Cisco AIR-PCM352 - Aironet 350 Series 11Mbps Wireless LAN PC Card Adapter, Aironet 350 Series Installation And Configuration Manual

Corporate Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Cisco Aironet 350 Series
Wireless LAN Client Adapters
Installation and Configuration Guide for
Windows CE

Software Release 2.50
March 2004

Customer Order Number:
Text Part Number: OL-1375-04

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not
installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to
comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable
protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital
devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television
communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its
peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems
logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ
Net Readiness Scorecard, LightStream, Linksys, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing,
RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath,
and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries

.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0402R)

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

Copyright © 2003-2004 Cisco Systems, Inc.
All rights reserved.

iii

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

CONTENTS

Preface ix

Audience x

Purpose x

Organization x

Conventions xi

Related Publications xiii

Obtaining Documentation xiii

Cisco.com xiii
Documentation CD-ROM xiii
Ordering Documentation xiv
Documentation Feedback xiv

Obtaining Technical Assistance xiv

Cisco.com xv
Technical Assistance Center xv

Cisco TAC Website xv
Cisco TAC Escalation Center xvi

Obtaining Additional Publications and Information xvi

Product Overview 1-1

Introduction to the Client Adapters 1-2

Terminology 1-2

Hardware Components 1-3

Radio 1-3
Radio Antenna 1-3
LEDs 1-3

Software Components 1-4

Radio Firmware 1-4
Driver 1-4
Client Utilities 1-4

Overview of ACU 1-5
Buttons on the Client Utility Screens 1-6

Contents

iv

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Network Configurations Using the Client Adapter 1-6

Ad Hoc Wireless LAN 1-7
Wireless Infrastructure with Workstations Accessing a Wired LAN 1-8

Preparing for Installation 2-1

Safety Information 2-2

FCC Safety Compliance Statement 2-2
Safety Guidelines 2-2
Warnings 2-3

Unpacking the Client Adapter 2-3

Package Contents 2-3

System Requirements 2-4

Site Requirements 2-5

For Infrastructure Devices 2-5
For Client Devices 2-5

Installing the Client Adapter 3-1

Finding the Windows CE Version 3-2

Installing the Driver and Client Utilities 3-2

Verifying Installation 3-5

Deciding How to Configure Your Client Adapter
(Windows CE .NET Only)

3-6

Using the Profile Manager 4-1

Overview of Profile Manager 4-2

Opening Profile Manager 4-2

Creating a New Profile 4-3

Selecting the Active Profile 4-3

Modifying a Profile 4-4

Editing a Profile 4-4
Renaming a Profile 4-4
Deleting a Profile 4-5

Configuring the Client Adapter 5-1

Configuring Your Client Adapter 5-2

Overview of Security Features 5-11

Static WEP Keys 5-11
Dynamic WEP Keys with EAP 5-11
Fast Roaming (CCKM) 5-14
Reporting Access Points that Fail LEAP or EAP-FAST Authentication 5-14

Contents

v

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Additional WEP Key Security Features 5-15

Message Integrity Check (MIC) 5-15
Temporal Key Integrity Protocol (TKIP) 5-16
Broadcast Key Rotation 5-16

Synchronizing Security Features 5-16

Using Static WEP 5-18

Enabling Static WEP and Entering a New Static WEP Key 5-18
Overwriting an Existing Static WEP Key 5-19
Disabling Static WEP 5-20

Enabling LEAP 5-20

Enabling EAP-FAST 5-21

Obtaining a PAC File (Manual PAC Provisioning Only) 5-22
Enabling EAP-FAST 5-22

Enabling Host-Based EAP 5-25

Obtaining and Importing CA and User Certificates 5-25

Obtaining CA and User Certificates 5-25
Importing a CA Certificate 5-26
Importing a User Certificate 5-27

Enabling Host-Based EAP 5-28

Enabling EAP-TLS 5-29
Enabling PEAP 5-30

Disabling LEAP, EAP-FAST, or Host-Based EAP 5-31

Using EAP Authentication 6-1

Overview 6-2

Using LEAP or EAP-FAST 6-2

With a Temporary Username and Password 6-2
With a Saved Username and Password 6-4
After Your EAP-FAST Credentials Expire 6-4

Using EAP-TLS 6-5

Using PEAP 6-6

After Profile Selection, Card Insertion, or Reset 6-6
After Your Password Expires (Windows NT or 2000 Domain Databases Only) 6-8

Performing Diagnostics 7-1

Overview of ACU Diagnostic Tools 7-2

Setting Signal Strength Display Units 7-2

Contents

vi

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Viewing the Status of Your Client Adapter 7-3

Viewing Statistics for Your Client Adapter 7-5

Routine Procedures 8-1

Inserting and Removing a PC Card 8-2

Inserting a PC Card into a Windows CE Device 8-2
Removing a PC Card from a Windows CE Device 8-2

Upgrading the Client Adapter Software 8-3

Upgrading the Firmware 8-3

Finding the Firmware Version 8-3
Loading New Firmware 8-4

Upgrading the Driver and Client Utilities 8-6

Finding the Driver and Client Utility Versions 8-7
Uninstalling the Current Driver and Client Utilities 8-8

Client Utility Procedures 8-8

Opening a Client Utility 8-8
Exiting a Client Utility 8-8
Finding the Version of a Client Utility 8-9
Deleting Client Utility Icons on HPC and Windows CE .NET Devices 8-9

CA and User Certificate Procedures (Host-Based EAP on PPC 2002 Devices Only) 8-10

Viewing CA and User Certificates 8-10
Removing CA and User Certificates 8-11

Restarting the Client Adapter 8-11

Troubleshooting 9-1

Accessing the Latest Troubleshooting Information 9-2

Interpreting the Indicator LEDs 9-2

Troubleshooting the Client Adapter 9-3

Problems Obtaining an IP Address 9-3
Problems Associating to an Access Point 9-3
Problems Authenticating to an Access Point 9-4
Problems Connecting to the Network 9-4
Reauthenticating After LEAP or EAP-FAST Times Out 9-4
Creating Strong Passwords 9-4

Error Messages 9-5

General Error Messages 9-5
Installation Error Messages 9-7
LEAP Authentication Error Messages 9-8
EAP-FAST Authentication Error Messages 9-10

Contents

vii

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

EAP-TLS Authentication Error Messages 9-14
PEAP Authentication Error Messages 9-15

Getting Help 9-17

PPC Devices 9-17
HPC and Windows CE .NET Devices 9-17

Technical Specifications A-1

Translated Safety Warnings B-1

Explosive Device Proximity Warning B-2

Dipole Antenna Installation Warning B-3

Warning for Laptop Users B-4

Declarations of Conformity and Regulatory Information C-1

Manufacturer’s Federal Communication Commission Declaration of Conformity Statement C-2

