Table Of Contents
Release Notes for Cisco Aironet 350 and CB20A Client Adapter Install Wizard 1.3 for Windows
Customized Installation Images (Notice to IT Professionals)
Firmware Is Upgraded Automatically
Reboot Required When Uninstalling ACU
Uninstalling Software Components
Inserting and Removing Client Adapters
New EAP-SIM Supplicant Available
Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only)
Cisco Aironet Software Requires Completion of Encryption Authorization Form
Support for EAP-FAST Authentication
WPA Migration Mode Now Supported by Clients
Radio Management Support on CB20A Cards
Installing or Upgrading Client Adapter Software
Finding the Install Wizard Version
Finding the Firmware and Driver Versions
Resolved Security Module Caveats
Getting Bug Information on Cisco.com
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Release Notes for Cisco Aironet 350 and CB20A Client Adapter Install Wizard 1.3 for Windows
Contents
This document contains the following sections:
•Installing or Upgrading Client Adapter Software
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
Introduction
This document describes system requirements, important notes, new and changed information, installation and upgrade procedures, and caveats for client adapter Install Wizard version 1.3 and the following software included in the Install Wizard file:
•Firmware version 5.40.10
•PC, LM, and PCI card driver version 8.5
•Mini PCI and PC-Cardbus card driver version 3.8
•Aironet Client Utility (ACU) version 6.3
•Aironet Client Monitor (ACM) version 2.3
•LEAP security module version 6.2
•EAP-FAST security module version 1.0
•PEAP security module version 1.01
•EAP-SIM security module version 1.0
Note Refer to the "New EAP-SIM Supplicant Available" section for information about a new EAP-SIM supplicant.
System Requirements
You need the following in order to install Install Wizard version 1.3 and use its software components:
•One of the following Cisco Aironet client adapters:
–350 series PC, LM, PCI, or mini PCI card
–CB20A PC-Cardbus card
Note Install Wizard version 1.3 and its software components are not supported for use with Cisco Aironet 340 series client adapters.
•A computer running the Windows 2000 or XP operating system
Note Install Wizard version 1.3 and its software components are not supported for use with Windows 98, 98 SE, NT, and Me.
Note All drivers and supporting software (Card and Socket Services) for the PC card slot or Cardbus slot must be loaded and configured.
•A display with a minimum resolution of 800 x 600 pixels
•35 MB of free hard disk space (minimum)
Note The Install Wizard terminates if you attempt to install it on a computer that has less than
35 MB of hard disk space.
•One of the following host supplicants if your wireless network uses host-based EAP authentication with WPA:
–Funk Odyssey Client supplicant version 2.2 (for Windows 2000)
–Windows XP Service Pack 1 and Microsoft supplicant Q815485 (for Windows XP)
•The Microsoft 802.1X supplicant, if your wireless network uses EAP-TLS, PEAP, or EAP-SIM authentication
•If your wireless network uses PEAP authentication with a One-Time Password (OTP) user database:
–SofToken version 1.3, 2.0, or later from Secure Computing; SecurID version 2.5 from RSA; or hardware token from OTP vendors
–Your software token PIN or hardware token password
Note Meetinghouse AEGIS Client supplicant version 2.1 or later is also supported for use with Windows 2000 and XP; however, it was not tested with this client adapter software release.
•If your wireless network uses EAP-SIM authentication:
–PCSC-compliant smartcard reader installed in your computer's Type II or Type III PC card slot
–Gemplus SIM+ smartcard inserted in the reader
–The SIM card's PIN
Note The EAP-SIM supplicant included in the Install Wizard file supports only Gemplus SIM+ cards; however, an updated supplicant is available that supports standard GSM-SIM cards as well as more recent versions of the EAP-SIM protocol. The new supplicant is available for download from Cisco.com at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/access-registrar-encrypted
•The following information from your system administrator:
–The logical name for your workstation (also referred to as client name)
–The protocols necessary to bind to the client adapter
–The case-sensitive service set identifier (SSID) for your RF network
–If your computer is not connected to a DHCP server, the IP address, subnet mask, and default gateway address of your computer
–The wired equivalent privacy (WEP) keys of the access points with which your client adapter will communicate, if your wireless network uses static WEP for security
–The username and password for your network account
–Protected access credentials (PAC) file if your wireless network uses EAP-FAST authentication with manual PAC provisioning
•Access points to which your client adapter may attempt to authenticate must use the following firmware versions or later: 12.00T (340, 350, and 1200 series access points) or Cisco IOS Release 12.2(4)JA (1100 series access points).
Note To use WPA or fast roaming, access points must use Cisco IOS Release 12.2(11)JA or later. To use radio management (RM), access points must use Cisco IOS Release 12.2(13)JA or later.
•All necessary infrastructure devices such as access points, servers, gateways, and user databases must be properly configured for any authentication type you plan to enable on the client.
