Cisco AIR-CB21AG-W-K9, Installation And Configuration Manual

Page 1: ... 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Cisco Aironet 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista Software Release 1 0 Customer Order Number Text Part Number OL 16534 01 ...

Page 2: ... interference stops Move the equipment to one side or the other of the television or radio Move the equipment farther away from the television or radio Plug the equipment into an outlet that is on a different circuit from the television or radio That is make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses Modifications to this pro...

Page 3: ... 2 Terminology 1 2 Hardware Components 1 3 Radio 1 3 Radio Antenna 1 3 LEDs 1 3 Software Components 1 4 Network Configurations Using Client Adapters 1 4 Ad Hoc Wireless LAN 1 4 Wireless Infrastructure with Workstations Accessing a Wired LAN 1 5 Safety information 1 6 FCC Safety Compliance Statement 1 6 Safety Guidelines 1 6 Warnings 1 7 Unpacking the Client Adapter 1 7 Package Contents 1 8 System ...

Page 4: ...t Secure Roaming 2 12 Accessing a Profile That Was Created Previously 2 12 Viewing and Changing the Settings of a Profile 2 13 Radio Measurement 2 18 Advanced Roaming Setting 2 19 C H A P T E R 3 Configuring EAP Types 3 1 Overview of EAP FAST 3 1 How EAP FAST Works 3 2 Two Phase Tunneled Authentication 3 2 Protected Access Credentials 3 3 Server Certificate Validation 3 3 Configuring EAP FAST 3 4 ...

Page 5: ...ng the Version of the PEAP GTC Module 3 30 C H A P T E R 4 Performing Administrative Tasks 4 1 Using Microsoft Tools to Perform Administrative Tasks 4 2 Overview of Group Policy Objects 4 2 Adding a Group Policy Object Editor 4 2 Creating a EAP Group Policy Object in Windows Vista 4 3 Configuring Machine Authentication for EAP FAST 4 4 Configuring Single Sign On for EAP FAST 4 5 Configuring Machin...

Page 6: ...p Users C 4 A P P E N D I X D Declarations of Conformity and Regulatory Information D 1 Manufacturer s Federal Communication Commission Declaration of Conformity Statement D 2 Department of Communications Canada D 3 Canadian Compliance Statement D 3 European Community Switzerland Norway Iceland and Liechtenstein D 3 Declaration of Conformity with Regard to the R TTE Directive 1999 5 EC D 3 Declara...

Page 7: ...lish Translation D 9 Brazil Anatel Approval D 9 AIR CB21AG W K9 D 10 AIR PI21AG W K9 D 11 A P P E N D I X E Channels Power Levels and Antenna Gains E 1 Channels E 2 IEEE 802 11a E 2 IEEE 802 11b g E 3 Maximum Power Levels and Antenna Gains E 4 IEEE 802 11a E 4 IEEE 802 11b E 4 IEEE 802 11g E 5 A P P E N D I X F Acknowledgments and Licensing F 1 A P P E N D I X G Abbreviations G 1 ...

Page 8: ...Contents viii Cisco Aironet 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 ...

Page 9: ...aining a Cisco Aironet IEEE 802 11a b g Wireless LAN Client Adapter CB21AG or PI21AG on a computer that is running the Microsoft Windows Vista operating system This person should understand Windows Vista and should be familiar with computing devices network terms and concepts Purpose This publication describes the Cisco Aironet CB21AG and PI21AG client adapters on devices that are running Windows ...

Page 10: ... that might occur when you try to operate the client adapter Appendix A EAP Messages describes EAP FAST PEAP GTC and LEAP error messages and prompts This appendix also provides guidelines for creating strong passwords Appendix B Technical Specifications provides technical specifications for the Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters Appendix C Translated Safety Warnings provi...

Page 11: ...sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista Tässä julkaisussa esiintyvien varoitusten käännökset löydät liitteestä Translated Safety Warnings käännetyt turvallisuutta koskevat varoitukset Attention Ce symbole d avertissement indique un danger Vous vous trouvez dans une situation pouvant entraîner des blessures Avant d accéder à cet équipement soyez co...

Page 12: ...innebærer samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen kan du se i vedlegget Translated Safety Warnings Oversatte sikkerhetsadvarsler Aviso Este símbolo de aviso indica perigo Encontra se numa situação que lhe poderá causar danos fisicos Antes de começar a trabalhar com qualquer equipamento fa...

Page 13: ...e installing a client adapter and instructions for installing the client adapter hardware and software The following topics are covered in this chapter Introduction to the Client Adapters page 1 2 Hardware Components page 1 3 Software Components page 1 4 Network Configurations Using Client Adapters page 1 4 Safety information page 1 6 Unpacking the Client Adapter page 1 7 System Requirements page ...

Page 14: ...ications that operate over a network can operate using the adapters This document covers the two client adapters described in Table 1 1 Terminology The following terms are used throughout this document client adapter Refers to both types of adapters PC Cardbus card or PCI card Refers to a specific adapter workstation or station Refers to a computing device with an installed client adapter infrastr...

Page 15: ...d permanently attached 0 dBi gain dual band 2 4 5 GHz diversity antenna The benefit of the diversity antenna system is improved coverage The system works by enabling the card to sample and switch between its two antenna ports in order to select the optimum port for receiving data packets As a result the card has a better chance of maintaining the radio frequency RF connection in areas of interfere...

Page 16: ...section describes and illustrates the two most common network configurations Ad hoc wireless local area network LAN Wireless infrastructure with workstations accessing a wired LAN For examples of more complex network configurations involving client adapters and access points refer to the documentation for your access point Ad Hoc Wireless LAN An ad hoc or peer to peer wireless LAN see Figure 1 1 i...

Page 17: ...rk with workstations accessing a wired LAN through several access points This configuration is useful with portable or mobile stations because it enables them to be directly connected to the wired network even while moving from one microcell domain to another This process is transparent and the connection to the file server or host is maintained without disruption The mobile station stays connecte...

Page 18: ...ied equipment When used with approved Cisco Aironet antennas Cisco Aironet products meet the uncontrolled environmental limits found in OET 65 and ANSI C95 1 1991 Proper operation of this radio device according to the instructions in this publication will result in user exposure substantially below the FCC recommended limits Safety Guidelines Do not touch or move the antenna while the unit is tran...

Page 19: ...ches 20 cm or more from the body of all persons Warning This device has been tested and complies with FCC RF Exposure SAR limits in typical laptop computer configurations and this device can be used in desktop or laptop computers with side mounted PC Card slots that can provide at least 0 394 in 1 cm separation distance from the antenna to the body of the user or a nearby person Thin laptop comput...

Page 20: ...t obtain these hotfix patches from the Microsoft site You must also contact Microsoft directly for any support that you need for these patches http support microsoft com kb 932063 http support microsoft com kb 935222 Note The client adapter software supports Windows Vista Business Enterprise and Ultimate operating systems 1 GHz 32 bit x86 or 64 bit x64 processor 1 GB of system memory 40 GB hard dr...

Page 21: ...ucture and client devices For Infrastructure Devices Because of differences in component configuration placement and physical environment every network application is a unique installation Therefore before you install any wireless infrastructure devices such as access points bridges and base stations which connect your client adapters to a wired LAN a site survey must be performed to determine the...

