network tab.
Intel(R) PROSet/Wireless WiFi Connection Utility Main Window the WiFi connection utility Main Window lets you: ● ● ● ● ● ● ● View the current connection details (signal quality, speed and current network name). Scan for available wireless networks. Manage profiles. Auto-connect profiles to available networks in a specific order defined in the Profile list. Connect to Infrastructure and Device to Device (ad hoc) networks. Configure adapter settings. Troubleshoot wireless connection problems.
Connection Details On the main window, click Details to view detailed parameters of the access point and network adapter. The Connection Details window displays the current network connection information. See Connection Details for a complete description. The Taskbar icon also indicates the current connection status. See Taskbar Icons. Main Window Connection Status Icons The connection status icons indicate the current connection status of your wireless adapter.
Name Description File Exit: Closes the WiFi connection utility main window. Tools Application Settings: Use to set system wide connection preferences. See Application Settings for information. Intel Wireless Troubleshooter: Use to resolve wireless network connection problems. See Intel Wireless Troubleshooter for more information. Manual Diagnostics Tool: The Manual Diagnostics Tool lets you run a set of diagnostics tests that verify the functionality of your wireless adapter.
Profiles Manage Profiles: Select to create or edit profiles. Manage Exclusions: Select to exclude networks from automatic connection. See Manage Exclusions for more information. Help Intel PROSet/Wireless WiFi Help: Starts the online help. About: Displays version information for the currently installed application components. Administrator Tool (Tools menu) The Administrator tool is for administrators or the person who has administrator privileges on this computer.
EAP-FAST A-ID Groups An administrator can select which Authority Identifier (A-ID) RADIUS server to provision Protected Access Credentials (PACs) for profiles that use EAP-FAST authentication. A-ID groups are shared by all users of the computer and allow EAP-FAST profiles to support multiple PACs from multiple A-IDs. See Administrator Tool EAP-FAST A-ID Groups. Change Password Change the password for the Administrator Tool. See Change Password for more information. Close Closes the page.
Installing Intel(R) PROSet/Wireless WiFi Connection Utility Typical Installation The following components are installed in a Typical installation.
● ● The WiFi connection utility driver. You can choose to install the driver only if desired. This is the minimal installation. The WiFi connection utility. For a Typical installation, this includes the following: ❍ Wi-Fi Protected Setup* ❍ Intel Wireless Troubleshooter NOTE: If you plan to use Novell Client* for Windows, it should be installed prior to installation of the WiFi connection utility.
Intel(R) Wireless Troubleshooter: Provides valuable assistance in resolving wireless WiFi connection problems. To install these features, select Custom during installation. Follow the instructions below to install features. If the WiFi connection utility is already installed, see the post-installation instructions. Install Intel(R) PROSet/Wireless WiFi Connection Utility 1. Insert the Installation CD in your CD drive. 2.
4. Read the license agreement. 5. Click I accept the terms in the license agreement. You can click Print if you want a printed copy of the agreement. Then click Next. 6. Click Next to accept the default install destination folder. Otherwise, click Change to specify a different location. Then click OK and Next. 7. Click Typical or Custom. If you click Typical, proceed to step 9. 8. If performing a Custom installation, select from the list of features to install.
2. Click Intel PROSet/Wireless WiFi Software. 3. Click Change. 4. The next message displays: Welcome to the InstallShield Wizard to Intel(R) PROSet/Wireless WiFi Software. Click Next. 5. Click Remove. 6. Click Next. 7. The next message appears. Make your selection from the list and click Next. Save User Defined Settings. Choose what to do with your current application: ❍ ❍ ❍ Save. Save settings and files applicable to the current version of the application. Convert and Save.
Back to Contents Get Connected Connect to a Wireless Network First Time Connection Using Wi-Fi Protected Setup* Configure an Access Point and set up a Network Connect an Enrollee to a Network or Access Point Add an Enrollee to a Network at the Registrar Other Wireless Managers Connect to a Wireless Network You can connect to a wireless network with one of the following methods.
1. Double-click the desktop alert to open the WiFi connection utility main window. 2. Select a network from the WiFi Networks list.
