Table Of Contents
Release Notes for Cisco Aironet Configuration Administration Tool (ACAT) 1.3
These release notes describe features and caveats for the Cisco Aironet Configuration Administration Tool (ACAT) version 1.3.
ACAT is a tool used by administrators to specify software installation options for client adapters (Cisco Aironet 2.4-GHz and 5-GHz client adapters) located in PCs running a Windows operating system. The specified options are placed in a configuration file used by the Cisco Aironet Wireless LAN Client Adapter Installation Wizard (referred to as the Install Wizard) to install the software components and a client adapter's configuration profiles.
Note ACAT version 1.3 supports only the Windows 2000 and XP operating systems.
Using ACAT, an administrator can specify the following installation options:
–Client adapter radio firmware
–Driver for a client adapter
–Cisco Aironet Client Utility (ACU)
–Cisco Aironet Client Monitor (ACM)
–Security Modules (LEAP, EAP-SIM, PEAP, and EAP-FAST)
•Administrator global override settings
•Client adapter configuration profiles
•Client adapter type
–PCM-35x—Cisco Aironet 350 series PCMCIA card
–MPI-35x—Cisco Aironet 350 series Mini-PCI card
–PCI-35x—Cisco Aironet 350 series PCI card
–CB20A—Cisco Aironet 5-GHz PC-Cardbus card
Note ACAT version 1.3 is compatible only with Install Wizard version 1.3.
Note ACAT version 1.3 does not support the Cisco Aironet 340 and 4800 series client adapters or the Cisco Aironet IEEE 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG).
Cisco Aironet Software Requires Completion of Encryption Authorization Form
In order to access Cisco Aironet software from the Software Center on Cisco.com, you must fill out a form to receive authorization to download encrypted software. Registered Cisco.com users are required to fill out the form only once, while public users must do so once each session, each time software is downloaded. A form is automatically created for public users. The form for registered Cisco.com users is located at the following URL: http://www.cisco.com/cgi-bin/Software/Crypto/crypto_main.pl
Obtaining ACAT Software
To obtain the latest ACAT software from the Cisco Web site, follow these steps:
Step 1 Use your web browser to go to the Cisco Software Center at the following URL:
Step 2 Click Option #2: Aironet Wireless Software Display Tables.
Step 3 Click Cisco Aironet Wireless LAN Client Adapters.
Step 4 Under Windows System Administration Tool, click Windows System Administration Tool.
Step 5 Choose the ACAT file (ACAT-v13x.exe) with the greatest version number, where v13x is the version number.
Step 6 Enter the requested information on the encryption authorization form.
Step 7 Read the terms and conditions of the Software License Agreement and click Accept.
Step 8 Click the ACAT file again to download it.
Step 9 Save the file to your computer's hard drive then exit the web browser.
Step 10 Find the downloaded ACAT-v13x.exe file using Windows Explorer, double-click it, and extract the following files to a directory on your hard drive:
•ACAT.exe—ACAT executable file.
•ACAT.HLP—ACAT help file used by the ACAT program.
•InstallData.txt —installation data file used by the ACAT program.
Note InstallData.txt is an ASCII text file that cannot be edited or changed. The file data is check-sum protected and if modified will generate an error when ACAT is activated.
ACAT version 1.3 software is compatible only with Install Wizard version 1.3 software.
Finding the ACAT Version
Follow the instructions in this section to find the version of ACAT that is currently loaded on your PC.
Step 1 Open Windows Explorer.
Step 2 Find the ACAT files.
Step 3 Right-click the ACAT.exe file.
Step 4 Click Properties.
Step 5 Click the Version tab. The version of the currently loaded ACAT file is shown in the File version field.
Finding the Install Wizard Version
Follow the instructions in this section to find the version of the Install Wizard that is currently installed for your client adapter.
Step 1 Open Windows Explorer.
Step 2 Find the Install Wizard files.
Step 3 Right-click the IWSetup.exe file.
Step 4 Click Properties.
Step 5 Click the Version tab. The version of the currently installed Install Wizard file is shown in the File version field.
Removing ACAT Software
You can remove the ACAT software from your PC by deleting the following files:
•CiscoAdminConfig.dat (if located in the ACAT directory)
Uninstalling Client Adapter Software
When you run the Install Wizard using an ACAT-generated configuration file set for a silent install, the main Install Wizard screen is not displayed. To uninstall the software components and profiles installed by the Install Wizard, follow these steps:
Step 1 Click Start > Settings > Control Panel > Add/Remove Programs.
Step 2 Click Cisco Aironet Installation Wizard.
Step 3 Click Change/Remove.
Step 4 When the Install Wizard screen appears, choose Uninstall All Components and click Next.
Note Uninstall All Components removes all installed software components and all client adapter profiles in the PC registry.
Note The Custom Installation/Upgrade selection on the Install Wizard screen allows you to change the installation parameters and software components specified in the ACAT configuration file.
Step 5 The Install Wizard screen indicates the uninstall progress. When a message appears that indicates the system is about to reboot, click OK.
When your PC reboots, the uninstall is complete.