Important Notes
Customized Installation Images (Notice to IT Professionals)
Caution Use caution when bundling the client adapter software into a customized installation image. If the registry settings are modified, the software may not install and uninstall properly.
Firmware Is Upgraded Automatically
The Install Wizard automatically upgrades the client adapter firmware to the version included in the Install Wizard file.
Note Applications such as AirMagnet and Wild Packets may fail after the firmware is upgraded. To resolve this problem, use ACU to downgrade the firmware to the previous version. Older versions of client adapter firmware are available from the Software Center on Cisco.com.
Reboot Required When Uninstalling ACU
Caution When you uninstall ACU, make sure you reboot your computer when prompted. Otherwise, the system may be rendered unable to boot, displaying the message "The Logon User Interface DLL cswGina.dll failed to load. Contact your system administrator to replace the DLL or restore the original DLL."
Uninstalling Software Components
All profiles are deleted if you use the Uninstall All Components option on the Cisco Aironet Wireless LAN Client Adapter Installation Wizard screen to uninstall the client adapter software. Cisco recommends that you use the Profile Manager's export feature to save your profiles before uninstalling the software.
Inserting and Removing Client Adapters
The following rules apply when inserting and removing client adapters:
•If you start ACU while a client adapter of one radio type is inserted (such as a 350 series PC card) and then eject the card and replace it with a card of another radio type (such as a CB20A PC-Cardbus card), ACU displays "Your Wireless LAN Adapter is not inserted" until ACU is shut down and restarted.
•The profiles for PC-Cardbus cards are tied to the slot in which the card is inserted. Therefore, you must always insert your PC-Cardbus card into the same slot, create profiles for both slots, or export the profiles for one slot and import them for the other slot.
New EAP-SIM Supplicant Available
A new EAP-SIM supplicant is available for download from Cisco.com. This new supplicant is an upgrade to the one included in the Install Wizard file. It provides new features, supports more recent versions of the EAP-SIM draft standard, and can be used with standard GSM-SIM cards as well as Gemplus SIM+ smartcards.
The new supplicant overwrites any previous EAP-SIM supplicant settings. If you plan to install the Cisco Aironet Install Wizard file after the new supplicant is installed, either perform an express installation or make sure the EAP-SIM option is not selected on the Custom Installation screen. Otherwise, the EAP-SIM supplicant included in the Install Wizard file overwrites the new supplicant's settings.
You can access the latest EAP-SIM supplicant at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/access-registrar-encrypted
Windows Wireless Network Connection Icon Shows Unavailable Connection (Windows XP Only)
If your computer is running Windows XP and you configured your client adapter using ACU, the Windows Wireless Network Connection icon in the Windows system tray may be marked with a red X and show an unavailable connection even though a wireless connection exists. This condition is caused by a conflict between ACU and Windows XP's wireless network settings. Simply ignore the Windows icon and use the ACM icon to check the status of your client adapter's wireless connection.
Cisco Aironet Software Requires Completion of Encryption Authorization Form
In order to access Cisco Aironet software from the Software Center on Cisco.com, you must fill out a form to receive authorization to download encrypted software. Registered Cisco.com users are required to fill out the form only once, but public users must do so once each session, each time software is downloaded. A form is automatically created for public users. The form for registered Cisco.com users is at the following URL:
http://www.cisco.com/cgi-bin/Software/Crypto/crypto_main.pl
Supporting Documentation
The Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows (part number OL-1394-08) provides detailed installation, configuration, and troubleshooting information for Install Wizard version 1.3 and its software components.
Note Install Wizard version 1.3 and its software components are not supported for use with Cisco Aironet 340 series client adapters.
New and Changed Information
Support for EAP-FAST Authentication
Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authentication is a new IEEE 802.1X authentication type available for Cisco Aironet 350 series and CB20A client adapters on computers running Windows 2000 or XP. EAP-FAST offers flexible, easy deployment and management, supports a variety of user and password database types, supports server-initiated password expiration and change, and does not require digital certificates. Cisco developed EAP-FAST for customers who want to deploy an 802.1X EAP type that does not use certificates and provides protection from dictionary attacks. For example, a customer using Cisco LEAP who cannot enforce a strong password policy and does not want to use certificates can migrate to EAP-FAST for protection from dictionary attacks. EAP-FAST allows for a seamless migration from LEAP.
Note If you change an old LEAP profile (one that was created using ACU version 6.2 or earlier) with a saved username and password to EAP-FAST, you are prompted to re-enter your password if you try to save the profile without entering a new password.
EAP-FAST uses a three-phased tunneled authentication process to provide advanced 802.1X EAP mutual authentication.
•Phase 0 enables the client to dynamically provision a protected access credentials (PAC) when necessary. During this phase, a PAC is generated securely between the user and the network.
•Phase 1 uses the PAC to establish a mutually authenticated and secure tunnel between the client and the RADIUS server. RADIUS servers that support EAP-FAST include Cisco Secure ACS version 3.2.3 and later.