3. Click Connect. If the network does not require security authentication, a desktop alert notifies you that you are connected to the network. See Main Window and Taskbar for more information about the taskbar menu and icons. If you need to add security authentication: 1. The Create Wireless Profile manager opens and guides you through the configuration process. 2. Specify a Profile Name. The Profile Name is your name for this network. It can be anything that helps you identify this network.
computers equipped with wireless adapters, and optionally attaching external network connectivity (i. e. the Internet, typically by connecting the access point to a DSL or cable modem, or equivalent). Configure an Access Point and Set up a Network The following steps will configure this computer as a registrar for a secure network or access point. 1. Locate the device ownership password for the access point. This is set by the manufacturer of the access point.
computer. Click this message. (Or, you can select the network from the WiFi Networks list in the WiFi connection utility main window.) 7. At the next window, on the Available Networks list, select the network that you want to connect to. The listed network depends on what is detected. Click Next. 8. At the next window, enter the Device Ownership Password that you retrieved from the access point in step 1. Click Next to continue.
9. The next window shown displays the Network Name, Security Type, and Password. If the access point is already configured, it is grayed out; proceed to step 10. If the access point is not configured (fields are not grayed out), proceed to step 11. 10. After a few seconds the following message is displayed: The access point is already configured. Do you want to reconfigure it? If you do not want to reconfigure the access point, select No.
completed this step, click Next. The following windows show the configuration of the access point and the registrar.
The following window appears briefly and shows the configuration of wireless settings for the access point.
14. After the network receives the Ownership Password, you are notified that you have Successfully connected to . Click Finish. This process completes configuration of the access point and the registrar.
15. If you want to save these settings to a profile for future use by a legacy client, click Save wireless settings. The profile settings are saved to a text file (txt) on your local hard drive. The file is saved to your local C:\ drive by default. Accept the default save location or click Browse to choose another location on your computer. Next, you can connect an enrollee (computer) to the network using the registrar.
2. The Wireless Network Configuration start up page opens. Use the Available Networks list to select the network that you want to connect to (in this example it is MyWPS). Then click Next. 3. The Discovery window opens. The enrollee that you want to connect to the network discovers the registrar for the network. Assuming that the Discovery process succeeds, the name of the registrar or access point is displayed.
4. The next window appears, displaying the Device Password (enrollee password). The password displayed at the enrollee is a unique, randomly generated temporary password for the enrollee. This password is used to ask permission to connect to the network access point. (The password shown below is an example only).
5. At the registrar, enter the password provided by the enrollee. Then click Next. NOTE: This process assumes that the registrar is running the WiFi connection utility; the process and windows displayed at the registrar may be different for software from other vendors. Some access points may have a built in registrar.
6. The next window lists the profile for this network. The selected profile will be sent to the enrollee, granting it access to the network. Only supported profiles are displayed. Supported profiles are those based on WPA-PSK, WPA2-PSK, and Open (None) security. Select the profile and click Next to finalize the enrollment process.
7. The last window shows that the enrollee registration with the registrar is complete. Click Finish.
8. At the enrollee, click Next. At the enrollee, you are notified when you have Successfully connected to . Click Finish. Add an Enrollee to an Existing Network at the Registrar This following procedure lets you add an enrollee to an existing network, where the access point is already configured and the registrar has already joined the AP.
Microsoft Windows XP* Wireless Zero Configuration To switch from the Intel(R) PROSet/Wireless WiFi Connection Utility to the Microsoft Windows XP Wireless Zero Configuration, perform these steps: 1. At the Intel(R) PROSet/Wireless WiFi Connection Utility main window, under the Advanced menu, select Use Windows to manage WiFi. Then click Close. 2. Right-click on the tasktray icon and select Open Wireless Zero Configuration.
Back to Contents Profile Management ● ● ● ● ● ● ● ● ● ● What is a Profile? Profiles Types Profiles List Profile Icons Connect to a Profile Create a New Profile Edit an Existing Profile Remove a Profile Set a Profile Password Export or Import Profiles What is a Profile? A profile is a saved group of network settings. Profiles are displayed in the Profiles List. Profiles are useful when moving from one wireless network to another. Different profiles can be configured for each wireless network.
● not accessible by other users of a computer. Administrator Profiles: If one or more profiles need to be shared among users on a computer, the Administrator Tool must be installed to create Administrator profiles. For more information, see Administrator Profiles . Profiles List The Profiles list displays a list of existing profiles. When you come in range of a wireless network, the WiFi connection utility software scans the Profiles list to see if there is a match.
operating mode being used, and whether security encryption is enabled. These icons display next to the profile name in the Profiles list. Name Description Profile Name The Profile Name is your name for this network. It can be anything that helps you identify this network. For example, My Home Network, Coffee Shop on A Street. Network Name Name of the wireless network (SSID) or computer.
that lower profile. This is achieved the from the WiFi connection utility or from the Taskbar icon. Manually connect to a profile from the Intel PROSet/Wireless WiFi software: 1. 2. 3. 4. Double-click the Taskbar icon to open the Intel PROSet/Wireless WiFi main window. Click Profiles to open the Profiles list. Select the profile from the Profiles list. Click Connect. Remember that the connection is only made if the wireless network is in range. Manually connect to a profile from the Taskbar: 1. 2. 3. 4.