Page 22: ...one way into the Cardbus slot Note The PC Cardbus slot if supported is usually on the left or right side of a laptop computer depending on the model Step 2 Turn on your computer and let the operating system boot up completely Step 3 Hold the card with the Cisco label facing up and insert it into the Cardbus slot applying just enough pressure to make sure it is fully seated see Figure 1 3 The green...

Page 23: ... the following procedures in the order listed below to insert a PCI card If required change the bracket see the Changing the Bracket section on page 1 11 Insert the card see the Inserting the Card section on page 1 12 Assemble the antenna see the Assembling the Antenna section on page 1 13 Mount the antenna see the Mounting the Antenna section on page 1 14 Changing the Bracket The PCI card is ship...

Page 24: ... side of the card near the bracket see Figure 1 4 and tighten Inserting the Card Follow the steps below to insert a PCI card into your PC Step 1 Turn off the PC and all its components Step 2 Remove the computer cover Note On most Pentium PCs PCI expansion slots are white Refer to your PC documentation for slot identification Step 3 Remove the screw from the top of the CPU back panel above an empty...

Page 25: ...il its connector is firmly seated Caution Do not force the card into the expansion slot this could damage both the card and the slot If the card does not insert easily remove it and reinsert it Step 8 Reinstall the screw on the CPU back panel and replace the computer cover Assembling the Antenna Follow the steps below to assemble the PCI card s antenna Step 1 Slide the antenna through the opening ...

Page 26: ...ounting the Antenna Because the PCI card is a radio device it is susceptible to RF obstructions and common sources of interference that can reduce throughput and range Follow these guidelines to ensure the best possible performance Place the PCI card s antenna in an area where large steel structures such as shelving units bookcases and filing cabinets will not obstruct radio signals being transmit...

Page 27: ...tion the antenna so it is pointing straight up Then go to Step 7 If you want to mount the antenna to a wall go to Step 2 Step 2 Drill two holes in the wall that are 1 09 in 2 8 cm apart Figure 1 7 shows the distance between the mounting holes on the bottom of the antenna base Figure 1 7 Bottom of Antenna Base Step 3 Tap the two supplied wall anchors into the holes Step 4 Drive the two supplied scr...

Page 28: ...ting the Antenna Step 6 The antenna rotates 90 degrees from its base For optimal reception position the antenna so it is pointing straight up see Figure 1 9 Figure 1 9 Rotating the Antenna Step 7 Boot up your PC The green LED lights when the card is inserted properly Step 8 If the Found New Hardware Wizard window appears click Cancel Step 9 Go to the Installing the Client Adapter Driver and Softwa...

Page 29: ...sco com public sw center Step 5 Click Wireless Software Step 6 Click Client Adapters and Client Software Step 7 Click Cisco Aironet Wireless LAN Client Adapters Step 8 Follow one of these steps Step 9 If you are using a PC Cardbus card click Cisco Aironet 802 11a b g CardBus Wireless LAN Client Adapter CB21AG Step 10 If you are using a PCI card click Cisco Aironet 802 11a b g PCI Wireless LAN Clie...

Page 30: ... reboot Follow these steps to use to install the client software on a device that is running Windows Vista Step 1 Double click WinClient 802 11a b g Vista Ins Wizard vxx exe A window appears that asks you if you want to run the softward file Step 2 Click Run The Cisco Aironet Installation Program InstallShield window appears see Figure 1 10 Figure 1 10 Cisco Aironet Installation Program Installati...

Page 31: ...ver and Software Figure 1 11 Cisco Aironet Installation Program Window Step 4 Click Next A Cisco Aironet Installation Program dialog box that includes a message about driver and hardware installation appears see Figure 1 12 Figure 1 12 Cisco Aironet Installation Program Dialog Box Driver Installation and Hardware Insertion Step 5 Click OK The Cisco Aironet Installation Program Setup Status window ...

Page 32: ...nstallation Program Setup Status Window Step 6 Allow the software installation to finish A Windows Security dialog box might appear see Figure 1 14 Figure 1 14 Windows Security Windows can t verify the publisher of this driver software Dialog Box Step 7 If this dialog box appears double click Install this driver software anyway After the driver installation finishes the Cisco Aironet Installation ...

Page 33: ... PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Chapter 1 Product Overview and Installation Installing the Client Adapter Driver and Software Figure 1 15 Cisco Aironet Installation Program InstallShield Wizard Complete Window Step 8 Click Finish ...

Page 34: ... 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Chapter 1 Product Overview and Installation Installing the Client Adapter Driver and Software ...

Page 35: ...e Microsoft Vista Network and Sharing Center to create and manage profiles for your client adapter The following topics are covered in this chapter Overview of Wireless Profiles page 2 2 Accessing Microsoft Vista Network and Sharing Center page 2 2 Creating a New Profile and Configuring Basic Settings page 2 3 Accessing a Profile That Was Created Previously page 2 12 Viewing and Changing the Setti...

Page 36: ...s networks in different locations For example you might want to create and manage profiles that allow you to use your client adapter at the office at home and in public areas such as airport terminals After the profiles are created you can switch between them without having to configure your client adapter each time you move to a new location Accessing Microsoft Vista Network and Sharing Center To...

Page 37: ...Set up a connection or network in the Tasks area Note You can also access the Network and Sharing Center by choosing Start Control Panel Network and Sharing Center Creating a New Profile and Configuring Basic Settings To create a wireless profile follow these steps Step 1 Open the Network and Sharing Center window see the Accessing Microsoft Vista Network and Sharing Center section on page 2 2 Ste...

Page 38: ... the Choose a wireless adapter drop down list choose the option for the Cisco Aironet 802 11a b g Wireless Adapter see Figure 2 4 Note Client adapters might not be easy to identify in the Choose a wireless adapter drop down list because the adapters might be generically named for example Wireless Network Connection or Wireless Network Connection 2 If you have multiple client adapters on your devic...

Page 39: ...de for Windows Vista OL 16534 01 Chapter 2 Configuring Wireless Profiles Creating a New Profile and Configuring Basic Settings Figure 2 4 Manually connect to a wireless network Dialog Box Choose a wireless adapter Step 6 Click Next Another Manually connect to a wireless network dialog box appears see Figure 2 5 ...

Page 40: ...ating a New Profile and Configuring Basic Settings Figure 2 5 Manually connect to a wireless network Dialog Box Enter information for the wireless network you want to add Step 7 In this dialog box enter information for the wireless network that you want to add Table 2 1 lists and describes general settings for the profile Follow the instructions in the table to configure these settings ...

Page 41: ...authentication Open Open system authentication with no encryption WEP also called Shared Open system authentication with Wired Equivalent Privacy WEP WPA2 Personal Wi Fi Protected Access 2 WPA2 authentication with a preshared key designed for networks without a RADIUS infrastructure WPA Personal WPA with a preshared key designed for networks without a RADIUS infrastructure WPA2 Enterprise 802 1X a...