•Phase 2 performs client authentication in the established tunnel.
EAP-FAST is enabled or disabled for a specific profile through ACU, provided the EAP-FAST security module was selected during installation. After EAP-FAST is enabled, a variety of configuration options are available, including how and when a username and password are entered to begin the authentication process and whether automatic or manual PAC provisioning is used.
The client adapter uses the username, password, and PAC to perform mutual authentication with the RADIUS server through the access point. The username and password need to be re-entered each time the client adapter is inserted or the Windows device is rebooted, unless you configure your adapter to use saved EAP-FAST credentials.
PACs are created by Cisco Secure ACS and are identified by an ID. The user obtains his or her own copy of the PAC from the server, and the ID links the PAC to the profile created in ACU. When manual PAC provisioning is enabled, the PAC file is manually copied from the server and imported onto the client device. The following rules govern PAC storage:
•In most cases PACs are provisioned and stored separately for each Windows logon user. These per-user PACs are not viewable by other users.
•If a profile is configured to use manual provisioning, each user must manually provision his or her own PAC for that profile.
•PAC files can be added or replaced using the import feature, but they cannot be removed or exported.
•For profiles configured with saved EAP-FAST usernames and passwords, the PACs are not stored per user but in a global PAC area shared by all users. Global PACs are also enabled when the No Network Connection Unless User Is Logged In checkbox is unchecked. These global PACs can be imported and used by all users.
Note PACs are also stored globally on computers that use the Novell Network login prompt or any other third-party login application that does not share its credentials with the EAP-FAST supplicant.
EAP-FAST authentication is designed to support the following user databases over a wireless LAN:
•Cisco Secure ACS internal user database
•Cisco Secure ACS ODBC user database
•Windows NT/2000/2003 domain user database
•LDAP user database
LDAP user databases (such as NDS) support only manual PAC provisioning while the other three user databases support both automatic and manual PAC provisioning.
Note Refer to Chapter 5 of the Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows (part number OL-1394-08) for instructions on enabling EAP-FAST authentication for your client adapter.
WPA Migration Mode Now Supported by Clients
The software components included in client adapter Install Wizard version 1.3 now support Wi-Fi Protected Access (WPA) migration mode for 350 series and CB20A cards. WPA migration mode is an access point setting that enables both WPA and non-WPA clients to associate to an access point using the same SSID. To use this feature, the access point must be configured for migration mode (WPA optional with TKIP+WEP128 or TKIP+WEP40 cipher).
Radio Management Support on CB20A Cards
In ACU version 6.3 the Enable Radio Management Support parameter has been added to the Advanced (Infrastructure) Parameters screen for CB20A PC-Cardbus cards. Checking this check box enables the access point to which the client adapter is associated to control the use of radio management (RM), provided RM is enabled on the access point. RM, a component of the Cisco Structured Wireless-Aware Network (SWAN), is a system-wide feature that involves multiple infrastructure nodes. The RM feature on the access point acts on radio measurement requests from other network devices to instruct the access point and its associated clients to perform required radio measurements and then report them.
This parameter is available in ACU version 6.2 or later for 350 series client adapters using firmware version 5.30.15 or later and in ACU version 6.3 or later for CB20A client adapters using firmware version 5.40.10 or later.
Note Access points must use Cisco IOS Release 12.2(13)JA or later to enable RM. Refer to the documentation for your access point for instructions on enabling this feature.
Note Refer to this URL for additional information on SWAN:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_package.html
Quiet Mode
A quiet mode feature is now available for Cisco Aironet client adapters in Install Wizard version 1.3. Enabling this feature forces the client to become quiet (to passively scan or listen) when its associated access point is turned off. In quiet mode, the client generates radio frequency energy only in direct response to an access point transmission. When the access point is turned back on, it starts sending beacons, which the client hears and can now respond to.
Quiet mode can be enabled or disabled from either the Custom Installation screen in the Install Wizard or the Commands drop-down menu in ACU.
Note The quiet mode feature applies to individual cards rather than profiles. It can be set differently for different cards and remains in effect across ACU sessions and computer reboots.
User and Domain Names
The following changes apply to both LEAP and EAP-FAST authentication:
•The maximum length of the combined username and domain name has been increased from 32 to 64 characters. Therefore, you can enter up to 64 characters for the username if a domain is not specified or up to 63 characters for a username and domain name combination. For a combination username and domain name, one character is used for the separating slash (for example, domain\user).
Note Cisco Secure ACS version 3.2.3 supports only 20-character usernames and 36-character username and domain name combinations when used with a Windows NT/2000/2003 domain user database. However, the next release of Cisco Secure ACS should support the new 64-character maximum.
•The LEAP and EAP-FAST Settings screens in ACU support a new format for entering saved usernames. You can enter a string such as username@domain.com in the User Name field. A maximum of 64 ASCII characters, including the @ symbol, can be entered for the username@domain.com string. If you include the domain name in the User Name field, the Domain field becomes disabled.