3. 4. 5. 6. Profile Name: Enter a descriptive profile name. Wireless Network Name (SSID): Enter the wireless network name. Select the Operating Mode: Network (Infrastructure) or Device to Device (ad hoc). Click Advanced for the following options: ❍ Auto Connect: Select to automatically or manually connect to a profile. ❍ Auto Import: Network administrator can export a profile on another computer. ❍ Mandatory Access Point: Select to associate the wireless adapter with a specific access point.
7. From the General Settings, click Next to open the Security Settings.
8. Select either Personal or Enterprise Security to select the Network Authentication and Data Encryption options. Enter the encryption key settings and configure the 802.1X settings as required.
9. Click OK when you have completed the profile settings. To change or verify the profile settings, click Back. 10. If you are not currently connected to a network, Intel PROSet/Wireless WiFi detects that a new profile has been added and automatically attempts to connect to this new profile. 11. If you want to manually connect to this profile, click Connect. The connection icon displays the current connection status. The network name, transmit and receive speeds, and signal quality are also displayed.
4. Click Next and Back to navigate through the Wireless Profile Properties' General and Security Settings: ❍ General Settings: See General Settings for more information. ❍ Security Settings: See Security Settings for more information. 5. Click OK to save the current settings and exit. Click Cancel to exit without saving changes. Remove a Profile To remove a profile: 1. Click Profiles on the Intel PROSet/Wireless WiFi main window. 2. Select the profile from the list. 3. Click Remove.
Import or Export Profiles This feature lets you import and export user-based profiles to and from the Profiles list. Wireless profiles can be automatically imported into the Profiles list. An administrator can set profiles to be imported automatically into the Profiles list. Intel PROSet/Wireless WiFi monitors the import folder on your hard disk for new profile files. Only profiles that have been enabled through Enable Auto-Import in the Advanced Settings are automatically imported.
Export Profiles from the Profiles List 1. Select individual or multiple profiles from the list. 2. Select Export to export one or more profiles from the Profiles list. 3. Select the destination folder. Click Browse to search your hard disk for the destination directory. The C:\ drive is the default directory. 4. Click OK to export the selected profile. You are notified: Successfully exported selected profiles to the destination folder: C:\. To select multiple profiles: 1.
Back to Content Set Up Profile Security Use the Intel(R) PROSet/Wireless WiFi Connection Utility Personal Security Personal Security Settings Set up Data Encryption and Authentication ● ● ● ● Set up a Client with Set up a Client with Set up a Client with Set up a Client with Security Settings No Authentication and No Data Encryption WEP 64-bit or WEP 128-bit Data Encryption WPA*-Personal (TKIP) or WPA2*-Personal (TKIP) Security Settings WPA*-Personal (AES-CCMP) or WPA2*-Personal (AES-CCMP) Enterprise S
The following sections describe how to use the WiFi connection utility to set up the required security settings for your wireless adapter. See Personal Security. It also provides information about how to configure advanced security settings for your wireless adapter. This requires information from a systems administrator (corporate environment) or advanced security settings on your access point (for home users). See Enterprise Security. For general information about security settings, See Security Overview.
Pass phrase (64-bit): Enter five (5) alphanumeric characters, 0-9, a-z or A-Z. Hex key (64-bit): Enter 10 hexadecimal characters, 0-9, A-F. Key Length: 128-bit Pass phrase (128-bit): Enter 13 alphanumeric characters, 0-9, a-z or A-Z. Hex key (128-bit): Enter 26 hexadecimal characters, 0-9, A-F. With WEP data encryption, wireless station can be configured with up to four keys (the key index values are 1, 2, 3, and 4).
9. Click OK. The profile is added to the Profiles list and connects to the wireless network. Set up a Client with WEP 64-bit or WEP 128-bit Data Encryption When WEP data encryption is enabled, a network key or password is used for encryption.