Page 42: ...section on page 2 10 Default The default that appear in the Encryption type drop down list is determined by what you selected in the Security type drop down list Security Key Passphrase If you choose No authentication Open a Security Key Passphrase is not necessary If you choose the WEP security type enter the WEP key If you choose the WPA2 Personal security type enter the WPA2 preshared key If yo...

Page 43: ...tings See the Viewing and Changing the Settings of a Profile section on page 2 13 for more information Start this connection automatically Check this check box if you want the device to connect automatically whenever the wireless network is in range If you do not check this check box you must manually connect to this wireless network from the Connect to a network dialog box which you can access th...

Page 44: ...r You do not need to re enter the static WEP key each time the client adapter is inserted or the Windows device is rebooted because the key is stored in an encrypted format for security reasons in the Windows profile store You can obtain a static WEP key from your network administrator Note WEP encryption is not considered safe enough for today s wireless networks We do not recommend that you use ...

Page 45: ...ose WPA2 Enterprise as your security type your encryption type is TKIP or AES WPA Enterprise WPA Enterprise also uses 802 1X authentication and is designed for medium and large infrastructure mode networks See chapter for more information about supported EAP methods When you choose WPA Enterprise as you security type your encryption type is TKIP or AES 802 1X with Dynamic WEP Keys The standard for...

Page 46: ...g EAP enabled clients securely roam from one access point to another without the need to reauthenticate with the RADIUS server Using Cisco Centralized Key Management CCKM an access point that is configured for wireless domain services WDS uses a fast rekeying technique that enables Cisco client devices to roam from one access point to another typically in under 150 milliseconds ms CCKM fast secure...

Page 47: ...click the profile that contains the settings that you want to change A Wireless Network properties dialog box appears see Figure 2 8 See the Viewing and Changing the Settings of a Profile section on page 2 13 for information about modifying the profile that you have selected Viewing and Changing the Settings of a Profile To access a profile whose settings you want to view or change follow the proc...

Page 48: ...8 view the wireless network s Name SSID service set identifier Network Type for example Access point for an infrastructure mode network and the Network Availability specifies the availability for types of users You cannot change these settings in this dialog box Figure 2 8 Wireless Network properties Dialog Box Connection Tab Step 2 In the Connection tab check or uncheck the check boxes that are a...

Page 49: ...ferred network if available Check this check box to connect to a wireless network that you prefer more than the wireless network specified in this profile To designate the order in which your profiles connect when more than one network is available Choose Control Panel Manage Wireless Networks You can order your wireless profiles in this window Connect even if the network is not broadcasting Check...

Page 50: ...pter 2 Configuring Wireless Profiles Viewing and Changing the Settings of a Profile Figure 2 9 Wireless Network properties Dialog Box Security Tab Step 4 In this dialog box configure security settings that are available for this profile Table 2 3 lists and describes security settings Follow the instructions in the table to configure these settings ...

Page 51: ... choose From the Encryption type drop down list choose an available method The choices are the following If you choose No authentication Open your encryption choice is None or WEP If you choose Shared your only encryption choice is WEP If you choose WPA2 Personal you can choose AES or TKIP If you choose WPA Personal you can choose AES or TKIP If you choose WPA2 Enterprise you can choose AES TKIP A...

Page 52: ...at the network infrastructure sends Choose a network authentication method From the Choose a network authentication method drop down list choose an authentication method The choices are the following Smart Card or other certificate Protected EAP PEAP LEAP PEAP GTC EAP FAST Note Smart Card and Protected EAP PEAP are provided by Microsoft These methods were not tested by Cisco on the CB21AG or the P...

Page 53: ...n with the current access point This roaming policy prioritizes connection to the current AP rather than performance This policy is best suited for environments in which only one access point is present Low Roaming aggressiveness is low The client maintains connection with the current access point until its RSSI and transmit rate drop to values where performance is heavily degraded This policy is ...

Page 54: ...net 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Chapter 2 Configuring Wireless Profiles Viewing and Changing the Settings of a Profile ...

Page 55: ...ommunication between a client and an authentication server by using Transport Layer Security TLS to establish a mutually authenticated tunnel Within the tunnel data in the form of type length and value TLV objects are used to send further authentication related data between the client and the authentication server EAP FAST supports the TLS extension as defined in RFC 4507 to support the fast re es...

Page 56: ...cation authorization and accounting is also becoming more complex For example there are instances in which multiple existing authentication protocols are required to achieve mutual authentication Also different protected conversations might be required to achieve the proper authorization when a client has successfully authenticated Minimize authentication server requirements for per user authentic...

Page 57: ...client wants to obtain access to network resources Called the PAC Opaque this component is a variable length field that is sent to the authentication server during tunnel establishment The EAP server interprets the PAC Opaque to obtain the required information to validate the client s identity and authentication The PAC Opaque includes the PAC Key and may contain the PAC s client identity The PAC ...

Page 58: ...ings in the Connection Tab page 3 5 Configuring EAP FAST Settings in the User Credentials Tab page 3 10 Configuring EAP FAST Settings in the Authentication Tab page 3 13 Finding the Version of the EAP FAST Module page 3 16 Accessing EAP FAST Properties for Configuration To access the EAP FAST Properties window perform the following steps Step 1 Click the Start button on the lower left corner of th...

Page 59: ...nection Tab section on page 3 5 the Configuring EAP FAST Settings in the User Credentials Tab section on page 3 10 and the Configuring EAP FAST Settings in the Authentication Tab section on page 3 13 For information about finding the version of the module on the device see the Finding the Version of the EAP FAST Module section on page 3 16 Configuring EAP FAST Settings in the Connection Tab The EA...

Page 60: ... Window Table 3 2 lists and describes all connection settings Table 3 1 Connection Settings Connection Settings Description Use anonymous outer identity Check this box to enable identity privacy protection Default On Outer identity field Enter an outer identity if the Use anonymous outer identity check box is checked Follow an administrator s instructions or follow RFC 4282 for guidelines about wh...

Page 61: ... On Allow automatic PAC provisioning Check this box to enable the automatic retrieval of a PAC during EAP FAST authentication Automatic PAC provisioning enables the automatic retrieval of a PAC during EAP FAST authentication Automatic PAC provisioning uses TLS with a Diffie Hellman Key Agreement protocol to establish a secure tunnel In addition MSCHAPv2 is used to authenticate the client and for e...

Page 62: ...semicolons The EAP FAST module only allows connections to continue without prompting if the subject field CN in the server certificate matches the server names that you enter in this field Default Off Note You can use an asterisk as a wildcard character in server names only if the asterisk appears before the first period in the name domain com format For example cisco com matches any server name t...

Page 63: ...nds the certificate through the EAP TLS inner method The EAP FAST module administrator can configure the EAP FAST module XML schema to send the user certificate without using these security measures Usernames and Passwords If a username and password are used the user provide one of the following types of username and password Windows username and password The Windows username and password are used...

Page 64: ... OL 16534 01 Chapter 3 Configuring EAP Types Configuring EAP FAST Configuring EAP FAST Settings in the User Credentials Tab The user can configure user credentials from the User Credentials tab see Figure 3 3 Figure 3 3 User Credentials Tab in EAP FAST Properties Window Table 3 2 lists and describes all options for user credentials ...