Note Cisco Secure ACS version 3.2.3 does not support usernames with this format. However, the next release of Cisco Secure ACS should support them.
Installing or Upgrading Client Adapter Software
Follow these steps to use Install Wizard version 1.3 to install or upgrade client adapter software on a computer running Windows 2000 or XP.
Note Install Wizard version 1.3 and its software components are not supported for use with Windows 98, 98 SE, NT, and Me.
Note You do not need to uninstall any previous versions of Cisco Aironet client adapter software (firmware, drivers, or utilities) or previous versions of the Install Wizard prior to installing Install Wizard version 1.3.
Step 1 Use your computer's web browser to access the following URL:
http://www.cisco.com/public/sw-center/sw-wireless.shtml
Step 2 Choose Option #2: Aironet Wireless Software Display Tables.
Note You can download software from the Software Selector tool instead of the display tables. To do so, choose Option #1: Aironet Wireless Software Selector, follow the instructions on the screen, and go to Step 6.
Step 3 Click Cisco Aironet Wireless LAN Client Adapters.
Step 4 Under Aironet Client Adapter Installation Wizard (For Windows), click 802.11a/b (CB20A, 350 Series, 340 Series).
Step 5 Click version 1.3 of the Install Wizard file.
Step 6 Complete the encryption authorization form; then read and accept the terms and conditions of the Software License Agreement.
Step 7 Click the file again to download it.
Step 8 Save the file to your computer's hard drive.
Step 9 Insert the client adapter into your computer if it is not already inserted.
Caution Do not eject your client adapter at any time during the installation process, including during the reboot.
Step 10 If a driver is not currently installed for your client adapter, the Found New Hardware Wizard screen appears. Click Cancel.
Step 11 Find the Install Wizard file using Windows Explorer, double-click it, and extract its files to a folder.
Note To extract the files, click Browse on the WinZip Self-Extractor screen, choose the folder in which you want the files to be placed, and click OK and Unzip. After the files are extracted, click OK to close the screen.
Step 12 Close Windows Explorer. The Cisco Aironet Wireless LAN Client Adapter Installation Wizard screen appears (see Figure 1).
Figure 1 Cisco Aironet Wireless LAN Client Adapter Installation Wizard Screen
Step 13 Choose one of the following options and click Next:
Note To ensure compatibility among software components, Cisco recommends that you perform an express installation. If you perform a custom installation, Cisco recommends that you install all components.
•Express Installation/Upgrade (recommended)—Silently installs the client adapter firmware, drivers, client utilities, and security modules using the default values listed in Table 1.
•Custom Installation/Upgrade—Enables you to specify which software components are installed and to change the default values of certain parameters.
Step 14 If a message appears indicating that you may be required to restart your computer at the end of the installation process, click OK.
Note If you click Cancel, the installation process terminates.
Step 15 If you chose an express installation, go to Step 17. If you chose a custom installation, the Custom Installation screen appears (see Figure 2).
Figure 2 Custom Installation Screen
Step 16 Follow these steps to make selections on this screen.
a. Make sure a check mark appears beside every software component that you want to install. For every component that is checked, the Install Wizard installs its version of that component. Every component that is not checked remains as it currently is on your system.
Note Click the + sign beside the Security Modules option to reveal the available security components.
Note Some components are dependent on others. Therefore, when you select or deselect these components, the settings of other components may change. A dependency notice appears when this occurs.
b. Click the + sign beside each component to view additional parameters. The current value of each parameter appears in the Value field.
c. To change the value of any parameter, click its current value in the Value field. A screen appears that lets you change the existing value.
d. Enter or select a new value and click OK. Table 1 describes each component and its parameters and lists any default value.
Table 1 Software Components and Their Parameters
Component or Parameter DescriptionFirmware
Installs the firmware version included in the Install Wizard file.
Default: Checked
Disable Firmware Checking
The Disable Firmware Checking parameter affects the firmware that is bundled with the driver, not the firmware that is included in the Install Wizard. It controls whether the driver (whenever it loads) installs the firmware with which it is bundled.
Note The driver loads each time you insert a client adapter or reboot your computer.
Options: Yes or No
Default: Yes
Disable Firmware Checking DescriptionYes
Prevents the driver from installing the firmware with which it is bundled, enabling the client adapter to retain its current firmware version.
No
Causes the driver to install the firmware with which it is bundled if that firmware is newer than the firmware that is currently installed in the client adapter.
Note The Disable Firmware Checking parameter is functionally equivalent to the Automatically Load New Firmware When NDIS Driver Is Updated parameter on the ACU Preferences screen. The parameter that is set last is the one that governs how the driver behaves.
Drivers
Installs the driver version included in the Install Wizard file.
Default: Checked
Set Quiet Mode?
Specifies whether the client becomes quiet (to passively scan or listen) when its associated access point is turned off. In quiet mode, the client generates radio frequency energy only in direct response to an access point transmission. When the access point is turned back on, it starts sending beacons, which the client hears and can now respond to.