Pass phrase (64-bit ) Enter five (5) alphanumeric characters, 0-9, a-z or A-Z. WEP key (64-bit) Enter 10 hexadecimal characters, 0-9, A-F. Pass phrase (128-bit) Enter 13 alphanumeric characters, 0-9, a-z or A-Z. WEP key (128-bit) Enter 26 hexadecimal characters, 0-9, A-F. 2. Key Index: Change the Key Index to set up to four passwords. 3. Click OK to return to the Profiles list. To add more than one password: 1. 2. 3. 4. Select the Key Index number: 1, 2, 3, or 4. Enter the Wireless Security Password.
1. On the WiFi connection utility main window, double-click an infrastructure network in the WiFi Networks list or select the network and click Connect. 2. Click Profiles to access the Profiles list. 3. Click Properties to open the wireless profile General Settings. The Profile name and Wireless Network Name (SSID) display. Network (Infrastructure) should be selected as the Operating Mode. 4. Click Next to open the Security Settings. 5. Select Personal Security. 6.
2. If these are being transmitted, the Profile name and Wireless Network Name (SSID) should display on the General Settings screen. Network (Infrastructure) should be selected as the Operating Mode. Click Next to open the Security Settings. 3. Select Personal Security. 4. Security Settings: Select WPA2-Personal (AES-CCMP) to provide this level of security in the small network or home environment. It uses a password, also called a pre-shared key (PSK).
Back to Contents Wireless Network Overview About Wireless Networks What do I Need to Set up a Wireless Network? Wireless Networking Basics ● ● ● ● ● ● What is a Wireless Network Management Utility? Network Name Profiles Security Identify a Wireless Network Select a Wireless Network Mode How do I Turn My Radio On and Off? About Wireless Networks A Wireless Local Area Network (WLAN) connects computers without network cables. Instead, computers use radio communications to send data between each other.
● wireless network. If you want internet access for your WLAN, you also need broadband internet service such as cable or DSL. This includes a broadband modem. Wireless Networking Basics What is a Wireless Network Management Utility? The WiFi connection utility is a wireless network management utility. It helps you manage your wireless connections.
WiFi connection utility can easily help you set up a security method for your WLAN. Common security methods for WLANs use keys or passwords, where the computer requesting access must provide the key or password to get access. WLANs can also use encryption to encode the data. With encryption, before a computer transmits data it uses a secret encryption key to scramble the data. The receiving computer uses this same key to unscramble the data.
wireless computers to send information directly to other wireless computers. You can use Device-to-Device mode to network computers in a home or small office or to set up a temporary wireless network for a meeting. How do I turn my Radio on and off? You will need to turn the wireless adapter radio off (and on) on different occasions. For example, you may be required to turn the radio off when boarding an airplane. You can also turn it off to conserve battery power.
Back to Contents Administrator Tool Set Administrator Password Administrator Tool Settings Administrator Packages for Windows XP* Administrator Profiles ● ● ● ● Persistent Profiles Pre-logon/Common Connection Exclude Networks Voice over IP (VoIP) Connection Application Settings Adapter Settings EAP-FAST A-ID Groups Administrator Tasks The Administrator Tool is used by the person who has administrator privileges on this computer.
you need to create the package on a computer running Windows Vista. You cannot create a package for Windows Vista on a computer running Microsoft Windows XP*. Create a New Package 1. At the Tools menu, click Administrator Tool. 2. Enter the Administrator Tool password. 3. Open Administrator Package: Click Create a Windows XP package, or Open an existing package.
Open an existing package Select to browse for and open an existing package. 4. Click OK. 5. Configure the following options to be included in the package: Name Description Profiles Click Include Profiles in this package. Profiles can be shared with other users. Application Settings Click Include Application Settings in this package. Specify application settings to be enabled. Adapter Settings Click Include Adapter Settings in this package.
Administrator Package. Administrator Profiles Administrator Profiles are managed by the network administrator. These profiles can be exported to other computers. These profiles are common or shared by all users on this computer. However, end users cannot modify these profiles. They can only be modified from the Administrator Tool, which is password protected. There are two types of Administrator Profiles: Persistent and Pre-logon/Common.
Persistent Profiles Persistent profiles are applied at boot time or whenever no one is logged on the computer. After a user logs off, a Persistent profile maintains a wireless connection either until the computer is turned off or a different user logs on. Persistent profile key points: ● ● The following types of profiles can be created as Persistent profiles: ❍ All profiles that do not require 802.