Department of Communications – Canada C-3

Canadian Compliance Statement C-3

European Community, Switzerland, Norway, Iceland, and Liechtenstein C-4

Declaration of Conformity with Regard to the R&TTE Directive 1999/5/EC C-4

Declaration of Conformity for RF Exposure C-5

Guidelines for Operating Cisco Aironet Wireless LAN Client Adapters in Japan C-6

Japanese Translation C-6
English Translation C-6

Administrative Rules for Cisco Aironet Wireless LAN Client Adapters in Taiwan C-7

Chinese Translation C-7
English Translation C-7

Declaration of Conformity Statements C-8

Declaration of Conformity Statements for European Union Countries C-8

Channels, Power Levels, and Antenna Gains D-1

Channels D-2

Maximum Power Levels and Antenna Gains D-3

Contents

viii

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Configuring the Client Adapter through
Windows CE .NET

E-1

Overview E-2

Overview of Security Features E-2

Static WEP Keys E-2
Dynamic WEP Keys with EAP E-3

Preparing for Configuration (EAP-TLS and PEAP Only) E-4

System Requirements E-4
Obtaining and Importing CA and User Certificates E-4

Configuring the Client Adapter E-5

Enabling EAP-TLS Authentication E-8
Enabling PEAP Authentication E-9

Associating to an Access Point Using Windows CE .NET E-10

Performing a Site Survey F-1

Overview F-2

Guidelines F-2
Additional Information F-2

Setting Signal Strength Display Units F-3

Using Passive Mode F-4

Using Active Mode F-6

Forcing the Client Adapter to Reassociate F-12

GLOSSARY

I

NDEX

ix

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

The preface provides an overview of the Cisco Aironet 350 Series Wireless LAN Client Adapters
Installation and Configuration Guide for Windows CE, references related publications, and explains how

to obtain other documentation and technical assistance, if necessary.

The following topics are covered in this section:

• Audience, page x

• Purpose, page x

• Organization, page x

• Conventions, page xi

• Related Publications, page xiii

• Obtaining Documentation, page xiii

• Obtaining Technical Assistance, page xiv

• Obtaining Additional Publications and Information, page xvi

x

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Audience

Audience

This publication is for the person responsible for installing, configuring, and maintaining a Cisco
Aironet 350 Series Wireless LAN Client Adapter on a Windows CE device. This person should be
familiar with computing devices and with network terms and concepts.

Purpose

This publication describes the Cisco Aironet client adapters in the 350 series and explains how to install,
configure, and troubleshoot them.

Note This version of the Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide

for Windows CE pertains specifically to client adapter driver and utility version 2.50. If you are using,

installing, or upgrading to older versions of client adapter software, refer to a previous version of this
manual for information and instructions.

Note Client adapter driver and utility version 2.50 is not supported for use with Cisco Aironet 340 series client

adapters.

Organization

This publication contains the following chapters:

• Chapter 1, “Product Overview,” describes the types of client adapters and their hardware and

software components and illustrates two common network configurations.

• Chapter 2, “Preparing for Installation,” provides information that you need to know before installing

a client adapter, such as safety information and system requirements.

• Chapter 3, “Installing the Client Adapter,” provides instructions for installing the driver and client

utilities.

• Chapter 4, “Using the Profile Manager,” explains how to use the ACU profile manager feature to

create and manage profiles for your client adapter.

• Chapter 5, “Configuring the Client Adapter,” explains how to change the configuration parameters

for a specific profile.

• Chapter 6, “Using EAP Authentication,” explains the sequence of events that occurs and the actions

you must take when a profile that is set for EAP authentication is selected for use.

• Chapter 7, “Performing Diagnostics,” explains how to use ACU to perform user-level diagnostics.

• Chapter 8, “Routine Procedures,” provides procedures for common tasks related to the client

adapters, such as upgrading software and restarting the adapter.

• Chapter 9, “Troubleshooting,” provides information for diagnosing and correcting common

problems that may be encountered when installing or operating a client adapter.

• Appendix A, “Technical Specifications,” lists the physical, radio, power, and regulatory

specifications for the client adapters.

xi

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Conventions

• Appendix B, “Translated Safety Warnings,” provides translations of the client adapters’ safety

warnings in nine languages.

• Appendix C, “Declarations of Conformity and Regulatory Information,” provides declarations of

conformity and regulatory information for the client adapters.

• Appendix D, “Channels, Power Levels, and Antenna Gains,” lists the IEEE 802.11b channels

supported by the world's regulatory domains as well as the maximum power levels and antenna gains
allowed per domain.

• Appendix E, “Configuring the Client Adapter through Windows CE .NET,” explains how to

configure and use a client adapter with Windows CE .NET.

• Appendix F, “Performing a Site Survey,” shows people who are responsible for conducting a site

survey how they can use ACU to determine the best placement for infrastructure devices within a
wireless network.

Conventions

This publication uses the following conventions to convey instructions and information:

• Commands and keywords are in boldface.

• Variables are in italics.

• Configuration parameters are capitalized.

• Notes, cautions, and warnings use the following conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Warning

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar
with standard practices for preventing accidents. (To see translations of the warnings that appear
in this publication, refer to the appendix “Translated Safety Warnings.”)

Waarschuwing

Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan
veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij
elektrische schakelingen betrokken risico’s en dient u op de hoogte te zijn van standaard
maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze
publicatie verschijnen, kunt u het aanhangsel “Translated Safety Warnings” (Vertalingen van
veiligheidsvoorschriften) raadplegen.)

xii

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Conventions

Varoitus

Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen
kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja
tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten
käännökset löydät liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat
varoitukset).)

Attention

Ce symbole d’avertissement indique un danger. Vous vous trouvez dans une situation pouvant
entraîner des blessures. Avant d’accéder à cet équipement, soyez conscient des dangers posés par
les circuits électriques et familiarisez-vous avec les procédures courantes de prévention des
accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez
consulter l’annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité).

Warnung

Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer
Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie
sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur
Vermeidung von Unfällen bewußt. (Übersetzungen der in dieser Veröffentlichung enthaltenen
Warnhinweise finden Sie im Anhang mit dem Titel “Translated Safety Warnings” (Übersetzung der
Warnhinweise).)

Avvertenza

Questo simbolo di avvertenza indica un pericolo. Si è in una situazione che può causare infortuni.
Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti
elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione
delle avvertenze riportate in questa pubblicazione si trova nell’appendice, “Translated Safety
Warnings” (Traduzione delle avvertenze di sicurezza).

Advarsel

Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du
utfører arbeid på utstyr, må du være oppmerksom på de faremomentene som elektriske kretser
innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. (Hvis du vil se
oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated
Safety Warnings" [Oversatte sikkerhetsadvarsler].)