Page 65: ...ly for username and password Click this radio button to require the user to enter a separate EAP FAST username and password in addition to a Windows username and password with every authentication attempt This options supports non Windows passwords such as LDAP Default Off Use saved username and password Click this radio button so that the user is not required to enter an EAP FAST username and pas...

Page 66: ...prompt window that includes the text message from the server see Figure 3 4 The backend server might prompt the user twice to confirm the new PIN that the user entered Figure 3 4 New PIN Prompt Window Next Token mode for OTP is also supported If the next token is needed the backend server sends a text message for example Enter Next PASSCODE to indicate that the next token is needed The EAP FAST mo...

Page 67: ...dule The EAP GTC module is not registered with the EAPHost framework it is not available to other applications A modified version of the EAP MSCHAPv2 module is also bundled with the EAP FAST module This modified version is used in anonymous TLS provisioning mode to support the modification of EAP MSCHAPv2 challenges This same module also supports user authentication in authentication mode without ...

Page 68: ...figuration Guide for Windows Vista OL 16534 01 Chapter 3 Configuring EAP Types Configuring EAP FAST You can choose settings for authentication in the Authentication tab see Figure 3 6 Figure 3 6 Authentication Tab in EAP FAST Properties Window Table 3 3 lists and describes options for authentication ...

Page 69: ... value to allow all methods is unsupported by Cisco or Microsoft and is not recommended This configuration is used as is Cisco makes no guarantee that there will not be adverse performance to the system if unsupported methods are used Unsupported methods should never be used in a production environment Configure Click the Configure button to configure EAP TLS options This option is available only ...

Page 70: ...Follow these steps to learn the current version of the EAP FAST module on the device Step 1 Access the EAP FAST Properties window The procedure for accessing this window is detailed in the Accessing EAP FAST Properties for Configuration section on page 3 4 Step 2 Click the About tab see Figure 3 7 The version number copyright information and open source software information are in this tab Figure ...

Page 71: ... EAPOL specifies a method for encapsulating EAP packets in Ethernet packets so that they can be transmitted over a LAN Encryption and Key Exchange The 802 11 specification allows for data traffic between the client and access point to be encrypted using an encryption key As a result of key exchange through WPA WPA2 CCKM or WEP the client and the network access device derive the same pair of keys o...

Page 72: ...sponse This packet also contains a Cisco vendor specific attribute that informs the access point of the value of the encryption key The client verifies the challenge response If the response is invalid client disassociates and attempts to find another access point 802 11 supports the use of up to four encryption keys for the traffic between a client and its access point The access point uses one o...

Page 73: ...onfigure settings for LEAP Configuring LEAP Settings in the Network Credentials Tab The user provides one of the following types of network credentials Windows username and password The Windows username and password are used as network access credentials The user is not prompted to enter a username and password if this option is selected Prompted user credentials The user is prompted during authen...

Page 74: ...successful authentication are saved automatically in the configuration The user does not have to return to the configuration screen to change the old saved credentials You can configure LEAP network credentials settings from the Network Credentials tab see Figure 3 9 Figure 3 9 Network Credentials Tab in LEAP Properties Window Table 3 4 lists and describes LEAP network credentials settings Table 3...

Page 75: ...ng the Version of the LEAP Module The LEAP module version number copyright information and open source software information are in About tab see Figure 3 9 Overview of PEAP GTC Extensible Authentication Protocol EAP provides support for multiple authentication methods While EAP was originally created for use with PPP it has since been adopted for use with IEEE 802 1X which is Network Port Authenti...

Page 76: ...EAP method running within it Packet fragmentation and reassembly Because EAP does not include support for fragmentation and reassembly individual EAP methods need to include this capability By including support for fragmentation and reassembly within PEAP methods leveraging PEAP do not need to support fragmentation and reassembly on their own Acknowledged success or failure indications By sending ...

Page 77: ...onfiguring PEAP GTC Settings in the Connection Tab page 3 25 Configuring PEAP GTC Settings in the User Credentials Tab page 3 27 Accessing PEAP GTC Properties for Configuration To access the PEAP GTC Properties window perform the following steps Step 1 Click the Start button on the lower left corner of the desktop Step 2 From the right pane right click Network Step 3 Select Properties Step 4 From ...

Page 78: ...ide for Windows Vista OL 16534 01 Chapter 3 Configuring EAP Types Configuring PEAP GTC Figure 3 10 Wireless Network Properties Window Step 7 Select PEAP GTC or LEAP from the Choose a network authentication method drop down list Step 8 Click the Settings button You are now ready to configure settings for PEAP GTC ...

Page 79: ...onfiguration Guide for Windows Vista OL 16534 01 Chapter 3 Configuring EAP Types Configuring PEAP GTC Configuring PEAP GTC Settings in the Connection Tab You can configure connection settings from the PEAP GTC Connection tab see Figure 3 11 Figure 3 11 Connection Tab in PEAP GTC Properties Window ...

Page 80: ...cked you must select one or more Trusted Root CA certificates from the list of trusted Certificate Authority certificates that are installed on the host system If the Validate server certificate box is checked but the Do not prompt user to authorize new servers or trusted certificate authorities box is not checked the list can be empty and the user is prompted to validate the certificate If authen...

Page 81: ...r does not have to return to the configuration screen to change the old saved credentials Trusted Root Certificate Authority CA Select one of more Trusted Root CA certificates from the list of certificates that are installed on the system Only trusted CA certificates that are installed on the host system are displayed in the drop down list so you must make sure that the desired trusted root CA cer...

Page 82: ...time password Click this radio button to use a one time password OTP In this mode credentials are never cached Each time the server asks for credentials the user is prompted to supply credentials For more information about OTP see the Understanding PIN Mode and Token Mode with OTP section on page 3 12 Default Off Use Windows username and password Click this radio button to use the Windows username...

Page 83: ...red with a RADIUS server in addition to a Windows username and password with every authentication attempt This option supports non Windows passwords such as LDAP Default Off Use saved username and password Click this radio button so that the user is not required to enter a PEAP GTC username and password with each Windows login Authentication occurs automatically as needed using a saved username an...

Page 84: ...e user must get the next token from the OTP device or from the software and enter it in the prompt field Figure 3 14 Next Token Prompt Window Understanding PEAP GTC Authentication The PEAP GTC module prompts the user for a username and password or PIN for OTP if the supplicant is configured to prompt for credentials during Windows logon or after the user is notified of an authentication error or f...

Page 85: ...osoft administrative tools to distribute wireless profiles to users and computers in an Active Directory environment This chapter also provides the XML schemas for EAP FAST LEAP and PEAP GTC The following topics are covered in this chapter Using Microsoft Tools to Perform Administrative Tasks page 4 2 The EAP FAST XML Schema page 4 6 The PEAP GTC XML Schema page 4 17 The LEAP XML Schema page 4 23 ...

Page 86: ...service environment Group Policy settings are contained in Group Policy objects GPOs GPOs exist in a domain and can be linked to the following Active Directory containers sites domains or organizational units OUs For more information about GPOs and the GPO Editor refer to the Microsoft Windows Server TechCenter at this URL http technet2 microsoft com windowsserver en technologies featured gp faq m...

