beautypg.com

Cisco 340 User Manual

Page 45

background image

5-45

Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows

OL-1394-08

Chapter 5 Configuring the Client Adapter

Setting Network Security Parameters

Step 6

If you work in an environment with multiple domains and therefore want your Windows login domain
to be passed to the RADIUS server along with your username, check the Include Windows Logon
Domain with User Name
check box. The default setting is checked.

Note

If you chose to use a saved username and password but do not check the Include Windows
Logon Domain with User Name
check box, the Domain field becomes unavailable, and a
domain name is not passed to the RADIUS server.

Step 7

If you want to force the client adapter to disassociate after you log off so that another user cannot gain
access to the wireless network using your credentials, check the No Network Connection Unless User
Is Logged In
check box. The default setting is checked.

Step 8

In the Authentication Timeout Value field, enter the amount of time (in seconds) before an EAP-FAST
authentication attempt is considered to be failed and an error message appears.

Range: 10 to 300 seconds

Default: 90 seconds

Step 9

Perform one of the following:

If you want to enable automatic PAC provisioning, check the Allow Automatic PAC Provisioning
for This Profile
check box. A protected access credentials (PAC) file is obtained automatically as
needed (for instance, when a PAC expires, when the client adapter accesses a different server, when
the EAP-FAST username cannot be matched to a previously provisioned PAC, etc.). This is the
default setting. If you choose this option, go to

Step 11

.

If you want to enable manual PAC provisioning, uncheck the Allow Automatic PAC Provisioning
for This Profile
check box. You must choose a PAC authority or manually import a PAC file. If you
choose this option, go to

Step 10

.

Note

The Allow Automatic PAC Provisioning for This Profile option is available only if the Allow
Auto-Provisioning? option was enabled (set to Yes) during installation. If this option is not
available, you must enable manual PAC provisioning.

Note

LDAP user databases support only manual PAC provisioning while Cisco Secure ACS internal,
Cisco Secure ODBC, and Windows NT/2000/2003 domain user databases support both
automatic and manual PAC provisioning.

Note

Provisioning occurs only upon initial negotiation of the PAC or upon PAC expiration. After the
PAC is provisioned, it serves as the per-user key by which authentication transactions are
secured.