Aviso

Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos fisicos.
Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos
relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir
possíveis acidentes. (Para ver as traduções dos avisos que constam desta publicação, consulte o
apêndice “Translated Safety Warnings” - “Traduções dos Avisos de Segurança”).

¡Advertencia!

Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular
cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los
procedimientos estándar de prevención de accidentes. (Para ver traducciones de las advertencias
que aparecen en esta publicación, consultar el apéndice titulado “Translated Safety Warnings.”)

Varning!

Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada.
Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och
känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som
förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta
säkerhetsvarningar].)

xiii

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Related Publications

Related Publications

For more information about Cisco Aironet Wireless LAN Client Adapters for Windows CE, refer to the
following publications:

• Release Notes for Cisco Aironet Client Utilities 2.50 and Driver 2.50 for Windows CE

• Release Notes for Cisco Aironet 350 and CB20A Client Adapter Firmware 5.40.10

For more information about related Cisco Aironet products, refer to the publications for your
infrastructure device. You can access Cisco Aironet technical documentation at this URL:

http://www.cisco.com/en/US/products/hw/wireless/index.html

Obtaining Documentation

Cisco provides several ways to obtain documentation, technical assistance, and other technical
resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM
package, which may have shipped with your product. The Documentation CD-ROM is updated monthly
and may be more current than printed documentation. The CD-ROM package is available as a single unit
or through an annual subscription.

Registered Cisco.com users can order the Documentation CD-ROM (product number
DOC-CONDOCCD=) through the online Subscription Store:

http://www.cisco.com/go/subscription

xiv

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Obtaining Technical Assistance

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from

the Networking Products MarketPlace:

http://www.cisco.com/en/US/partner/ordering/index.shtml

• Registered Cisco.com users can order the Documentation CD-ROM (Customer Order Number

DOC-CONDOCCD=) through the online Subscription Store:

http://www.cisco.com/go/subscription

• Nonregistered Cisco.com users can order documentation through a local account representative by

calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere
in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click
Feedback at the top of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your
document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) Website, as a
starting point for all technical assistance. Customers and partners can obtain online documentation,
troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users
have complete access to the technical support resources on the Cisco TAC website, including TAC tools
and utilities.

xv

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Obtaining Technical Assistance

Cisco.com

Cisco.com offers a suite of interactive, networked services that let you access Cisco information,
networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com provides a broad range of features and services to help you with these tasks:

• Streamline business processes and improve productivity

• Resolve technical issues with online support

• Download and test software packages

• Order Cisco learning materials and merchandise

• Register for online skill assessment, training, and certification programs

To obtain customized information and service, you can self-register on Cisco.com at this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product,
technology, or solution. Two levels of support are available: the Cisco TAC website and the Cisco TAC
Escalation Center. The avenue of support that you choose depends on the priority of the problem and the
conditions stated in service contracts, when applicable.

We categorize Cisco TAC inquiries according to urgency:

• Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities,

product installation, or basic product configuration.

• Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably

impaired, but most business operations continue.

• Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects

of business operations. No workaround is available.

• Priority level 1 (P1)—Your production network is down, and a critical impact to business operations

will occur if service is not restored quickly. No workaround is available.

Cisco TAC Website

You can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. The
site provides around-the-clock access to online tools, knowledge bases, and software. To access the
Cisco TAC website, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to
the technical support resources on the Cisco TAC website. Some services on the Cisco TAC website
require a Cisco.com login ID and password. If you have a valid service contract but do not have a login
ID or password, go to this URL to register:

http://tools.cisco.com/RPF/register/register.do

xvi

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Preface

Obtaining Additional Publications and Information

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco
TAC website, you can open a case online at this URL:

http://www.cisco.com/en/US/support/index.html

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC
website so that you can describe the situation in your own words and attach any necessary files.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These
classifications are assigned when severe network degradation significantly impacts business operations.
When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer
automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support
services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network
Supported Accounts (NSA). When you call the center, please have available your service agreement
number and your product serial number.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.

• The Cisco Product Catalog describes the networking products offered by Cisco Systems as well as

ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://www.cisco.com/en/US/products/products_catalog_links_launch.html

• Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new

and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking
Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design
Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

• Pack et magazine is the Cisco monthly periodical that provides industry professionals with the latest

information about the field of networking. You can access Pa cke t magazine at this URL:

http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_packet_magazine.html

• iQ Magazine is the Cisco monthly periodical that provides business leaders and decision makers

with the latest information about the networking industry. You can access iQ Magazine at this URL:

http://business.cisco.com/prod/tree.taf%3fasset_id=44699&public_view=true&kbns=1.html

• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering

professionals involved in the design, development, and operation of public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html

• Training—Cisco offers world-class networking training, with current offerings in network training

listed at this URL:

http://www.cisco.com/en/US/learning/le31/learning_recommended_training_list.html

CHA P TER

1-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

1

Product Overview

This chapter describes the Cisco Aironet 350 Series Wireless LAN Client Adapters and illustrates their
role in a wireless network.

The following topics are covered in this chapter:

• Introduction to the Client Adapters, page 1-2

• Hardware Components, page 1-3

• Software Components, page 1-4

• Network Configurations Using the Client Adapter, page 1-6

1-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Introduction to the Client Adapters

Introduction to the Client Adapters

The Cisco Aironet 350 Series Wireless LAN Client Adapters are 100-milliwatt (mW) radio modules that
provide transparent wireless data communications between fixed, portable, or mobile devices and other
wireless devices or a wired network infrastructure. The client adapters are fully compatible when used
in devices supporting Plug-and-Play (PnP) technology.

The primary function of the client adapters is to transfer data packets transparently through the wireless
infrastructure through an access point connected to a wired LAN. The adapters operate similarly to a
standard network product except that the cable is replaced with a radio connection and an access point
is required to make the connection to the wire. No special wireless networking functions are required,
and all existing applications that operate over a network can operate using the adapters.

This document covers two types of client adapters:

Note The x in the product model number indicates the wired equivalent privacy (WEP) level of the card,

where 0 = no WEP capability, 1 = 40-bit WEP, and 2 = 128-bit WEP. However, if the second x is a 0
but the model number contains K9, the card is 128-bit WEP capable.

Note Client adapter driver and utility version 2.50 is not supported for use with Cisco Aironet 340 series client

adapters.

Terminology

The following terms are used throughout this document:

• client adapter—Refers to both PC cards and LM cards.

• PC card or LM card—Refers to a specific client adapter.

• workstation (or station)—Refers to a computing device with an installed client adapter.

• infrastructure device—Refers to a device that connects client adapters to a wired LAN, such as an

access point, bridge, or base station. Throughout this document, access point is used to represent
infrastructure devices in general.