Page 87: ...fault Domain Policy pane select Windows Settings Security Settings Wireless Network Policies Step 2 Right click Wireless Network Policies and select Create a New Policy Step 3 Set your wireless network properties such as SSID encryption and authentication method Step 4 Select the EAP method Step 5 Open properties for the desired EAP modules and configure the settings EAP FAST In the Advanced Secur...

Page 88: ...AP FAST You can enable machine authentication from the Advanced Security screen when you create a Group Policy Object The EAPHost notifies the EAP FAST module that the current authentication is a machine authentication Machine authentication is achieved by using one of the following a machine PAC a machine certificate a machine password The EAP FAST module attempts to fetch the machine PAC first I...

Page 89: ...AP GTC The PEAP GTC module supports machine authentication only via the machine password The PEAP GTC module gets the machine password from Windows through Microsoft s Local Security Authority LSA API The user is not prompted for the password Machine authentication is enabled and configured on the supplicant Configuring Single Sign On for PEAP GTC and LEAP For both the PEAP GTC module and the LEAP...

Page 90: ...All rights reserved xs schema xmlns xs http www w3 org 2001 XMLSchema xmlns http www cisco com CCX targetNamespace http www cisco com CCX elementFormDefault qualified attributeFormDefault unqualified xs element name eapFast type EapFast xs complexType name EapFast xs complexContent xs extension base TunnelMethods xs sequence xs choice xs element name usePac xs complexType xs sequence xs element na...

Page 91: ...erIdFromUnauthProv type xs boolean default true xs annotation xs documentation If true then when the client is about to do unauthenticated provisioning the user will be prompted to allow or disallow the unauthenticated provisioning xs documentation xs annotation xs element xs element name unauthProvAllowedTilPacReceived type xs boolean default false xs annotation xs documentation if true then unau...

Page 92: ...teWithPassword xs complexType xs sequence xs element name protectedIdentityPattern type IdentityPattern minOccurs 0 xs annotation xs documentation Format rules same as for unprotectedIdentityPattern Typical pattern username domain or if password source is this profile then the pattern would be the actual string to send as the username xs documentation xs annotation xs element xs element name passw...

Page 93: ...kenSource type TokenSource xs element name methods xs complexType xs all xs element name eapGtc type Empty xs all xs complexType xs element xs sequence xs complexType xs element xs element name authenticateWithCertificate xs complexType xs sequence xs element name protectedIdentityPattern type IdentityPattern minOccurs 0 xs annotation xs documentation Format rules same as for unprotectedIdentityPa...

Page 94: ... choice xs complexType xs element xs element name extendedInnerMethods type ExtendedInnerEapMethod maxOccurs unbounded xs choice xs complexType xs element xs sequence xs extension xs complexContent xs complexType xs complexType name IdentityPattern xs simpleContent xs extension base NonEmptyString xs attribute name encryptContent type xs boolean use optional default true xs annotation xs documenta...

Page 95: ...ent xs documentation xs annotation xs attribute xs extension xs simpleContent xs complexType xs complexType name PasswordSource xs choice xs element name passwordFromLogon type Empty xs element name passwordFromUser type Empty xs element name passwordFromProfile type PasswordFromProfile xs choice xs complexType xs complexType name TokenSource xs choice xs element name passwordFromOtherToken type E...

Page 96: ...ientCertificate xs annotation xs documentation The client user certificate to use during authentication is indicated here xs documentation xs annotation xs element xs choice xs complexType xs complexType name ExtendedInnerEapMethod xs sequence xs element name methodName type xs string xs element name methodEapId type xs unsignedInt xs element name vendorId type xs integer default 0 xs element name...

Page 97: ...eled methods or username domain for non tunneled methods If the credential source is this profile then the pattern would be the actual string to send as the username no placeholders xs documentation xs annotation xs element xs choice xs element name enableFastReconnect xs complexType xs complexContent xs extension base Empty xs choice xs element name alwaysAttempt type Empty xs choice xs extension...

Page 98: ...ne OS managed store in windows xs documentation xs annotation xs extension base NonEmptyString xs attribute name reference type xs boolean xs annotation xs documentation true means the element value is a file reference to a certificate in PEM format the post process tool will retrieve the certificate file convert to a hash populate the certificateId element and set the reference to false to indica...

Page 99: ...erver validations rules to start with and when a user validates an untrusted server the validation process still validates the server name xs documentation xs annotation xs element name matchSubjectAlternativeName type ServerRuleFormat xs annotation xs documentation DNSName typically takes the form of a Fully Qualified Domain Name FQDN xs documentation xs annotation xs element xs element name matc...

Page 100: ...bal CA cert store xs documentation xs annotation xs element xs choice xs element name userValidatesUntrustedServerCertificate type xs boolean xs annotation xs documentation if the server certificate fails to validate then if this is true the end user will be asked to validate the server If they do so then appropriate trustedCaCerts will be remembered as well as the server name fields so it will be...

Page 101: ...ement xs choice xs complexType xs schema The PEAP GTC XML Schema The PEAP GTC module stores all settings in the Native EAP method section of the network profile as XML by using the following schema xml version 1 0 xs schema xmlns xs http www w3 org 2001 XMLSchema xmlns http www cisco com CCX targetNamespace http www cisco com CCX elementFormDefault qualified attributeFormDefault unqualified xs ele...

Page 102: ...ource xs element name methods xs complexType xs all xs element name eapGtc type Empty minOccurs 0 xs all xs complexType xs element xs sequence xs complexType xs element xs element name authenticateWithToken xs complexType xs sequence xs element name protectedIdentityPattern type IdentityPattern minOccurs 0 xs element name tokenSource type TokenSource xs element name methods xs complexType xs all x...

Page 103: ...an XML Security envelope xs documentation xs annotation xs attribute xs extension xs simpleContent xs complexType xs complexType name PasswordFromProfile xs simpleContent xs extension base xs string xs attribute name encryptContent type xs boolean use optional default true xs annotation xs documentation this is defaulted to true as an indication to the post process tool that it should encrypt this...

Page 104: ...s choice xs element name unprotectedIdentityPattern type IdentityPattern minOccurs 0 xs annotation xs documentation If the username and or domain placeholders are used in the pattern then if a client certificate is used for authentication then placeholder s values shall be obtained from the CN field of the client certificate if the credentials are obtained from the end user then they shall be obta...

Page 105: ...ies a certificate in the global list of trusted CAs for the machine OS managed store in windows xs documentation xs annotation xs extension base NonEmptyString xs attribute name reference type xs boolean xs annotation xs documentation true means this is a file reference to a certificate in PEM format false means this is the SHA1 hash over that certificate This is so the admin does not need to find...

Page 106: ...ntation This is optional so that the Vista product may allow a profile that has no server validations rules to start with and when a user validates an untrusted server the validation process still validates the server name xs documentation xs annotation xs element name matchSubjectAlternativeName type ServerRuleFormat xs element name matchSubject type ServerRuleFormat xs choice xs complexType xs c...

Page 107: ...s element name userValidatesUntrustedServerCertificate type xs boolean xs annotation xs documentation if the server certificate fails to validate then if this is true the end user will be asked to validate the server If they do so then appropriate trustedCaCerts will be remembered as well as the server name fields so it will be automatically trusted in the future xs documentation xs annotation xs ...

