Cisco 340 User Manual
Page 59
5-59
Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-08
Chapter 5 Configuring the Client Adapter
Setting Network Security Parameters
Step 5
Make sure that the name of the certificate authority from which the server certificate was downloaded
appears in the Trusted root certificate authority (CA) field. If necessary, click the arrow on the
drop-down menu and choose the appropriate name.
Note
If you leave this field blank, you are prompted to accept a connection to the root certification
authority during the authentication process.
Step 6
Check the Connect only if server is signed by specified trusted root CA check box if you want to
ensure that the certificate server uses the trusted root certificate specified in the field above. This
prevents the client from establishing connections to rogue access points.
Step 7
Perform one of the following:
•
Check the Always try to resume secure session check box if you want the PEAP protocol to always
attempt to resume the previous session before prompting you to re-enter your credentials.
•
Uncheck the Always try to resume secure session check box if you want to be prompted to re-enter
your username and password whenever your client adapter’s radio becomes disassociated (for
example, when the card is ejected, the radio is turned off, you wander out of range of an access point,
you switch profiles, and so on).
Note
Checking this check box gives you the convenience of not having to re-enter your username and
password when your client adapter experiences momentary losses of association. The PEAP
Session Timeout setting on the Cisco Secure ACS System Configuration - Global Authentication
Setup screen controls how long the resume feature is active (that is, the amount of time during
which the PEAP session can be resumed without re-entering user credentials). If you leave your
device unattended during this timeout period, be aware that someone can resume your PEAP
session and access the network.
Step 8
Currently Generic Token Card is the only second phase EAP type available. Click Properties. The
Generic Token Card Properties screen appears (see
).
Figure 5-18 Generic Token Card Properties Screen