• PC card (model number: AIR-PCM35x)—An IEEE

802.11b-compliant 2.4-GHz 11-Mbps PCMCIA card radio
module that can be inserted into any device equipped with an
external Type II or Type III PC card slot. Host devices can
include laptops, notebook computers, personal digital
assistants, and handheld or portable devices.

• LM card (model number: AIR-LMC35x)—An IEEE

802.11b-compliant 2.4-GHz 11-Mbps PCMCIA card radio
module that is usually preinstalled in a device equipped with an
internal Type II or Type III PC card slot. Host devices usually
include handheld or portable devices.

C

ISC

O

A

IR

O

N

E

T

340

SERIES

11

M

b

p
s W

IR

E

L
E

S

S
L

A

N

A

D

A
P

T

E

R

47519

CISCO AIRONET 340

SERIES

11 M

bps W

IR

E

LE

SS

L

AN

A

DA

PT

ER

47893

1-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Hardware Components

Hardware Components

The client adapter has three major hardware components: a radio, a radio antenna, and two LEDs.

Radio

The Cisco Aironet 350 series PC and LM cards are IEEE 802.11b-compliant client adapters. They
contain a direct-sequence spread spectrum (DSSS) radio that operates in the 2.4-GHz Industrial
Scientific Medical (ISM) license-free band. The 350 series 100-mW radio transmits data over a
half-duplex radio channel operating at up to 11 Mbps. These cards operate with other IEEE

802.11b-compliant client devices in ad hoc (or peer-to-peer) mode or with Cisco Aironet 340, 350, 1100,
and 1200 Series Access Points (with a 2.4-GHz radio) and other IEEE 80211b-compliant infrastructure
devices in infrastructure mode. They are approved for indoor and outdoor use.

DSSS technology distributes a radio signal over a wide range of frequencies and then returns the signal
to the original frequency range at the receiver. The benefit of this technology is its ability to protect the
data transmission from interference. For example, if a particular frequency encounters noise or
interference or both, enough redundancy is built into the signal on other frequencies that the client
adapter usually will still be successful in its transmission.

Radio Antenna

The type of antenna used depends on your client adapter:

• PC cards have an integrated, permanently attached diversity antenna. The benefit of the diversity

antenna system is improved coverage. The system works by allowing the card to switch and sample
between its two antenna ports in order to select the optimum port for receiving data packets. As a
result, the card has a better chance of maintaining the radio frequency (RF) connection in areas of
interference. The antenna is housed within the section of the card that hangs out of the PC card slot
when the card is installed.

• LM cards are shipped without an antenna; however, an antenna can be connected through the card’s

external connector.

Note External antennas used in combination with a power setting resulting in a radiated power level above

100 mW equivalent isotropic radiated power (EIRP) are not allowed for use within the European
community and other countries that have adopted the European R&TTE directive or the CEPT
recommendation Rec 70.03 or both. For more details on legal combinations of power levels and
antennas in those countries, refer to the “Declaration of Conformity for RF Exposure” section on

page C-5 and the “Channels, Power Levels, and Antenna Gains” section on page D-1.

LEDs

The client adapter has two LEDs that glow or blink to indicate the status of the adapter or to convey error
messages. Refer to the Chapter 9 for an interpretation of the LED codes.

1-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Software Components

Software Components

The client adapter has three major software components: radio firmware, a driver, and client utilities.

Radio Firmware

The firmware, which is contained in the client adapter’s Flash memory, controls the adapter’s radio. The
client adapter is shipped with the firmware installed; however, a more recent version of the firmware may
be available from Cisco.com.

Note Firmware version 5.40.10 is recommended for use with client adapter driver and utility version 2.50.

Chapter 8 provides instructions for determining the version of your client adapter’s firmware and

upgrading it if necessary.

Driver

The driver provides an interface between the Windows CE device and the client adapter, thereby enabling
Windows CE and the applications it runs to communicate with the adapter. The driver must be installed
before the adapter can be used. Chapter 3 provides instructions for installing the driver.

Client Utilities

Two client utilities are available for use with Cisco Aironet client adapters: Aironet Client Utility (ACU)
and Wireless Login Module (WLM). These utilities are optional applications that interact with the radio
firmware to adjust client adapter settings and display information about the adapter. The client utilities
and online help files are installed with the driver.

ACU enables you to create configuration profiles for your client adapter and perform user-level
diagnostics. Because ACU performs a variety of functions, it is documented by function throughout this
manual. However, an overview of the utility is provided on the next page to familiarize you with its
interface. WLM enables you to enter a temporary LEAP or EAP-FAST username and password for
authentication to a RADIUS server. Chapter 6 provides detailed information and instructions on using
WLM.

Note If your Windows CE device is running Windows CE .NET, you can configure your client adapter

through the operating system instead of through ACU. Refer to Appendix E for information.
However, ACU is recommended for configuring the client adapter.

Note All of the screens included in this manual were taken from a PPC 2002 or PPC 2003 device. The

screens look slightly different on other Windows CE devices.

1-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Software Components

Overview of ACU

The Profiles screen (see Figure 1-1) is ACU’s primary screen. It appears when you open ACU.

Figure 1-1 Profiles Screen

The five tabs along the bottom of the screen (for PPC devices) or top of the screen (for HPC and
Windows CE .NET devices) enable you to activate the following ACU features:

• Profiles—Enables you to use the profile manager feature to create and manage profiles for your

client adapter. Chapter 4 provides instructions for using this feature.

• Firmware—Enables you to load new firmware for your client adapter. Chapter 8 provides

instructions for upgrading firmware.

• Status—Enables you to view the current status of your client adapter. Chapter 7 provides additional

information on viewing the status.

• Statistics—Enables you to view transmit, receive, and MIC statistics for your client adapter.

Chapter 7 provides additional information on viewing statistics.

• Survey—Enables people who are responsible for conducting a site survey to determine the best

placement of infrastructure devices within a wireless network. Appendix F provides instructions for
using the site survey feature.

The status bar at the top or bottom of the Profiles screen reflects the current state of your client adapter.
The following states are possible: Not Associated, Associated, Authenticated, Ad Hoc Mode, and Cisco
Wireless LAN Adapter Not Found.

1-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Network Configurations Using the Client Adapter

Buttons on the Client Utility Screens

The buttons on the client utility screens are used to perform specific functions. Tab l e 1 - 1 describes the
most common buttons.

Network Configurations Using the Client Adapter

The client adapter can be used in a variety of network configurations. In some configurations, access
points provide connections to your network or act as repeaters to increase wireless communication
range. The maximum communication range is based on how you configure your wireless network.

This section describes and illustrates the two most common network configurations:

• Ad hoc wireless local area network (LAN)

• Wireless infrastructure with workstations accessing a wired LAN

For examples of more complex network configurations involving client adapters and access points, refer
to the hardware installation guide for your access point.

