How to configure host-based Enable host-based Extensible Authentication Protocol (EAP)?
Enabling host based EAP.
Enabling Host-Based EAP
Before you can enable host-based EAP authentication, your network devices must meet the following requirements:
Client adapters must support WEP and use the firmware, drivers, utilities, and security modules included in the Install Wizard file.
Access points to which your client adapter may attempt to authenticate must use the following software versions or greater: firmware version 12.00T (340, 350, and 1200 series access points) or IOS release 12.2(4)JA (1100 series access points).
The Microsoft 802.1X supplicant must be installed on your Windows device.
All necessary infrastructure devices (for example, access points, servers, gateways, user databases, etc.) must be properly configured for the authentication type you plan to enable on the client.
Follow the steps below to enable host-based EAP authentication (EAP-TLS, PEAP, or EAP-SIM) for this profile.
Because EAP-TLS, PEAP, and EAP-SIM authentication are enabled in the operating system and not in ACU, you cannot switch between these authentication types simply by switching profiles in ACU. You can create a profile in ACU that uses host-based EAP, but you must enable the specific authentication type in Windows (provided Windows uses the Microsoft 802.1X supplicant). In addition, Windows can be set for only one authentication type at a time; therefore, if you have more than one profile in ACU that uses host-based EAP and you want to use another authentication type, you must change authentication types in Windows after switching profiles in ACU.
Step 1 Select Host Based EAP from the Network Security Type drop-down box on the Network Security screen.
Step 2 Select Use Dynamic WEP Keys under WEP.
Step 3 Click OK to return to the Profile Manager screen.
Step 4 Click OK or Apply on the Profile Manager screen to save your changes.
Step 5 Perform one of the following, depending on your computer's operating system:
•If your computer is running Windows 2000, double-click My Computer, Control Panel, and Network and Dial-up Connections. Right-click Local Area Connection. Click Properties. The Local Area Connection Properties screen appears.
•If your computer is running Windows XP, double-click My Computer, Control Panel, and Network Connections. Right-click Wireless Network Connection. Click Properties. The Wireless Network Connection Properties screen appears.
These instructions assume you are using Windows XP's classic view rather than its category view.
Step 6 Click the Authentication tab. The following screen appears (see Figure 5-7).
In Service Pack 1 for Windows XP, the Authentication tab has moved from its previous location. To access it, click the Wireless Networks tab, select the network that you are configuring in the Preferred network list, and click Properties.
Figure 5-7 Wireless Network Connection Properties Screen (Authentication Tab) - Windows 2000 and XP Only
Step 7 Check the Enable network access control using IEEE 802.1X check box.
Step 8 Perform one of the following, depending on the authentication type you want to use:
Host-based EAP authentication is supported only on client adapters that support Wired Equivalent Privacy (WEP) and use PCM/LMC/PCI card firmware version 4.13 or greater (or mini Peripheral Component Interconnect [PCI] card firmware version 5.0 or greater). In order to use EAP-TLS or EAP-MD5 authentication, your client adapter and access point must use 802.1X draft standard 10 firmware, and your operating system must have built-in support for host-based EAP (such as Windows XP). Download the Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks for information on WLAN deployments of EAPS-TL5.
Hello, Can we use the example below to explain CCI/ACI? Now we have two APs. Can we think below conclusions?If AP1 is using channel A and AP2 is using channel A as well, we can think the two APs have CCI, no ACIIf AP1 is using channel A and AP2 is using c...
I have an access point "AIR-AP2802I-I-K9" and I need a power injector for it. It is very hard for me to wait till import process. I need to operate it within a week urgent. Is there any other injectors (non-Cisco) could be used temporary?
Hiwe have three offices all running with their own 5508's. I plan on replacing those WLC's with newer ones. Is there a design were I can replace they with a pair in our CoLo data center and have all the AP's talk back to them? I used to do this with HREAP...