Pre-logon/Common profiles are applied prior to a user log on. If Single Sign On support is installed, the connection is made prior to the Windows log-on sequence (Pre-logon/Common). If Single Sign On support is not installed, the profile is applied once the user session is active. Pre-logon/Common profiles always appear at the top of the Profiles list. Users can still prioritize profiles that they have created but they cannot reprioritize Pre-logon/Common profiles.
❍ ❍ ❍ Common connection, you will be prompted for your user credentials. Enter your credentials. Click OK. The profile is applied and the Status page displays the progress of the connection status until you are logged onto Windows. Click Cancel on the Credentials page to select another profile. NOTE: A user certificate can only be accessed by a user that has been authenticated on the computer.
network is displayed in the Exclude List Management and is indicated by this icon: To exclude a network: 1. 2. 3. 4. 5. Click Include Profiles in this package. Click Exclude. Click Add to open the Exclude Network (SSID). Network Name: Enter the network name of the network that you want to exclude. Click OK to add the network name to the list. To remove a network from exclusion: 1. Select the network name in the Exclude list. 2. Click Remove. The network is deleted from the list.
ITU G.723 Multi-rate Coder ITU G.726 ADPCM (Adaptive Differential Pulse Code Modulation) ITU G.727 Variable-Rate ADPCM ITU G.728 LD-CELP (Low-Delay Code Excited Linear Prediction) ITU G.729 CS-ACELP (Conjugate Structure Algebraic-Code Excited Linear Prediction) An administrator can export VoIP settings to configure various codec data rates and frame rates to improve voice quality in VoIP transmissions.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● G711_64kbps G722_64kbps G722_56kbps G722_48kbps G722_1_32kbps G722_1_24kbps G722_1_16kbps G726_16kbps G726_24kbps G726_32kbps G726_40kbps G728_16kbps G729a_8kbps G729e_11_8kbps GIPS_iPCM_VARIABLE G722_2_VARIABLE ● ● ● ● ● Interactive Voice Audio Conference Voice Data Video Streaming Audio ● ● 20 30 5. Click OK to return to the Profiles list. 6. Click Close to save the profile settings to a package.
To add an A-ID to an A-ID group: 1. 2. 3. 4. Select a group from the A-ID Groups list. Click Add in the A-IDs section. Select an A-ID. Click OK. The A-ID is added to the list. Once an A-ID group has been selected, the A-IDs are extracted from the PACs on the A-ID group server. The list of A-IDs is automatically populated.
If you do not know how to obtain a user certificate from the CA, consult your administrator for the procedure. To install the CA on the local machine: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. Obtain the CA and store it on your local drive. Click Import. The Certificate Import Wizard opens. Click Next. Click Browse to locate the certificate on your local drive. Click the exported certificate. Click Open. Click Next. Click Place all certificates in the following store.
2. 3. 4. 5. 6. 7. 8. 9. 10. 11. command that brings you to the certificate authority. You can also use the IP address of the server machine. For example, "192.0.2.12/certsrv." Logon to the CA with the name and password of the user account you created on the authentication server. The name and password do not have to be the same as the Windows log on name and password of the current user. On the Welcome page of the CA, select Request a certificate task and submit the form.
2. 3. 4. 5. 6. 7. 8. 9. 10. Profile Name: Enter a profile name. Wireless Network Name (SSID): Enter the network identifier. Operating Mode: Network (Infrastructure) is selected by default. Click Next to open the Security Settings. Click Enterprise Security. Network Authentication: Select Open (Recommended). Data Encryption: Select WEP. 802.1X Enabled: Selected. Authentication Type: Select TLS. Step 1 of 2: TLS User 1. Obtain and install a client certificate. 2.
Back to Contents Configure Profiles for Network (Infrastructure) Operating Mode A Network (Infrastructure) network consists of one or more access points and one or more computers with wireless adapters installed. Each access point must have a wired connection to a wireless network. This section describes how to create various profiles.
correct network name (SSID) can associate with an access point and gain access to the network. 10. Data Encryption: None is the default. 11. Click OK. The profile is added to the Profiles list and connects to the wireless network. Create a Windows XP* Profile with Shared Network Authentication When shared key authentication is used, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel.
Create a Windows XP* Profile with WPA-Personal or WPA2-Personal Network Authentication Wi-Fi Protected Access (WPA) is a security enhancement that strongly increases the level of data protection and access control to a wireless network. WPA-Personal enforces key-exchange and only works with dynamic encryption keys. If your wireless access point or router supports WPA-Personal or WPA2Personal, then you should enable it on the access point and provide a long, strong password.