This parameter applies to individual cards rather than profiles. It can be set differently for different cards and remains in effect across ACU sessions and computer reboots.
Options: Yes or No
Default: No
Note You can also change the quiet mode setting in ACU by choosing the Turn Quiet Mode On/Off option from the Commands drop-down menu.
Aironet Client Utility
Installs the ACU version included in the Install Wizard file.
Default: Checked
Installation Path
Determines the path where the ACU software will be installed. You can change the default by entering a new path.
Default: C:\Program Files\Cisco Systems\Aironet Client Utility
Program Folder
Determines the program folder where the ACU software will be installed. You can change the default by entering a new folder name.
Default: Cisco Systems
Place Icon on Desktop
Causes the installation program to add an ACU icon to your computer's desktop to provide quick access to the utility.
Options: Yes or No
Default: Yes
Allow Non-Administrator Users to Save Settings to the Registry
Enables users without administrative rights to modify profiles in ACU and save them to the registry.
Options: Yes or No
Default: Yes
Aironet Client Monitor
Installs the ACM version included in the Install Wizard file.
Default: Checked
Installation Path
Determines the path where the ACM software will be installed. You can change the default by entering a new path.
Default: C:\Program Files\Cisco Systems\Aironet Client Monitor
Program Folder
Determines the program folder where the ACM software will be installed. You can change the default by entering a new folder name.
Default: Cisco Systems
Auto Start
Determines whether ACM starts automatically every time Windows boots.
Options: Yes or No
Default: Yes
Note If you choose No, you can later activate ACM by using Windows Explorer to find the path where the ACM software is installed and double-clicking ACUMon.exe.
Start After Install
Determines whether ACM starts automatically after ACM is installed.
Options: Yes or No
Default: Yes
Note If you choose No, you can later activate ACM by using Windows Explorer to find the path where the ACM software is installed and double-clicking ACUMon.exe.
Program Feature Overrides
Determines which ACM components are enabled. If any components are not selected now and you later want to use them, you must run this installation program again and enable them.
Components: See the table below
Options per component: Enable or Disable
Default per component: Enable
Component DescriptionAbout Box (Help)
Displays the ACM version number and enables you to access the online help.
Exit Program
Closes ACM for all client adapters.
Launch Aironet Client Utility
Activates ACU, if it is installed.
Troubleshooting
Activates the troubleshooting utility, which enables you to identify and resolve configuration and association problems with your client adapter.
Preferences
Enables you to determine when ACM runs and to select the options that appear on the ACM pop-up menu.
Turn Radio On/Off
Turns the client adapter's radio on or off.
Reauthenticate
Forces your client adapter to try to reauthenticate using the username and password of the current profile.
Select Profile
Enables you to select the active profile for your client adapter.
Auto Profile Selection
Causes the client adapter's driver to automatically select a profile from the list of profiles that were set up in ACU to be included in auto profile selection.
Other Configuration Application
Enables an application other than ACU to configure the client adapter.
Show Connection Status
Provides information on the current status of your client adapter.
Menu Options (Defaults)
Determines which options are displayed on the ACM pop-up menu.
Menu options: About Box (Help), Exit Program, Launch Aironet Client Utility, Troubleshooting, Turn Radio On/Off, Reauthenticate, Select Profile, Show Connection Status
Options per menu option: Show or Hide
Default per menu option: Show
Security Modules
LEAP
Installs the LEAP supplicant included in the Install Wizard file. Installing the LEAP supplicant enables you to create a profile in ACU that uses LEAP authentication. If this option is not selected now and you later want to create a profile that uses LEAP, you must run this installation program again and choose this option.
Default: Checked
Note If you choose LEAP on a Windows XP device, Windows XP's fast user switching feature is disabled.
Allow Saved LEAP User Name and Password
Enables you to create a profile in ACU that uses a saved (rather than temporary) username and password for LEAP authentication. When such a profile is selected, the saved username and password are used to start the LEAP authentication process, and you are not prompted to enter them.
Options: Yes or No
Default: Yes
EAP-SIM
Installs the EAP-SIM supplicant included in the Install Wizard file. Installing the EAP-SIM supplicant enables the client to support EAP-SIM authentication. If this option is not selected now and you later want to use EAP-SIM, you must run this installation program again and choose this option.
Default: Unchecked
Note To enable EAP-SIM authentication, your computer must run Windows 2000 with the Microsoft 802.1X supplicant installed or Windows XP.
Note If you installed the new EAP-SIM supplicant from Cisco.com (see the "New EAP-SIM Supplicant Available" section), make sure the EAP-SIM option is not selected. Otherwise, the EAP-SIM supplicant included in the Install Wizard file overwrites the new supplicant's settings.
PEAP
Installs the PEAP supplicant included in the Install Wizard file. Installing the PEAP supplicant enables the client to support PEAP authentication. If this option is not selected now and you later want to use PEAP, you must run this installation program again and choose this option.