Page 108: ...documentation this is defaulted to true as an indication to the post process tool that it should encrypt this element if the element is not already encrypted within an XML Security envelope xs documentation xs annotation xs attribute xs extension xs simpleContent xs complexType xs complexType name PasswordFromProfile xs simpleContent xs extension base xs string xs attribute name encryptContent typ...

Page 109: ...t name passwordFromUser type Empty xs element name passwordFromProfile type PasswordFromProfile xs choice xs complexType xs complexType name PasswordMethods xs sequence xs element name unprotectedIdentityPattern type IdentityPattern minOccurs 0 xs element name passwordSource type PasswordSource xs sequence xs complexType xs complexType name Empty xs simpleType name NonEmptyString xs restriction ba...

Page 110: ... contain information about logging Configuring and Starting Logging page 4 26 Disabling Logging and Flushing Internal Buffers page 4 27 Locating Log Files page 4 28 Configuring and Starting Logging To access the administrator command prompt and to configure and start logging perform the following steps Step 1 Choose Start All Programs Accessories Step 2 Right click Command Prompt and select Run as...

Page 111: ...logging and flushes all internal buffers For EAP FAST wevtutil sl Cisco EAP FAST Debug e false For PEAP GTC wevtutil sl Cisco EAP PEAP Debug e false For LEAP wevtutil sl Cisco EAP LEAP Debug e false Note You must enter this command before you can analyze the etl file category_mask Bitmask of categories of logging to be turned on Valid values are as follows 0 logs all categories 1 logs all messages...

Page 112: ...util sl Cisco EAP FAST Debug lfn path_to_etl_log_file For PEAP GTC wevtutil sl Cisco EAP PEAP Debug lfn path_to_etl_log_file For LEAP wevtutil sl Cisco EAP LEAP Debug lfn path_to_etl_log_file Note Logging must not be running when you enter the command to change the path to the log file You can also change the path to the etl file when you start logging To start logging and specify the location of ...

Page 113: ...tallation and Configuration Guide for Windows Vista OL 16534 01 5 Routine Procedures This chapter provides procedures for common tasks related to the client adapter The following topics are covered in this chapter Removing a Client Adapter page 5 2 Upgrading the Client Adapter Software page 5 3 ...

Page 114: ...nection to the network should be re established Note If you need to remove your PC Cardbus card but do not want to shut down your computer double click the Safely Remove Hardware icon in the Windows system tray choose the Cisco Aironet client adapter you want to remove under hardware devices click Stop and click OK to close each open window Then pull the card directly out of the card slot Removing...

Page 115: ...re release For instructions on obtaining software from Cisco com see the Obtaining Client Adapter Software section of Chapter 1 Product Overview and Installation Step 2 Double click the software WinClient 802 11a b g Vista Ins Wizard vxx exe file that you have saved on the device on which the client adapter is inserted A window appears that asks you if you want to run the software file Step 3 Clic...

Page 116: ...llation Program Previous installation detected Window Step 5 Click Update the previous installation Note If you click Uninstall the previous installation a dialog box asks you to confirm the complete removal of the previous installation If you remove the previous installation instead of updating it you remove all configured wireless profiles Step 6 Click Next The Cisco Aironet Installation Program...

Page 117: ...ista OL 16534 01 Chapter 5 Routine Procedures Upgrading the Client Adapter Software Figure 5 3 Cisco Aironet Installation Program Setup Status Window Step 7 Allow the software installation to finish After the installation finishes the Cisco Aironet Installation Program InstallShield Wizard Complete window appears see Figure 5 4 ...

Page 118: ...rs CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Chapter 5 Routine Procedures Upgrading the Client Adapter Software Figure 5 4 Cisco Aironet Installation Program InstallShield Wizard Complete Window Step 8 Click Finish ...

Page 119: ...for Windows Vista OL 16534 01 6 Troubleshooting and Diagnostics This chapter provides information about diagnosing problems that might occur when you try to operate the client adapter The following topics are covered in this chapter Troubleshooting with Cisco Aironet Client Diagnostics page 6 2 Enabling Client Reporting page 6 6 ...

Page 120: ...mode the client adapter and the infrastructure device proceed through a defined set of tests The results of these tests can assist in isolating conditions that require troubleshooting Cisco Aironet Client Diagnostics can only be started manually To start this mode follow these steps Step 1 Verify that the client adapter radio is enabled If the radio is not enabled enable it Step 2 Choose Start Con...

Page 121: ...g with Cisco Aironet Client Diagnostics Figure 6 2 Cisco Aironet Client Diagnostics Dialog Box Step 4 In the Cisco Aironet Client Diagnostics dialog box choose Cisco Aironet 80 211a b g Wireless Adapter in the Adapter field see Figure 6 3 Figure 6 3 Cisco Aironet Client Diagnostics Dialog Box Choose Adapter Step 5 Choose the profile for diagnostics testing in the Network Profile filed see Figure 6...

Page 122: ...net Client Diagnostics Figure 6 4 Cisco Aironet Client Diagnostics Dialog Box Choose Network Profile Step 6 Click Start to run the diagnostics If testing does not begin immediately a message appears to explain the delay see Figure 6 5 Figure 6 5 Cisco Aironet Client Diagnostics Dialog Box Testing Delay Step 7 Monitor the status of diagnostics testing in the Cisco Aironet Client Diagnostics Test Wi...

Page 123: ...e Close button an Aironet Desktop Utility window appears to confirm that you want to stop running in DC mode see Figure 6 7 Figure 6 7 Aironet Desktop Utility Stop Running Diagnostics Click the Yes button to disconnect or click the No button to continue Step 8 When diagnostic testing is complete you can click the Save To File button to save the test results Clicking this button generates a text fi...

Page 124: ...low these steps Step 1 With the Microsoft Group Policy Object Editor locate the XML portion of the profile that is related to client reporting Here is a sample CCX profile section that shows the XML element for client reporting Diagnostics AuthorizedProfile true AuthorizedProfile Channel EnableClientReporting true EnableClientReporting Channel Diagnostics Step 2 For the EnableClientReporting XML e...

Page 125: ...ommended Action Click Yes to provision a new PAC for this server using your existing credentials or click No to cancel the operation If you click No the client adapter will fail the authentication Caution To prevent possible attacks from rogue access points do not reprovision a PAC unless it is necessary Error Message While attempting to provision your PAC during auto provisioning the network acce...

Page 126: ...perform one of the following Re enter your username If you entered your username correctly go to the Connection tab of the EAP FAST Properties screen either to enable automatic PAC provisioning or to import a PAC file Error Message The EAP FAST authentication attempt failed because you entered the wrong username and password Please re enter your username and password Recommended Action Click OK Th...

Page 127: ...g However a matching PAC has been found in your PAC database Would you like to use this matching credential authority and save it to the profile Recommended Action Click Yes to use the matching PAC and to update the profile with this new PAC or click No to cancel the operation and to leave the profile as it is If you click No the client adapter will be unable to authenticate using the existing pro...