● authentication server. WPA2-Enterprise: The follow-on wireless security method to WPA that provides stronger data protection for multiple users and large managed networks. It prevents unauthorized network access by verifying network users through an authentication server. NOTE: WPA-Enterprise and WPA2-Enterprise are interoperable. To add a profile that uses WPA-Enterprise or WPA2-Enterprise authentication: 1. Obtain a user name and password on the RADIUS server from your administrator. 2.
6. Administrator Profile Type: Select Pre-logon/Common. (This step applies only if you are using the Administrator Tool. EAP-SIM cannot be used for Persistent profiles.) 7. Click Next to open the Security Settings. 8. Click Enterprise Security. 9. Network Authentication: Select Open (Recommended). 10. Data Encryption: Select WEP. 11. Click Enable 802.1X. 12. Authentication Type: Select EAP-SIM.
10. Data Encryption: Select WEP or CKIP for Open authentication, TKIP or AES-CCMP for Enterprise authentication. 11. Click Enable 802.1X if it is not already selected. 12. Authentication Type: Select EAP-AKA. EAP-AKA User (optional) 1. Click Specify user name (identity): 2. At User Name: Enter the user name assigned to the USIM card. 3. Click OK. Create a Windows XP* Profile with TLS Network Authentication These settings define the protocol and the credentials used to authenticate a user.
Step 1 of 2: TLS User 1. Obtain and install a client certificate. See Create a Profile with TLS authentication or consult your system administrator. 2. Select one of the following to obtain a certificate: Use my smart card, Use the certificate issued to this computer, or Use a user certificate on this computer. 3. Click Next to open the TLS Server settings.
Step 2 of 2: TLS Server 1. Select one of the following credential retrieval methods: Validate Server Certificate or Specify Server or Certificate Name. 2. Click OK. The profile is added to the Profiles list. 3. Click the new profile at the end of the Profiles list. Use the up and down arrows to change the priority of the new profile. 4. Click Connect to connect to the selected wireless network. 5. Click OK to close Intel PROSet/Wireless WiFi.
over a non-exposed TLS encrypted channel. To set up a client with TTLS Authentication: 1. Click Profiles on the WiFi connection utility main window. Or if you are acting as the administrator, open the Administrator Tool. 2. On the Profiles list, click Add to open the Create Wireless Profile General Settings. 3. Profile Name: Enter a descriptive profile name. 4. Wireless Network Name (SSID): Enter the network identifier. 5. Operating Mode: Click Network (Infrastructure).
Step 1 of 2: TTLS User 1. Authentication Protocol: This parameter specifies the authentication protocol operating over the TTLS tunnel. The protocols are: PAP (Default), CHAP, MS-CHAP and MS-CHAP-V2. See Security Overview for more information. 2. User Credentials: For PAP, CHAP, MS-CHAP, and MS-CHAP-V2 protocols, select one of these authentication methods: Use Windows logon, Prompt each time I connect, or Use the following. 3.
Step 2 of 2: TTLS Server 1. Select one of the following credential retrieval methods: Validate Server Certificate or Specify Server or Certificate Name. 2. Click OK to save the setting and close the page. Create a Windows XP* Profile with PEAP Network Authentication PEAP authentication: PEAP settings are required for the authentication of the client to the authentication server. The client uses EAP-TLS to validate the server and create a TLS-encrypted channel between client and server.
When 802.1X Microsoft IAS RADIUS is used as an authentication server, the server authenticates the device using the Roaming Identity from Intel PROSet/Wireless WiFi software, and ignores the Authentication Protocol MS-CHAP-V2 user name. Microsoft IAS RADIUS accepts only a valid user name (dotNet user) for the Roaming Identity. For all other authentication servers, the Roaming Identity is optional.
To configure a one-time password: 1. Authentication Protocol: Select GTC (Generic Token Card). 2. User Credentials: Select Prompt each time I connect. (This is only available if you are creating a personal profile. Not available for IT profiles.) 3. On connection prompt for: Select one of the following: Name Description Static Password On connection, enter the user credentials. One-time password (OTP) Obtain the password from a hardware token device.
4. 5. 6. 7. 8. Click OK. If you are acting as the user, perform the following three steps. Select the profile on the WiFi Networks list. Click Connect. When prompted, enter the user name, domain and OTP. Click OK. You are asked to verify your log in information. MS-CHAP-V2: This parameter specifies the authentication protocol operating over the PEAP tunnel. 1. User Credentials: Select one of the following options: Use Windows logon, Prompt each time I connect, or Use the following. 2.