Note Refer to Chapter 5 for information on setting the client adapter’s network (or infrastructure) mode.

Table 1-1 Buttons on the Client Utility Screens

Button Description

Cancel Exits the screen without saving any changes

OK Saves any changes and exits the screen

Start Initiates a test

Stop Stops a test that is running

X Exits the screen without saving any changes

? (available on HPC and
Windows CE .NET devices
only)

Provides information on the screen and its parameters

1-7

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Network Configurations Using the Client Adapter

Ad Hoc Wireless LAN

An ad hoc (or peer-to-peer) wireless LAN (see Figure 1-2) is the simplest wireless LAN configuration.
In a wireless LAN using an ad hoc network configuration, all devices equipped with a client adapter can
be linked together and communicate directly with each other. The use of an infrastructure device, such
as an access point, is not required.

Figure 1-2 Ad Hoc Wireless LAN

47520

1-8

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 1 Product Overview

Network Configurations Using the Client Adapter

Wireless Infrastructure with Workstations Accessing a Wired LAN

A microcellular network can be created by placing two or more access points on a LAN. Figure 1-3
shows a microcellular network with workstations accessing a wired LAN through several access points.

This configuration is useful with portable or mobile stations because it allows them to be directly
connected to the wired network even while moving from one microcell domain to another. This process
is transparent, and the connection to the file server or host is maintained without disruption. The mobile
station stays connected to an access point as long as it can. However, once the transfer of data packets
needs to be retried or beacons are missed, the station automatically searches for and associates to another
access point. This process is referred to as seamless roaming.

Figure 1-3 Wireless Infrastructure with Workstations Accessing a Wired LAN

Access Point

(Root Unit)

Access Point
(Root Unit)

5835

Wired LAN

CHA P TER

2-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

2

Preparing for Installation

This chapter provides information that you need to know before installing a client adapter.

The following topics are covered in this chapter:

• Safety Information, page 2-2

• Unpacking the Client Adapter, page 2-3

• System Requirements, page 2-4

• Site Requirements, page 2-5

2-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 2 Preparing for Installation

Safety Information

Safety Information

Follow the guidelines in this section to ensure proper operation and safe use of the client adapter.

FCC Safety Compliance Statement

The FCC, with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF
electromagnetic energy emitted by FCC-certified equipment. When used with approved Cisco Aironet
antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI
C95.1, 1991. Proper operation of this radio device according to the instructions in this publication will
result in user exposure substantially below the FCC recommended limits.

Safety Guidelines

• Do not touch or move the antenna while the unit is transmitting or receiving.

• Do not hold any component containing a radio such that the antenna is very close to or touching any

exposed parts of the body, especially the face or eyes, while transmitting.

• Do not operate the radio or attempt to transmit data unless the antenna is connected; otherwise, the

radio may be damaged.

• High-gain, wall-mount, or mast-mount antennas are designed to be professionally installed and

should be located at a minimum distance of 12 inches (30 cm) or more from the body of all persons.
Please contact your professional installer, VAR, or antenna manufacturer for proper installation
requirements.

• Use in specific environments:

–

The use of wireless devices in hazardous locations is limited to the constraints posed by the
safety directors of such environments.

–

The use of wireless devices on airplanes is governed by the Federal Aviation Administration
(FAA).

–

The use of wireless devices in hospitals is restricted to the limits set forth by each hospital.

2-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 2 Preparing for Installation

Unpacking the Client Adapter

Warnings

Observe the following warnings when operating the client adapter:

Warning

Do not operate your wireless network device near unshielded blasting caps or in an explosive
environment unless the device has been modified to be especially qualified for such use.

Warning

In order to comply with FCC radio frequency (RF) exposure limits, dipole antennas should be located
at a minimum of 7.9 inches (20 cm) or more from the body of all persons.

Warning

In order to comply with RF exposure limits established in the ANSI C95.1 standards, it is recommended
when using a laptop with a PC card client adapter that the adapter’s integrated antenna is positioned
more than 2 inches (5 cm) from your body or nearby persons during extended periods of transmitting
or operating time. If the antenna is positioned less than 2 inches (5 cm) from the user, it is
recommended that the user limit exposure time.

Translated versions of these safety warnings are provided in Appendix B.

Unpacking the Client Adapter

Follow these steps to unpack the client adapter:

Step 1 Open the shipping container and carefully remove the contents.

Step 2 Return all packing materials to the shipping container and save it.

Step 3 Ensure that all items listed in the “Package Contents” section below are included in the shipment. Check

each item for damage.

Note If any item is damaged or missing, notify your authorized Cisco sales representative. Any remote

antenna and its associated wiring are shipped separately.

Package Contents

Each client adapter is shipped with the following items:

• Quick Start Guide: Cisco Aironet Wireless LAN Client Adapters

• Cisco Aironet Wireless LAN Client Adapters CD

• Cisco product registration card

2-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 2 Preparing for Installation

System Requirements

System Requirements

In addition to the items shipped with the client adapter, you will also need the following in order to install
and use the adapter:

• One of the following Windows CE devices equipped with a Type II or Type III PC card slot:

–

HPC 2000 device running Windows CE 3.0 with an ARM, StrongARM, MIPS, SH4, or X86
platform

–

PPC 2000 device running Windows CE 3.0 with an ARM, StrongARM, MIPS, or SH3 platform

–

PPC 2002 device running Windows CE 3.0 with a StrongARM platform

–

PPC 2003 device running Windows CE .NET 4.2 with a StrongARM platform

–

Windows CE .NET device running Windows CE .NET 4.0, 4.1, or 4.2 with a StrongARM,
ARMv4, ARMv4T, or X86 platform

• Cisco Aironet 350 Series Wireless LAN Client Adapter (PC card or LM card)

Note Client adapter driver and utility version 2.50 is not supported for use with Cisco Aironet 340

series client adapters.

• Client adapter firmware version 5.40.10 or later (recommended)

• Laptop or PC running a Windows operating system and Microsoft ActiveSync

• ActiveSync connection (which can be serial, USB, etc.) to the Windows CE device

• A PPC 2002, PPC 2003, or Windows CE .NET 4.2 device, if your wireless network uses EAP-FAST,

EAP-TLS, or PEAP authentication

• Certificate Authority (CA) and user certificates for EAP-TLS authentication or CA certificate for

PEAP authentication

• If your wireless network uses PEAP authentication with a One-Time Password (OTP) user database:

–

The hardware token from an OTP vendor

–

Your hardware token password

• The following information from your system administrator:

–

The logical name for your Windows CE device (also referred to as client name)

–

The case-sensitive service set identifier (SSID) for your RF network

–

The primary and secondary Domain Name System (DNS) and Windows Internet Name Service
(WINS) to be assigned to your Windows CE device

–

If your network setup does not include a DHCP server, the IP address, subnet mask, and default
gateway address to be assigned to your device

–

The wired equivalent privacy (WEP) keys of the access points with which your client adapter
will communicate, if your wireless network uses static WEP for security

–

Your username and password for LEAP, EAP-FAST, or PEAP authentication, if your wireless
network uses one of these authentication types

–

Your username for EAP-TLS authentication, if your wireless network uses EAP-TLS
authentication

–

Protected access credentials (PAC) file if your wireless network uses EAP-FAST authentication
with manual PAC provisioning

2-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 2 Preparing for Installation

Site Requirements

Site Requirements

This section discusses the site requirements for both infrastructure and client devices.