Page 128: ...er name s Do you want to accept this connection Warning Connecting to an unsecured server might compromise your security Recommended Action If you want the client adapter to connect to this server even though doing so might present a security risk click Yes Otherwise click No Error Message Your password has expired Please enter a new password Recommended Action Enter a new password to change the e...

Page 129: ...ord you entered to import the PAC file is incorrect Please try again Recommended Action Try entering your password again Error Message The PAC file import operation has been aborted because of three or more attempts of incorrect passwords Recommended Action Press OK to continue Error Message An internal error occurred Recommended Action An internal error occurred when the PAC was being imported Tr...

Page 130: ...mmended Action Select at least one trusted CA or allow the user to authorize new trusted CAs Error Message You entered an empty username which is not allowed Recommended Action Enter a username Error Message You entered different values in the Password field and the Confirm password field The passwords must be identical Recommended Action Re enter your password in both fields Error Message You ent...

Page 131: ... a security risk click Yes Otherwise click No Error Message You have connected to a server with the following server name server name The server certificate is signed by the following Root Certification Authority CA ca name This Root CA does not match the specified trusted Root CA s Do you want to accept this connection Warning You might compromise your security if you connect to an unsecured serv...

Page 132: ...etwork There is a problem with the certificate on the server required for authentication Recommended Action Contact your network administrator for further assistance Error Message Windows cannot connect to network name Wireless authentication failed Recommended Action Contact your network administrator for assistance with the specified network Error Message The authentication failed because of unk...

Page 133: ...acters e g a z A Z Contain numerals and punctuation as well as letters e g 0 9 _ Are at least five alphanumeric characters long Are not a word in any language Are not slang dialect or jargon Are not based on personal information such as the names of family members Characteristics of Weak Passwords A weak password has the following characteristics Contains fewer than eight characters Is a word foun...

Page 134: ...assword Security Basics Follow these basic guidelines when dealing with passwords Never reveal a password even to family members Never talk about a password in front of others Never hint at the format of a password such as my family name Never use characters from outside the standard ASCII character set Some symbols such the pound sterling symbol are known to cause login problems on some systems ...

Page 135: ... N D I X B Technical Specifications This appendix provides technical specifications for the Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters The following topics are covered in this appendix Physical Specifications page B 2 Radio Specifications page B 3 Power Specifications page B 6 Safety and Regulatory Compliance Specifications page B 6 ...

Page 136: ... 8 in H 12 cm L x 1 8 cm W x 12 1 cm H Low profile PCI card 4 7 in L x 0 7 in W x 3 1 in H 12 cm L x 1 8 cm W x 7 9 cm H Weight PC Cardbus card 1 55 oz 44 g PCI card Standard PCI card with antenna 3 6 oz 103 g Standard PCI card without antenna 1 9 oz 55 g Low profile PCI card with antenna 3 5 oz 98 g Low profile PCI card without antenna 1 7 oz 49 g Enclosure PC Cardbus card Type II Cardbus PCI car...

Page 137: ...Bm 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps 10 mW 10 dBm 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps Note The maximum power setting varies according to individual country regulations Operating frequency 802 11a 5 15 to 5 25 GHz in the UNII 1 band 5 25 to 5 35 GHz in the UNII 2 band 5 470 to 5 725 GHz in the European band 5 725 to 5 825 GHz in the UNII 3 band Depending on the regulatory domain in which the ...

Page 138: ...and 12 Mbps 85 dBm 18 Mbps 82 dBm 24 Mbps 79 dBm 36 Mbps 74 dBm 48 Mbps 72 dBm 54 Mbps 5470 to 5725 MHz 87 dBm 6 9 12 and 18 Mbps 82 dBm 24 Mbps 79 dBm 36 Mbps 74 dBm 48 Mbps 72 dBm 54 Mbps 5725 to 5805 MHz 84 dBm 6 9 and 12 Mbps 83 dBm 18 Mbps 82 dBm 24 Mbps 79 dBm 36 Mbps 72 dBm 48 Mbps 65 dBm 54 Mbps 802 11b g 94 dBm 1 Mbps 93 dBm 2 Mbps 92 dBm 5 5 Mbps 90 dBm 11 Mbps 86 dBm 6 9 12 and 18 Mbps ...

Page 139: ...re likely when using the client adapter with a different access point or a Cisco Aironet 1200 Series Access Point with a different antenna 802 11b g Indoor typical Outdoor typical 410 ft 125 m 1 Mbps 700 ft 213 m 1 Mbps 300 ft 91 m 6 Mbps 650 ft 198 m 6 Mbps 220 ft 67 m 11 Mbps 490 ft 149 m 11 Mbps 180 ft 55 m 18 Mbps 400 ft 122 m 18 Mbps 90 ft 27 m 54 Mbps 110 ft 34 m 54 Mbps Note The above range...

Page 140: ... and Regulatory Compliance Specifications Safety Designed to meet UL 60950 CSA 22 2 No 60950 IEC 60950 Second Ed including Amendments 1 4 with all national deviations EN 60950 Second Ed including Amendments 1 4 EMI and susceptibility FCC Part 15 107 15 109 Class B ICES 003 Class B Canada VCCI Japan EN 301 489 1 and EN 301 489 17 Europe Radio approvals FCC Part 15 247 FCC Part 15 401 15 407 Canada ...

Page 141: ...Warnings This appendix provides translations of the safety warnings that appear in this publication The second warning pertains to the PI21AG client adapter and the third warning pertains to the CB21AG client adapter The following topics are covered in this appendix Explosive Device Proximity Warning page C 2 Antenna Installation Warning page C 3 Warning for Laptop Users page C 4 ...

Page 142: ...sion sauf si l équipement a été modifié à cet effet Warnung Benutzen Sie Ihr drahtloses Netzwerkgerät nicht in der Nähe ungeschützter Sprengkapseln oder anderer explosiver Stoffe es sei denn Ihr Gerät wurde eigens für diesen Gebrauch modifiziert und bestimmt Avvertenza Non utilizzare la periferica di rete senza fili in prossimità di un detonatore non protetto o di esplosivi a meno che la periferic...

Page 143: ...un minimum de 20 cm de toute personne Warnung Um die in den FCC Richtlinien festgelegten Expositionshöchstgrenzen für Radiofrequenzen RF nicht zu überschreiten sollten antennen mindestens 20 cm 7 9 Zoll vom Körper aller Person entfernt aufgestellt werden Avvertenza Per conformarsi ai limiti FCC di esposizione a radiofrequenza RF le antenne a devono stare ad una distanza minima di 20 cm dal corpo d...

Page 144: ... met andere antennes of zenders worden gebruikt en ook niet in de buurt van andere antennes of zenders worden geplaatst Varoitus Tämä laite on testattu ja se noudattaa FCC n määrittämiä radiotaajuussäteilylle altistumisen SAR raja arvoja tyypillisissä kannettavien tietokoneiden kokoonpanoissa Tätä laitetta voidaan käyttää pöytä tai kannettavissa tietokoneissa joiden sivussa on PC korttipaikka Kort...

Page 145: ...iner som har kortplass på siden og der det er minst 1 cm avstand mellom antennen og brukeren eller andre personer Ved bruk av flate bærbare PCer må du være ekstra påpasselig med antenneavstanden Denne enheten kan ikke brukes sammen med håndholdte PDAer personal digital assistant Det er ikke sikkert at bruk i andre konfigurasjoner vil være i samsvar med retningslinjene for FCC RF eksponering Denne ...