Default: Unchecked
Note To enable Cisco PEAP authentication, your computer must run Windows 2000 with the Microsoft 802.1X supplicant installed or Windows XP.
Note Service Pack 1 for Windows XP and the Microsoft 802.1X supplicant for Windows 2000 include Microsoft's PEAP supplicant, which supports a Windows username and password only and does not interoperate with Cisco's PEAP supplicant. To use Cisco's PEAP supplicant, install the Install Wizard file after Windows XP Service Pack 1 or the Microsoft 802.1X supplicant for Windows 2000. Otherwise, Cisco's PEAP supplicant is overwritten by Microsoft's PEAP supplicant.
EAP-FAST
Installs the EAP-FAST supplicant included in the Install Wizard file. Installing the EAP-FAST supplicant enables you to create a profile in ACU that uses EAP-FAST authentication. If this option is not selected now and you later want to create a profile that uses EAP-FAST, you must run this installation program again and choose this option.
Default: Checked
Note The EAP-FAST supplicant is installed and can be enabled only on computers running Windows 2000 or XP.
Note If you choose EAP-FAST on a Windows XP device, Windows XP's fast user switching feature is disabled.
Allow Saved EAP-FAST User Name and Password
Enables you to create a profile in ACU that uses a saved (rather than temporary) username and password for EAP-FAST authentication. When such a profile is used, the saved username and password are used to start the EAP-FAST authentication process, and you are not prompted to enter them.
Options: Yes or No
Default: Yes
Note This parameter is applicable only to client adapters that are installed in computers running Windows 2000 or XP.
Allow Auto-Provisioning?
Enables a protected access credentials (PAC) file to be obtained automatically as needed (for instance, when a PAC expires, when the client adapter accesses a different server, when the EAP-FAST username cannot be matched to a previously provisioned PAC, etc.).
Options: Yes or No
Default: Yes
Note This parameter is applicable only to client adapters that are installed in computers running Windows 2000 or XP.
e. When you are finished making selections, click Next.
Step 17 The installation process begins, and you are notified as each component is installed. Perform one of the following:
•If a message appears asking if you wish to reboot now, click Yes.
Note To ensure that your client adapter software is installed properly, Cisco recommends that you click Yes to reboot your computer now.
•If a message appears indicating that the system is about to reboot, click OK and allow your computer to restart.
•If the following message appears, click OK and then reboot your computer: "The installation will complete and applications will be installed when a wireless LAN client adapter is inserted. If an adapter is already inserted, remove and reinsert the adapter or reboot the machine."
The Found New Hardware screen appears. Depending on your computer's operating system, you may have to click Next. The driver and other software components are installed. Then an ACM icon appears in the Windows system tray (unless you changed the default value during installation). Perform one of the following:
–If a message appears asking if you wish to reboot now, click Yes.
Note To ensure that your client adapter software is installed properly, Cisco recommends that you click Yes to reboot your computer now.
–If a message appears indicating that the system is about to reboot, click OK and allow your computer to restart.
Step 18 If you want to install a second client adapter, allow your computer to reboot completely; then insert the second adapter into your computer. Depending on your computer's operating system, one of the following scenarios occurs:
•The Found New Hardware Wizard screen appears. Depending on your computer's operating system, you may have to click Next. The driver and other software components are installed, and another ACM icon appears in the Windows system tray. Click Yes or OK when a message appears about rebooting your computer.
Note To ensure that your client adapter software is installed properly, Cisco recommends that you reboot your computer now.
•The driver and other software components are installed, and another ACM icon appears in the Windows system tray. Click Yes or OK when a message appears about rebooting your computer.
Note To ensure that your client adapter software is installed properly, Cisco recommends that you reboot your computer now.
Step 19 If your network setup does not include a DHCP server and you plan to use TCP/IP, follow these steps for your operating system. If you have more than one client adapter installed, repeat this step for each adapter.
•Windows 2000—Double-click My Computer, Control Panel, and Network and Dial-up Connections. Right-click Local Area Connection x (where x represents the number of the connection). Click Properties, Internet Protocol (TCP/IP), and Properties. Click Use the following IP address and enter the IP address, subnet mask, and default gateway address of your computer (which can be obtained from your system administrator). Click OK. In the Local Area Connection Properties window, click OK.
•Windows XP—Right-click Wireless Network Connection and click Properties. Click Internet Protocol (TCP/IP) and click Properties. Choose Use the following IP address and enter the IP address, subnet mask, and default gateway address of your computer (which can be obtained from your system administrator). Click OK
Step 20 If you are prompted to restart your computer, click Yes. The installation is complete.
Finding Version Numbers
Follow the instructions in this section to find the version numbers of your client adapter's software components.
Finding the Install Wizard Version
Follow these steps to find the version of the Install Wizard that is currently installed for your client adapter.