For Infrastructure Devices

Because of differences in component configuration, placement, and physical environment, every
network application is a unique installation. Therefore, before you install any wireless infrastructure
devices (such as access points, bridges, and base stations, which connect your client adapters to a wired
LAN), a site survey must be performed to determine the optimum placement of these devices to
maximize range, coverage, and network performance. Appendix F, which is provided for people who
are responsible for conducting a site survey, explains how ACU’s site survey tool can be used to
determine the best placement for infrastructure devices within a wireless network.

Note Infrastructure devices are installed and initially configured prior to client devices.

For Client Devices

Because the client adapter is a radio device, it is susceptible to RF obstructions and common sources of
interference that can reduce throughput and range. Follow these guidelines to ensure the best possible
performance:

• Install the client adapter in an area where large steel structures such as shelving units, bookcases,

and filing cabinets will not obstruct radio signals to and from the client adapter.

• Install the client adapter away from microwave ovens. Microwave ovens operate on the same

frequency as the client adapter and can cause signal interference.

2-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 2 Preparing for Installation

Site Requirements

CHA P TER

3-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

3

Installing the Client Adapter

This chapter provides instructions for installing the client adapter driver and client utilities.

The following topics are covered in this chapter:

• Finding the Windows CE Version, page 3-2

• Installing the Driver and Client Utilities, page 3-2

• Verifying Installation, page 3-5

• Deciding How to Configure Your Client Adapter (Windows CE .NET Only), page 3-6

3-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Finding the Windows CE Version

Finding the Windows CE Version

The messages that appear during the installation of the client adapter driver and utilities (as well as the
client utility screens themselves) vary depending on your Windows CE device. Follow the instructions
below to find the version of Windows CE that your device is using.

• If your Windows CE device is a Pocket PC (PPC) device, tap Start > Settings > the System tab >

About. The Windows CE version is shown.

Note If the version is 4.20.xx, the device is a PPC 2003. If the version is 3.00.xx, you must

check the build number. If the build number is lower than 11178, the device is a PPC
2000; otherwise, the device is a PPC 2002.

• If your Windows CE device is a Handheld PC (HPC) device, tap Start > Settings > Control Panel

> System > System tab. The core system version indicates the version of Windows CE that the
device is running (such as 3.0).

• If your Windows CE device is a CE .NET device, tap Start > Settings > Control Panel > System.

The Windows CE version is shown under System on the General tab.

Installing the Driver and Client Utilities

The WinCE-PCMCIA-LMC-v250.exe file is a self-extracting zip file that extracts all of the files
necessary to install the driver and client utilities (version 2.50). The main installation utility extracted
from this file is ceInstall.exe.

Follow these steps to install the driver and client utilities for your client adapter.

Note This procedure is meant to be used the first time the driver and client utilities are installed on a

Windows CE device. If Cisco Aironet client adapter software is already installed on your Windows
CE device, follow the instructions in Chapter 8 to first uninstall any existing software and then follow
the instructions here to upgrade to new software.

Note Firmware version 5.40.10 is recommended for use with client adapter driver and utility version 2.50.

Chapter 8 provides instructions for finding the version of your client adapter’s firmware and

upgrading it if necessary.

Note Client adapter driver and utility version 2.50 is not supported for use with Cisco Aironet 340 series client

adapters.

Note The driver and client utilities must be installed before you insert a client adapter into a Windows CE

device.

3-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Installing the Driver and Client Utilities

Note Client adapter driver and utility version 2.50 is not yet available on the CD that ships with Cisco Aironet

client adapters. If you are installing older versions of client adapter drivers and utilities, refer to a
previous version of this manual for installation, configuration, and operation instructions.

Step 1 Connect your Windows CE device to a laptop or PC running Microsoft ActiveSync. This is typically

done using a serial or USB cable.

A message appears on the Windows CE device indicating that it is connecting to the host. After the
Windows CE device is connected, the New Partnership window appears on the laptop or PC. This
window asks if you want to set up a partnership.

Note Cisco recommends that you install the latest version of ActiveSync.

Step 2 Perform one of the following:

• If you want to establish a partnership that enables you to synchronize files between the laptop or PC

and the Windows CE device, choose Yes , click Next, and follow the instructions on the screen to
specify the files to be synchronized and to finish setting up the partnership.

• If you do not want to synchronize files and want to connect as a “guest,” choose No and click Next.

The screen indicates that you are connected as a guest.

Step 3 Use the laptop or PC’s web browser to access the following URL:

http://www.cisco.com/public/sw-center/sw-wireless.shtml

Step 4 Choose Option #2: Aironet Wireless Software Display Tables.

Note You can download software from the Software Selector tool instead of the display tables. To

do so, choose Option #1: Aironet Wireless Software Selector, follow the instructions on
the screen, and go to Step 9.

Step 5 Click Cisco Aironet Wireless LAN Client Adapters.

Step 6 Find the section for Windows CE client adapter drivers and utilities.

Step 7 Click the link for Windows CE 3.0 or Windows CE .NET, depending on your device’s operating system.

Step 8 Click the WinCE-PCMCIA-LMC-v250.exe file.

Step 9 Complete the encryption authorization form; then read and accept the terms and conditions of the

Software License Agreement.

Step 10 Click the WinCE-PCMCIA-LMC-v250.exe file again to download it.

Step 11 Save the file to the hard drive of your laptop or PC.

Step 12 Find the file using Windows Explorer, double-click it, and extract its files to a folder.

Note Make sure you keep all of the extracted files together in one folder. Moving them to different

locations may prevent the software from operating correctly.

Step 13 Double-click the ceInstall.exe file.

3-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Installing the Driver and Client Utilities

Step 14 If you are using a PPC 2002 device, the Install 802.1X Support screen appears. If you are planning to

use EAP-TLS or PEAP authentication, click Yes . Otherwise, click No.

Note If you choose Yes, the PPC 2002 802.1X backport, which provides support for 802.1X

security, is installed. The backport then becomes part of the base Windows CE operating
system and cannot be uninstalled.