1. Select one of the following credential retrieval methods: Validate Server Certificate or Specify Server or Certificate Name. 2. Click OK. The profile is added to the Profiles list. 3. Click the new profile at the end of the Profiles list. Use the up and down arrows to change the priority of the new profile. 4. Click Connect to connect to the selected wireless network.
are notified that you must take one of the following actions: A potential authentication problem for profile has been detected. The expiration date in the associated certificate may be invalid. Choose one of the following options: Control Description Continue with current parameters. Continue with the current certificate. Update certificate manually. The Select Certificate page opens for you to choose another certificate. Update certificate automatically based on the certificates in the local store.
15. Click Enable Radio Management Support to detect rogue access points. 16. Click OK to return to the Security Settings.
1. Select one of the following authentication methods listed next. If under Administrator Profile Type you selected Persistent (with or without selecting Pre-logon/Common), then only Use the following user name and password is available. If you only selected Pre-logon/Common, then the following three authentication methods are available. ❍ Use the Windows logon user name and password ❍ Prompt for the user name and password ❍ Use the following user name and password 2.
credentials (PACs) to establish an authenticated tunnel between a client and a server. Cisco Compatible Extensions, Version 4 (CCXv4) improves the provisioning methods for enhanced security and provides innovations for enhanced security, mobility, quality of service, and network management. Cisco Compatible Extensions, Version 3 (CCXv3) To set up a client with EAP-FAST authentication with Cisco Compatible Extensions, version 3 (CCXv3): 1. Click Profiles on the WiFi connection utility main window.
● ● ● ● ● Click Select server to open the Protected Access Credentials (PAC) list. Click Import to import a PAC that resides on this computer or a server. Select the PAC and click Open. Enter the PAC password (optional). Click OK to close this page. The selected PAC is added to PAC list. 3. Click Next to select the credential retrieval method or click OK to save the EAP-FAST settings and return to the Profiles list. The PAC is used for this wireless profile.
6. Administrator Profile Type: Select Persistent or Pre-logon/Common. (This step applies only if you are using the Administrator Tool.) 7. Click Next to open the Security Settings. 8. Click Enterprise Security. 9. Network Authentication: Select WPA-Enterprise or WPA2-Enterprise (Recommended). 10. Data Encryption: AES-CCMP is recommended. 11. Enable 802.1X: Selected. 12. Authentication Type: Select EAP-FAST to be used with this connection.
mode protects the EAP-MS-CHAP-V2 exchanges from potential Man-in-the-Middle attacks by verifying the server’s authenticity before exchanging MS-CHAP-V2. Therefore, ServerAuthenticated Mode is preferred whenever it is possible. EAP-FAST peer must use ServerAuthenticated Mode whenever a certificate or public key is available to authenticate the server and ensure the best security practices.
Step 2 of 3: EAP-FAST Additional Information If you selected Use a certificate (TLS Authentication) and Use a user certificate on this computer, click Next (no roaming identity is required) and proceed to Step 3 to configure EAP-FAST Server certificate settings. If you do not need to configure EAP-FAST server settings, click OK to save your settings and return to the Profiles page. If you selected to Use my smart card, add the roaming identity, if required.
the desired realm (for example, anonymous@myrealm) for the Roaming Identity rather than a true identity. Step 3 of 3: EAP-FAST Server Authenticated-TLS-Server Provisioning Mode is supported using a trusted CA certificate, a self-signed server certificate, or server public keys and GTC as the inner EAP method. 1. Select one of the following credential retrieval methods: Validate Server Certificate or Specify Server or Certificate Name. 2. Click OK to close the security settings.
provisioning automatically. A status message is displayed in the Wireless Event Viewer that an administrator can review on the user's computer. 1. Leave unchecked Disable EAP-FAST Enhancements (CCXv4). 2. Allow authenticated provisioning and Allow unauthenticated provisioning are both checked. 3. Default Server: None selected is the default. Click Select Server to select a PAC from the default PAC authority server. The Protected Access Credentials selection page opens.
Back to Contents Security Overview This section describes the various security methods used to help protect wireless networks. Protecting Your Wireless Network ● ● ● Authentication Encryption SSID Broadcasting Personal Security Methods ● ● ● ● Open and Shared Key authentication WEP Encryption WPA-Personal WPA2-Personal 802.1X Authentication (Enterprise Security) ● ● ● ● Overview What is RADIUS? How 802.1X Authentication Works 802.