Step 1 Open Windows Explorer.
Step 2 Find the Install Wizard files.
Step 3 Right-click the IWSetup.exe or Setup.exe file.
Step 4 Click Properties.
Step 5 Click the Version tab. The File version field shows the version of the currently installed Install Wizard file.
Finding the Firmware and Driver Versions
To find the firmware and driver versions that are currently installed for your client adapter, click the ACU Status icon. The Firmware Version field on the Status screen shows the current firmware version, and the NDIS Driver Version field shows the current driver version.
Finding the ACU Version
To find the version of ACU that is currently installed for your client adapter, click the ACU About icon. The About Aironet Client Utility screen shows the current ACU version.
Finding the ACM Version
To find the version of ACM that is currently installed for your client adapter, right-click the ACM icon and click the About option. The About screen shows the current ACM version.
Caveats
This section describes open and resolved caveats for the software components in this release.
Open Caveats
Open Firmware Caveats
The following caveat has not been resolved in client adapter firmware version 5.40.10.
•CSCeb85992—Client scanning problems with LEAP
Clients using LEAP sometimes experience scanning problems, such as sending probe requests in only the current channel rather than scanning through all channels.
Open Install Wizard Caveats
The following caveat has not been resolved in Install Wizard version 1.3.
•CSCed94476—Uninstalling ACU 6.x prevents changes to Windows font settings
When you uninstall ACU version6.x, the Install Wizard deletes the layout.inf file from the Windows\Inf directory (for example, C:\WINNT\Inf), which consequently prevents you from changing the size of Windows fonts. To work around this issue, copy the layout.inf file from another location on your computer (such as the directory containing your Windows installation files or service pack installation files), from your Windows installation disk, or from another computer running the same operating system with files of similar vintage and paste it into your Windows\Inf directory.
Note You can use the Windows Search option to find the layout.inf file. Make sure you set the tool to show hidden files and folders. The layout.inf file will most likely be in the I386 subdirectory of the Windows installation files or service pack installation files.
Open ACU Caveats
The following caveats have not been resolved in ACU version 6.3.
•CSCin51159—ACU Status screen may display incorrect SSID
If your client adapter is configured with multiple profiles, the ACU Status screen may incorrectly display the SSID of a profile that is not is use. However, the functionality of your client adapter is not affected.
•CSCec27947—ACU and ACM show broadcast SSID rather than associated SSID
On Windows XP devices, ACM and the ACU Status screen sometimes show the access point's broadcast SSID rather than the SSID to which the client adapter is associated.
•CSCec39505—ACU sometimes misreports signal strength for CB20A client adapters
The ACU Status screen sometimes misreports a signal strength of 100% for CB20A client adapters.
•CSCin58253—PEAP Login screen takes a long time to display for WPA clients
The PEAP login screen (Static Password or One Time Password) can take up to 3 minutes to display after you activate a profile that is configured for PEAP and WPA.
Open ACM Caveats
The following caveats have not been resolved in ACM version 2.3.
•CSCed45720—ACUMon.Exe error occurs if client adapter is not inserted during software upgrade
If the client adapter is not inserted when you attempt to upgrade from client adapter Install Wizard version 1.2 to 1.3, the ACUMon.Exe error occurs. To work around this issue, simply insert your client adapter and continue the software upgrade process.
•CSCin51159—ACM Connection Status screen may display incorrect SSID
If your client adapter is configured with multiple profiles, the ACM Connection Status screen may incorrectly display the SSID of a profile that is not is use. However, the functionality of your client adapter is not affected.
•CSCec06303—ACM icon disappears from system tray
The ACM icon may disappear from the Windows system tray while ACM is running.
Open Driver Caveats
The following caveats have not been resolved in PC, LM, and PCI card driver version 8.5 and mini PCI and PC-Cardbus card driver version 3.8.
•CSCec13533—Login delay using Microsoft WPA supplicant
When you activate a host-based EAP profile under Windows XP with Microsoft's WPA supplicant (Q815485) installed, it can take up to 90 seconds after login for the Windows desktop to appear and several minutes for the client to authenticate.
•CSCec33661—Some Dell laptops fail to obtain IP address
Some Dell laptops fail to obtain an IP address from the DHCP server after being undocked. To work around this issue, restart your computer.
•CSCec47650—Dell Inspiron 8000 shuts down when Windows 2000 3D screen saver used
The Dell Inspiron 8000 laptop may shut down upon entering screen saver mode when a 3D screen saver is used. To work around this issue, choose a non-3D screen saver.
Open Security Module Caveats
The following caveats have not been resolved in EAP-FAST security module version 1.0 and PEAP security module version 1.01.
•CSCed90666—EAP-FAST may require multiple initial provisioning attempts
If you have a domain, rather than a local, account and do not have a pre-existing PAC, you are required to automatically provision a PAC twice.