Step 15 If you are using a PPC 2002, PPC 2003, or Windows CE .NET 4.2 device, the Cisco PEAP screen

appears. If you are planning to use Cisco PEAP authentication, make sure the Install Cisco PEAP
Support check box is checked and click Next. Otherwise, uncheck the Install Cisco PEAP Support
check box and click Next.

Note If you install the Cisco PEAP supplicant and later want to use the Microsoft PEAP

supplicant, you must default your Windows CE device and reinstall the client adapter
software.

Step 16 If you installed the 802.1X backport on a PPC 2002 device, a message appears indicating that you must

reset your device when the installation is complete. Click OK.

Step 17 If you are not using a PPC 2002 device, the Cisco Aironet Wireless LAN Adapter Setup screen appears.

Click Next to start the Windows CE Application Manager (CeAppMgr), which is installed with
ActiveSync. CeAppMgr interrogates the Windows CE device to determine its platform type.

Note If a Windows CE device is not connected to the laptop or PC (as instructed in Step 1), click

Exit to quit the setup program and connect a Windows CE device or click Next to continue
the installation. If you choose Exit, click OK to shut down CeAppMgr and start again
beginning with Step 1. If you choose Next, a message appears indicating that the software
will be downloaded the next time a mobile device is connected. Click OK. The next time a
Windows CE device is connected to the laptop or PC via ActiveSync, CeAppMgr starts
automatically, and you are prompted to install the software.

Step 18 When the Installing Applications dialog box appears asking if you want to install the client adapter using

the default application installation directory, click Ye s. The default directory is \Windows\Start
Menu\Programs\Cisco on PPC devices and \Windows\Programs\Cisco on HPC and Windows CE .NET
devices.

A message and a progress bar appear indicating that the client adapter (and 802.1X backport if you are
using a PPC 2002 device) is being installed.

The driver and help files are copied to the \Windows directory, and the client utilities are installed in the
\Windows\Start Menu\Programs\Cisco directory on PPC devices or the \Windows\Programs\Cisco
directory on HPC and Windows CE .NET devices. Shortcuts to ACU and WLM are automatically added
to the desktop on HPC and Windows CE .NET devices.

Step 19 When the installation process is complete on the laptop or PC, a message appears asking you to view the

screen of the Windows CE device to see if any additional steps are required to complete the installation.
Click OK to terminate the installation process on the laptop or PC.

Step 20 Complete any required steps on the Windows CE device.

Step 21 Disconnect the Windows CE device.

Step 22 If you are using a PPC 2002 device and you installed the 802.1X backport, reset your Windows CE

device now. (You should have been notified earlier that a reset would be required after installation.)

3-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Verifying Installation

Step 23 Insert the client adapter into the PC card slot of the Windows CE device. Refer to Chapter 8 for specific

instructions on inserting the client adapter.

The Windows CE device should configure the client adapter, and the green LED on the adapter should
blink. If this does not happen, remove the client adapter, reset the Windows CE device, and reinsert the
client adapter.

Step 24 The Cisco Wireless LAN Adapter Settings dialog box appears. If the dialog box does not appear, perform

one of the following:

• Tap Start > Settings > the Connections tab > Connections > Advanced > Network Card > Cisco

Wireless LAN Adapter on PPC 2003 devices.

• Tap Start > Settings > the Connections tab > Network Adapters > Cisco Wireless LAN Adapter

> Properties on PPC 2002 devices.

• Tap Start > Settings > Control Panel > Network > the Adapters tab > Cisco Wireless LAN

Adapter > Properties on HPC devices.

• Tap Start > Settings > Network and Dial-up Connections > the Cisco Wireless LAN Client

Adapter icon on Windows CE .NET devices.

Step 25 Perform one of the following:

• If your device is connected to a DHCP server, choose Obtain an IP address via DHCP or

Use server-assigned IP address and tap OK.

• If your device is not connected to a DHCP server, choose Specify an IP address or Use specific IP

address and follow these steps:

a. Enter the IP address, subnet mask, and default gateway address you want to assign to your

device. They can be obtained from your system administrator.

b. Choose the Name Servers tab and enter the primary and secondary DNS and WINS you want

to assign to your device. They can be obtained from your system administrator.

c. Tap OK.

Step 26 The driver and client utility installation is complete. Go to the “Verifying Installation” section below to

determine if the installation was successful.

Verifying Installation

To verify that you have properly installed the driver and client utilities, check the client adapter’s LEDs.
If the installation was successful, the client adapter’s green LED blinks.

Note If your installation was unsuccessful or you experienced problems during or after driver installation,

refer to Chapter 9 for troubleshooting information.

Now that your client adapter is properly installed, you are ready to go to Chapter 4 to create profiles for
your client adapter unless your device is running Windows CE .NET. If your device is running Windows
CE .NET, go to the “Deciding How to Configure Your Client Adapter (Windows CE .NET Only)” section

on page 3-6.

3-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Deciding How to Configure Your Client Adapter (Windows CE .NET Only)

Deciding How to Configure Your Client Adapter
(Windows CE .NET Only)

Windows CE .NET is the only Windows CE operating system that enables you to configure your client
adapter without using ACU. Therefore, if your device is running Windows CE .NET, you must decide
whether to configure your client adapter through the operating system or ACU. To help you with your
decision, Table 3-1 compares the Windows CE .NET and ACU client adapter features.

Perform one of the following:

• If you are planning to configure your client adapter through ACU instead of through Windows CE

.NET and you are using a PPC 2003 device, follow the instructions in Chapter 4 and Chapter 5 to
configure your client adapter through ACU.

• If you are planning to configure your client adapter through ACU instead of through Windows CE

.NET and you are using a device other than a PPC 2003, follow these steps:

a. Tap Start > Settings > Network and Dial-up Connections > the Cisco Wireless LAN Client

Adapter icon > the Wireless Networks tab.

b. Uncheck the Use Windows to configure my wireless network settings check box.

c. Follow the instructions in Chapter 4 and Chapter 5 to configure your client adapter through

ACU.

Table 3-1 Comparison of Windows CE .NET and ACU Client Adapter Features

Feature Windows CE .NET ACU

Configuration parameters Limited Extensive

Capabilities

Create profiles Yes Yes

Upgrade radio firmware No Yes

Security

Static WEP Yes Yes

LEAP authentication with dynamic
WEP

No Yes

EAP-FAST authentication with
dynamic WEP

No Yes

EAP-TLS authentication with
dynamic WEP

Yes (on Windows CE

.NET 4.2 devices)

Yes (on PPC 2002

devices)

PEAP authentication with dynamic
WEP

Yes (on Windows CE

.NET 4.2 devices)

Yes (on PPC 2002

devices)

Diagnostics

Status screen Limited Extensive

Statistics screen (transmit & receive) No Yes

Site survey tool No Yes

3-7

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Deciding How to Configure Your Client Adapter (Windows CE .NET Only)

• If you are planning to configure your client adapter through Windows CE .NET instead of through

ACU, go to Appendix E and follow the instructions there.