Page 146: ...ärbara datorer med sidmonterade PC kortöppningar som kan tillhandahålla minst 1 cm med separationsavstånd mellan antennen och användarens kropp eller annan person i närheten Tunna bärbara datorer kan behöva speciell uppmärksamhet för att upprätthålla antennavståndet under användning Den här enheten kan inte användas med handdator PDA Vid användning i andra konfigurationer går det inte att garanter...

Page 147: ...pters The following topics are covered in this appendix Manufacturer s Federal Communication Commission Declaration of Conformity Statement page D 2 Department of Communications Canada page D 3 European Community Switzerland Norway Iceland and Liechtenstein page D 3 Declaration of Conformity for RF Exposure page D 7 Guidelines for Operating Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapt...

Page 148: ...cm separation distance from the antenna to the body of the user or a nearby person Thin laptop computers may need special attention to maintain antenna spacing while operating The PI21AG client adapter has been tested and complies with FCC RF Exposure SAR limits in typical desktop computer configurations A separation distance of 7 9 in 20 cm must be maintained between this device s antenna and the...

Page 149: ...s may require the user to obtain a license for the system according to the Canadian regulations For further information contact your local Industry Canada office European Community Switzerland Norway Iceland and Liechtenstein Declaration of Conformity with Regard to the R TTE Directive 1999 5 EC English This equipment is in compliance with the essential requirements and other relevant provisions o...

Page 150: ...N Client Adapters Note This equipment is intended to be used in all EU and EFTA countries Outdoor use may be restricted to certain frequencies and or may require a license for operation For more details contact your customer service representative Nederlands Deze apparatuur voldoet aan de belangrijkste eisen en andere voorzieningen van richtlijn 1999 5 EC Norsk Dette utstyret er i samsvar med de g...

Page 151: ...nstallation and Configuration Guide for Windows Vista OL 16534 01 Appendix D Declarations of Conformity and Regulatory Information European Community Switzerland Norway Iceland and Liechtenstein Declaration of Conformity Statement Cisco Aironet CB21AG Wireless LAN Client Adapter ...

Page 152: ...B21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix D Declarations of Conformity and Regulatory Information European Community Switzerland Norway Iceland and Liechtenstein Cisco Aironet PI21AG Wireless LAN Client Adapter ...

Page 153: ...lient Adapters in Japan This section provides guidelines for avoiding interference when operating Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters in Japan These guidelines are provided in both Japanese and English Note The use of 5 GHz devices is limited to indoor use in Japan Japanese Translation English Translation This equipment operates in the same frequency bandwidth as industria...

Page 154: ...ipment causes RF interference to a specified low power radio station of RF ID contact the number below Contact Number 03 5549 6500 Administrative Rules for Cisco Aironet CB21AG and PI21AG Wireless LAN Client Adapters in Taiwan This section provides administrative rules for operating Cisco Aironet Wireless LAN Client Adapters in Taiwan The rules are provided in both Chinese and English 2 4 and 5 GH...

Page 155: ...ly and can t re operate it until the harmful interference is clear The authorized radio station means a radio communication service operating in accordance with COMMUNICATION ACT The operation of the low power radio frequency devices is subject to the interference caused by the operation of an authorized radio station by another intentional or unintentional radiator by industrial scientific and me...

Page 156: ...11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix D Declarations of Conformity and Regulatory Information Brazil Anatel Approval AIR CB21AG W K9 ...

Page 157: ...11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix D Declarations of Conformity and Regulatory Information Brazil Anatel Approval AIR PI21AG W K9 ...

Page 158: ...net 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix D Declarations of Conformity and Regulatory Information Brazil Anatel Approval ...

Page 159: ... P P E N D I X E Channels Power Levels and Antenna Gains This appendix lists the IEEE 802 11a b and g channels supported by the world s regulatory domains as well as the maximum power levels and antenna gains allowed per data rate The following topics are covered in this appendix Channels page E 2 Maximum Power Levels and Antenna Gains page E 4 ...

Page 160: ...own in Table E 1 Table E 1 Channels for IEEE 802 11a Channel Identifier Frequency in MHz Regulatory Domains America A EMEA E Japan J Japan P Rest of World W 34 5170 X X 36 5180 X X X X 38 5190 X X 40 5200 X X X X 42 5210 X X 44 5220 X X X X 46 5230 X X 48 5240 X X X X 52 5260 X X X X 56 5280 X X X X 60 5300 X X X X 64 5320 X X X X 100 5500 X X X 104 5520 X X X 108 5540 X X X 112 5560 X X X 116 558...

Page 161: ...requencies and regulatory domains of each IEEE 802 11b g 22 MHz wide channel are shown in Table E 2 Note Mexico is included in the Rest of World regulatory domain however channels 1 through 8 are for indoor use only while channels 9 through 11 can be used indoors and outdoors Users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of Mex...

Page 162: ...IEEE 802 11b An improper combination of power level and antenna gain can result in equivalent isotropic radiated power EIRP above the amount allowed per regulatory domain Table E 4 indicates the maximum EIRP supported for all regulatory domains for each 2 4 GHz IEEE 802 11b data rate Table E 3 Maximum EIRP for IEEE 802 11a Data Rate Maximum EIRP for PC Cardbus Card with 0 dBi Antenna Gain and PCI ...

Page 163: ...antenna gain can result in equivalent isotropic radiated power EIRP above the amount allowed per regulatory domain Table E 5 indicates the maximum EIRP supported for all regulatory domains for each 2 4 GHz IEEE 802 11g data rate Table E 5 Maximum EIRP for IEEE 802 11g Data Rate Maximum EIRP for PC Cardbus Card with 0 dBi Antenna Gain and PCI Card with 1 dBi Antenna Gain mW dBm 6 Mbps 50 17 9 Mbps ...

Page 164: ...t 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix E Channels Power Levels and Antenna Gains Maximum Power Levels and Antenna Gains ...

Page 165: ...ight notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit an...

Page 166: ...he same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textu...

Page 167: ...S OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot b...

Page 168: ...F 4 Cisco Aironet 802 11a b g Wireless LAN Client Adapters CB21AG and PI21AG Installation and Configuration Guide for Windows Vista OL 16534 01 Appendix F Acknowledgments and Licensing ...

Page 169: ...AP FAST Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP GTC Extensible Authentication Protocol Generic Token Card EAP MSCHAPv2 Extensible Authentication Protocol Microsoft Challenge Handshake Authentication Protocol Version 2 EAP TLS Extensible Authentication Protocol Transport Layer Security ETW Vista s Event Tracing for Windows GPO Group Policy Object LDAP Lig...

Page 170: ...endix G Abbreviations RADIUS Remote Authentication Dial In User Service RFC Request for Comments SDK Software Development Kit SSID Service Set Identifier SSO single sign on TKIP Temporal Key Integrity Protocol TLS Transport Layer Security UPN User Principal Name XML eXtensible Markup Language Table G 1 List of Acronyms continued Acronym Expansion ...