•CSCin32330—Many PEAP login screens appear when computer is left idle
If you leave your computer idle while it is using PEAP authentication, you may receive three PEAP login screens upon resume. To resolve this problem, cancel the first two login screens and use the last one (which is on top) to log in.
Other Open Caveats
The following caveat has not been resolved in Cisco Aironet Access Point IOS Release 12.2(13)JA and affects the behavior of Cisco Aironet client adapters running Install Wizard version 1.3.
•CSCed54143—Session disconnects may occur during password changes when using PEAP-GTC
If you are using PEAP-GTC with a Cisco Secure ACS server and you are prompted to change your password, a message appears when you are done indicating that the password change was performed; however, the session may disconnect.
Resolved Caveats
Resolved ACU Caveats
The following caveats are resolved in ACU version 6.3.
•CSCeb86187—LEAP Authentication Status screen takes a long time to display
The LEAP Authentication Status screen can take up to 20 seconds to display after you switch to a LEAP-enabled profile or use the Manual LEAP Login option.
•CSCed50255—Clients using CCKM cannot authenticate to non-CCKM access points
Clients that are configured for LEAP with CCKM cannot authenticate to access points that are not using CCKM.
•CSCed04241—Allow Non-Administrator Users to Save Profiles to the Registry does not work
The Allow Non-Administrator Users to Save Profiles to the Registry parameter on the Aironet Client Utility Preferences screen has no effect.
•CSCec85531—Windows login scripts may fail after upgrading to ACU 6.x
Windows login scripts may fail after you upgrade to ACU version 6.x. After the upgrade, the LEAP login prompt does not appear long enough for you to enter your login information.
•CSCeb83265—Active profile changes after computer resumes from standby mode
If you switch profiles before your computer enters standby mode, the original profile becomes the active profile when your computer resumes.
•CSCeb86187—LEAP Authentication Status screen takes a long time to appear
The LEAP Authentication Status screen can take up to 20 seconds to appear after you switch to a LEAP-enabled profile or use the Manual LEAP Login option.
•CSCeb62063—Upgrading ACU results in missing file
The cswgina.dll file does not install properly if you upgrade ACU from version 5.01 to 6.2.
Resolved Driver Caveats
The following caveats are resolved in PC, LM, and PCI card driver version 8.5.
•CSCed61987 and CSCec85679—Client adapter driver does not work with 802.1h encapsulation
Cisco Aironet client adapter driver version 8.4 causes the client adapter's radio to fail to pass data to any access point or bridge whose encapsulation has been changed to 802.1h.
•CSCec10637—Client adapter driver version 8.3 does not follow proper NDIS spec
Cisco Aironet client adapter driver version 8.3 does not follow the correct Windows NDIS 802.11 Wireless LAN Objects standard specification.
The following caveats are resolved in mini PCI and PC-Cardbus card driver version 3.8.
•CSCed22757 and CSCed70738—XP clients may not get IP address
Computers that are running Windows XP with Service Pack 1 and Microsoft WPA may not be able to get a valid IP address.
•CSCed61987—Client adapter driver does not work with 802.1h encapsulation
Cisco Aironet client adapter driver version 3.7 causes the client adapter's radio to fail to pass data to any access point or bridge whose encapsulation has been changed to 802.1h.
•CSCed35290 and CSCed17363—Blue screen may occur for CB20A cards using 802.1X authentication with Windows XP
A blue screen may occur if you use Windows XP to configure a CB20A card for 802.1X authentication.
Resolved Security Module Caveats
The following caveats are resolved in LEAP security module version 6.2, PEAP security module version 1.01, and EAP-SIM security module version 1.0.
•CSCed31301—Blue screen may occur during Windows login
A blue screen may occur during the Windows login on computers running Windows 2000.
•CSCed13775—LEAP authentication may take a long time
Some Windows XP laptops may take a long time to complete LEAP authentication.
Getting Bug Information on Cisco.com
If you are a Cisco registered user, you can use the Cisco TAC Software Bug Toolkit, which consists of three tools (Bug Navigator, Bug Watcher, and Search by Bug ID Number) that help you to identify existing bugs (or caveats) in Cisco software products.
Access the TAC Software Bug Toolkit at the following URL:
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
Troubleshooting
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at
http://www.cisco.com/en/US/support/index.html
Click Hardware Support > Wireless Devices. Then choose your product and Troubleshooting to find information on the problem you are experiencing.
Related Documentation
For more information about Cisco Aironet 350 and CB20A client adapters for Windows, refer to the following documents:
•Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows, OL-1394-08
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/index.htm
•Release Notes for Cisco Aironet 350 and CB20A Client Adapter Firmware 5.40.10, OL-5516-01
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/firmrn/index.htm
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit e-mail comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
Cisco TAC Website
The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:
http://www.cisco.com/tac/caseopen
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:
http://www.cisco.com/go/marketplace/
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://cisco.com/univercd/cc/td/doc/pcat/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0402R)
Copyright © 2004 Cisco Systems, Inc.
All rights reserved.