Note If you uncompressed the Installation Wizard software package in a non-temporary folder, you need to manually delete the Install Wizard installation files and directories.
ACAT version 1.3 supports the following new feature.
The new standard for wireless LAN security, as defined by IEEE, is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless client and an authentication server such as a RADIUS server, to which the access point communicates over the wired network.
ACAT version 1.3 supports the EAP-FAST authentication type (Flexible Authentication via Secure Tunneling) for use with Windows 2000 and XP systems. Support for EAP-FAST is provided not in the Windows operating system but in your client adapter's firmware and the Cisco software that supports it. RADIUS servers that support EAP-FAST include Cisco Secure ACS release 3.2.3 and later.
Note The Install Wizard does not provide an error indication when a profile with EAP-FAST fails to install on a non-supported operating system.
EAP-FAST can be enabled or disabled for a specific profile using ACAT or the ACU can be used, provided the EAP-FAST security module was selected during installation. When EAP-FAST is enabled, a variety of configuration options are available, including how and when a username and password are entered to begin the authentication process and whether automatic or manual protected access credentials (PAC) provisioning is used.
The username, password, and PAC are used by the client adapter to perform mutual authentication with the RADIUS server through the access point. The username and password need to be re-entered each time the client adapter is inserted or the Windows device is rebooted, unless you configure your adapter to use saved EAP-FAST credentials.
PACs are created by Cisco Secure ACS and are identified by an ID. The user obtains his or her own copy of the PAC from the server, and the ID links the PAC to the profile created by ACAT or the ACU. When manual PAC provisioning is enabled, the PAC file is manually copied from the server and imported into the client device using the ACU. The following rules govern PAC storage:
•In most cases PACs are provisioned and stored separately for each Windows logon user. These per-user PACS are not viewable by other users.
•If a profile is configured to use manual provisioning, each user must manually provision his or her own PAC for that profile using the ACU.
•PAC files can be added or replaced using the ACU import feature, but they cannot be removed or exported.
•For profiles configured with saved EAP-FAST usernames and passwords, the PACs are not stored per user but in a global PAC area shared by all users. Global PACs are also enabled when the No Network Connection Unless User Is Logged In check box is unchecked on the ACU. These global PACs can be imported using the ACU and used by all users.
Note Checking the Use Saved Username and Password check box in ACAT this enables the option on the ACU. You must use the ACU to enter the EAP-FAST username and password parameters.
Note PACs are also stored globally on computers that use the Novell Network login prompt or any other third-party login application that does not share its credentials with the EAP-FAST supplicant.
EAP-FAST authentication is designed to support the following user databases over a wireless LAN:
•Cisco Secure ACS internal user database
•Cisco Secure ACS ODBC user database
•Windows NT/2000/2003 domain user database
•LDAP user database
LDAP user databases (such as NDS) support only manual PAC provisioning while the other three user databases support both automatic and manual PAC provisioning.
Note If the EAP-FAST security module was not selected during installation, the EAP-FAST option is unavailable in the ACU. To enable and disable EAP-FAST, you must run ACAT or the Install Wizard again and choose EAP-FAST. EAP-FAST is supported in ACAT and Install Wizard versions 1.3 and later.
Getting Bug Information on Cisco.com
If you are a registered Cisco user, you can use the Cisco TAC Software Bug Toolkit, which consists of three tools (Bug Navigator, Bug Watcher, and Search by Bug ID Number) that help you identify existing bugs (or caveats) in Cisco software products.
Access the TAC Software Bug Toolkit at the following URL:
The following caveat has not been resolved:
•CSCin53301—Some contents are partially seen on the RF Settings and Security pages.
The Defaults button does not uncheck the Allow association to both WPA and non-WPA Authentications option check box.
Workaround: Uncheck the Allow association to both WPA and non-WPA Authentications option.
The following caveats have been resolved:
•CSCin58186—ACAT reboot silently installation option.
The Reboot Silently option in the Silent Setup menu on the Global Override Settings tab requires user intervention to respond to a reboot message.
•CSCin58727—Settings in ACAT and ACU are not the same.
When configuring LEAP, ACAT allows LEAP Authentication Timeout values between 45 and 300 seconds. The Aironet Client Utility (ACU) allows LEAP Authentication Timeout values between 10 and 300 seconds.
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following URL:
Click Hardware Support under Documentation and Tools, then click Wireless Devices on the left side of the screen.
For more information about wireless LAN adapters and related products, refer to the following documents:
•Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows provides instructions for using the Install Wizard to install and configure the wireless client adapter, the firmware, the driver, and the utilities.
•Cisco Aironet Access Point Software Configuration Guide provides configuration information for 340 and 350 series access points.
•Cisco IOS Software Configuration Guide for Access Points provides software configuration information for access points running Cisco IOS software.
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at this URL:
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
You can find instructions for ordering documentation at this URL:
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
You can submit e-mail comments about technical documentation to firstname.lastname@example.org.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
Cisco TAC Website
The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
Opening a TAC Case
Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete listing of Cisco TAC contacts, go to this URL:
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2004 Cisco Systems, Inc. All rights reserved.