Eap-fast user settings – Intel 3945ABG User Manual
Page 85
Authenticated-TLS-Server Provisioning Mode is supported using a trusted CA certificate, a self-signed server
certificate, or server public keys and GTC as the inner EAP method.
Validate Server Certificate:
●
Validate Server Certificate:
●
Certificate Issuer: The server certificate received during TLS message exchange must be issued by
this certificate authority (CA). Trusted intermediate certificate authorities and root authorities whose
certificates exist in the system store are available for selection. If Any Trusted CA is selected, any CA
in the list is acceptable.
●
Allow intermediate certificates: The server certificate received during negotiation may have been
issued directly by the CA or additionally by one of its intermediate certificate authorities. Select to
allow a number of unspecified certificates to be in the server certificate chain between the server
certificate and the specified CA. If cleared, then the specified CA must have been directly issued by
the server certificate.
●
Specify Server or Certificate Name: Select if you want to specify your server or certificate name.
The server name or a domain to which the server belongs, depends on which of the two options
below has been selected.
●
Server name must match exactly: When selected, the server name entered must match exactly
the server name found on the certificate. The server name should include the fully qualified domain
name (for example, Servername.Domain name).
●
Domain name must end in specified name: When selected, the server name identifies a domain
and the certificate must have a server name belonging to this domain or to one of its sub-domains
(for example, zeelans.com, where the server is blueberry.zeelans.com).
NOTE: These parameters should be obtained from the administrator.
3. Click OK to close the security settings.
EAP-FAST User Settings
NOTE: If an
was installed on a user' computer that did not apply the Cisco
Compatible Extensions, Version 4 Application Setting, only EAP-FAST User settings are available for
configuration.
To set up a client with EAP-FAST authentication:
1. Click Profiles on the Intel PROSet/Wireless main window.
2. On the Profile page, click Add to open the Create Wireless Profile Wizard's General Settings.
3. Wireless Network Name (SSID): Enter the network identifier.
4. Profile Name: Enter a descriptive profile name.
5. Operating Mode: Click Network (Infrastructure).
6. Click Next to open the Security Settings.
7. Click Enterprise Security.
8. Network Authentication: Select WPA-Enterprise or WPA2-Enterprise.
9. Data Encryption: Select one of the following:
❍
TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism.
❍
AES-CCMP (Advanced Encryption Standard - Counter CBC-MAC Protocol) is used as the data
encryption method whenever strong data protection is important.
10. Enable 802.1x: Selected.
11. Authentication Type: Select EAP-FAST to be used with this connection.