Specifications
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 29 of 42
a. Choose “Full Encryption” as Use of Data encryption by Station.
b. For enabling EAP-TLS authentication (also enables EAP MD5):
i. Check Open in “Accept Authentication Type.”
ii. Check “Require EAP” (only under open authentication).
c. For enabling LEAP authentication, select the “Network-EAP” option.
d. Set WEP Key 1 for Broadcast Key (in 11.10T and later releases, you can also enable broadcast key rotation).
e. Click Apply.
Figure 6-14
AP Radio Data Encryption Page
Afterthe preceding steps have been completed, the access point is configured to allow only LEAP and EAP-TLS/MD5
clients to authenticate to the enterprise wireless LAN network.
6.4 Microsoft XP Client Configuration
The following procedure was used to configure a Windows XP client to authenticate to a WLAN network using
EAP-TLS:
1. Obtain and install a client certificate; refer to Section 6.4.1.
2. Configure networking parameters on Microsoft XP Networking; refer to Section 6.4.2.
6.4.1 Obtaining the Client-Side Certificate
As discussed in Section 4, the client must obtain a certificate from a certification authority server for the ACS to
authenticate a WLAN EAP-TLS client. Several ways of obtaining a client certificate and installing it onto the
WindowsXP machine are available. To acquire a valid certificate, the Windows XP user has to be logged in using his
or her user ID and has to have a network connection (either a wired connection or a WLAN connection with 802.1x
security disabled).