● ● TKIP CKIP Authentication Types ● ● ● ● ● ● ● TLS TTLS PEAP LEAP EAP-SIM EAP-FAST EAP-AKA Authentication Protocols ● ● ● ● ● ● PAP CHAP MS-CHAP MS-CHAP-V2 GTC TLS Cisco Features ● ● ● ● ● ● ● Cisco LEAP Cisco Rogue Access Point Security Feature 802.11b and 802.11g Mixed Environment Protection Protocol CKIP Fast Roaming (CCKM) Mixed Cell Mode Radio Management Protecting Your Wireless Network Your wireless network, if left unprotected, is vulnerable to access from other computers.
Authentication is the process of identifying and approving a request from a client (usually a laptop) to access a network at a network access point. Once authentication is completed and access is granted, the client has access to the network. Encryption You can select encryption algorithms to encrypt the information and data that is sent across your wireless network. Only computers equipped with pre-shared keys can encrypt and decrypt the data being transmitted.
Wired Equivalent Privacy (WEP) uses encryption to help prevent unauthorized reception of wireless data. WEP uses an encryption key to encrypt data before transmitting it. Only computers that use the same encryption key can access the network and decrypt the data transmitted by other computers. WEP encryption provides for two levels of security, using a 64-bit key (sometimes referred to as 40-bit) or a 128-bit key (also known as 104-bit). For stronger security, you should use a 128-bit key.
This section describes security common used by larger companies. Overview What is Radius? How 802.1X Authentication Works 802.1X Features Overview The 802.1X authentication is independent of the 802.11 authentication process. The 802.11 standard provides a framework for various authentication and key-management protocols. There are different 802.1X authentication types and each provides a different approach to authentication, but all employ the same 802.
and authenticating access to port-based 802.11 wireless and wired Ethernet networks. Portbased network access control is similar to a switched local area network (LAN) infrastructure that authenticates devices attached to a LAN port and prevents access to that port if the authentication process fails.
❍ ❍ ❍ ❍ PEAP EAP-SIM EAP-FAST EAP-AKA Network Authentication Open See Open Authentication. Shared See Shared Authentication. WPA-Personal See WPA-Personal. WPA2-Personal See WPA2-Personal. WPA Enterprise Enterprise Mode authentication is targeted to corporate or government environments. WPA Enterprise verifies network users through a RADIUS or other authentication server. WPA uses 128-bit encryption keys and dynamic session keys to ensure your wireless network's privacy and enterprise security.
Data Encryption AES-CCMP Advanced Encryption Standard - Counter CBC-MAC Protocol. The new method for privacy protection of wireless transmissions specified in the IEEE 802.11i standard. AES-CCMP provides a stronger encryption method than TKIP. Choose AES-CCMP as the data encryption method whenever strong data protection is important. AES-CCMP is available with WPA/ WPA2 Personal/Enterprise network authentication.
security protocol called the Transport Layer Security (TLS). EAP-TLS uses certificates which use passwords. EAP-TLS authentication supports dynamic WEP key management. The TLS protocol is intended to secure and authenticate communications across a public network through data encryption. The TLS Handshake Protocol allows the server and client to provide mutual authentication and to negotiate an encryption algorithm and cryptographic keys before data is transmitted.
The USIM card is a special smart card used with cellular networks to validate a given user with the network. Authentication Protocols PAP Password Authentication Protocol is a two-way handshake protocol designed for use with PPP. Password Authentication Protocol is a plain text password used on older SLIP systems. It is not secure. Only available for TTLS Authentication Type.
network through data encryption. The TLS Handshake Protocol allows the server and client to provide mutual authentication and to negotiate an encryption algorithm and cryptographic keys before data is transmitted. Only available for PEAP authentication type. Cisco Features Cisco LEAP Cisco LEAP (Cisco Light EAP) is a server and client 802.1X authentication through a usersupplied logon password.
NOTE: CKIP is not used with WPA/WPA2 Personal/Enterprise network authentication. NOTE: CKIP is only supported through the use of the WiFi connection utility on Windows XP. Fast Roaming (CCKM) When a wireless LAN is configured for fast reconnection, a LEAP-enabled client device can roam from one access point to another without involving the main server.
used in LEAP. The EAP-FAST method is divided into two parts: provisioning and authentication. The provisioning phase involves the initial delivery of the PAC to the client. This phase only needs to be performed once per client and user.