• If you are planning to configure your client adapter through Windows CE .NET but you want to use

ACU’s diagnostic tools, go to Appendix E to configure the adapter through Windows CE .NET; then
follow the instructions in Chapter 7 to use ACU’s diagnostic tools.

3-8

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 3 Installing the Client Adapter

Deciding How to Configure Your Client Adapter (Windows CE .NET Only)

CHA P TER

4-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

4

Using the Profile Manager

This chapter explains how to use ACU’s profile manager feature to create and manage profiles for your
client adapter.

The following topics are covered in this chapter:

• Overview of Profile Manager, page 4-2

• Opening Profile Manager, page 4-2

• Creating a New Profile, page 4-3

• Selecting the Active Profile, page 4-3

• Modifying a Profile, page 4-4

4-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 4 Using the Profile Manager

Overview of Profile Manager

Overview of Profile Manager

ACU’s profile manager feature allows you to create and manage up to 16 profiles (or named groupings
of saved configuration parameters) for your client adapter. These profiles enable you to use your client
adapter in different locations, each of which requires different configuration settings. For example, you
may want to set up profiles for using your client adapter at the office, at home, and in public areas such
as airports. Once the profiles are created, you can easily switch between them without having to
reconfigure your client adapter each time you enter a new location.

Profiles are stored in the registry of the Windows CE device. They are lost only if the Windows CE
device is defaulted (hard reset) or if both the primary and backup batteries run out of power.

Opening Profile Manager

To open ACU’s profile manager, double-tap the ACU icon on your desktop or tap Start > Programs >
Cisco > ACU. The Profiles screen appears (see Figure 4-1).

Figure 4-1 Profiles Screen

Profile manager enables you to perform the following tasks related to the management of profiles:

• Create a new profile, page 4-3

• Select the active profile, page 4-3

• Edit a profile, page 4-4

• Rename a profile, page 4-4

• Delete a profile, page 4-5

Follow the instructions on the page indicated for the task you want to perform.

4-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 4 Using the Profile Manager

Creating a New Profile

Creating a New Profile

Follow these steps to create a new profile.

Step 1 Tap th e Add button on the Profiles screen. A new profile named Profilex (where x is the number of the

profile) appears in the Manage Profiles box.

Step 2 To change the profile name from Profilex to something of your own choosing (for example, Office,

Home, etc.), enter the name now.

Note You can enter up to 80 characters, but due to limited screen size, long profile names may not

be completely displayed.

Step 3 Perform one of the following:

• If you want this profile to use the default values, tap on a blank part of the screen. The profile is

added to the list of profiles in the Manage Profiles box.

• If you want to change any of the configuration parameter settings, tap the Edit button. The

Properties screen appears with the name of the profile in quotation marks. Follow the instructions
in Chapter 5 to change any of the configuration parameters for this profile.

Step 4 To create another profile, repeat the previous steps.

Selecting the Active Profile

Follow these steps to specify the profile that the client adapter is to use.

Note Because EAP-TLS and PEAP authentication are not enabled in ACU, you cannot switch between these

authentication types simply by switching profiles in ACU. For PPC 2002 devices, you can create a
profile in ACU that uses host-based EAP, but you must enable the specific authentication type in the
Authentication Manager. In addition, only one authentication type can be set at a time; therefore, if you
have more than one profile in ACU that uses host-based EAP and you want to use another authentication
type, you must change the authentication type in the Authentication Manager after switching profiles in
ACU. For PPC 2003 devices, you must select <External Settings> as the active profile in ACU and then
configure your client adapter through Windows CE .NET.

Step 1 Go to the Profiles screen (see Figure 4-1).

Step 2 From the Select Active Profile drop-down menu, choose the profile that you want your client adapter to

use to attempt to establish a connection to an access point.

Note The <External Settings> profile option on Windows CE .NET devices disables ACU profiles

and enables the operating system or an application other than ACU to configure the client
adapter. You must choose this option if you want to configure your card through the operating
system but use ACU’s diagnostic tools. Refer to Appendix E for information on configuring
your client adapter through Windows CE .NET.

4-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 4 Using the Profile Manager

Modifying a Profile

The client adapter immediately starts using the profile that you select. If the client adapter cannot
associate to an access point or loses association while using the selected profile, the adapter does not
attempt to associate using another profile. To associate, you must select a different profile.

Modifying a Profile

This section provides instructions for modifying an existing profile. Follow the steps in the
corresponding section below to edit, rename, or delete a profile.

Editing a Profile

Step 1 Go to the Profiles screen (see Figure 4-1).

Step 2 From the Manage Profiles box, select the profile that you want to edit and tap the Edit button or

double-tap the profile. The Properties screen appears with the name of the profile in quotation marks.

Step 3 Follow the instructions in Chapter 5 to change any of the configuration parameters for this profile.

Renaming a Profile

Step 1 Go to the Profiles screen (see Figure 4-1).

Step 2 From the Manage Profiles box, select the profile that you want to rename and tap the Rename button or

tap the profile twice (pausing longer than for a double-tap). The profile becomes highlighted.

Step 3 Enter a new name for the profile.

Note You can enter up to 80 characters, but due to limited screen size, long profile names may not

be completely displayed.

Step 4 Tap on a blank part of the screen to save your change. The profile is renamed and added to the list of

profiles.

4-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 4 Using the Profile Manager

Modifying a Profile

Deleting a Profile

Step 1 Go to the Profiles screen (see Figure 4-1).

Step 2 From the Manage Profiles box, select the profile that you want to delete.

Note You cannot delete the active profile.

Step 3 Tap th e Delete button.

Step 4 When prompted to confirm your decision, tap Yes . The profile is deleted.

4-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 4 Using the Profile Manager

Modifying a Profile

CHA P TER

5-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

5

Configuring the Client Adapter

This chapter explains how to change the configuration parameters for a specific profile.

The following topics are covered in this chapter:

• Configuring Your Client Adapter, page 5-2

• Overview of Security Features, page 5-11

• Using Static WEP, page 5-18

• Enabling LEAP, page 5-20

• Enabling EAP-FAST, page 5-21

• Enabling Host-Based EAP, page 5-25

• Disabling LEAP, EAP-FAST, or Host-Based EAP, page 5-31

5-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Configuring Your Client Adapter

When you choose to create a new profile or edit an existing profile on the Profiles screen, the Properties
screen appears with the name of your profile in quotation marks. This screen enables you to set the
configuration parameters for that profile. Follow these steps to access the Properties screen and complete
the configuration process.

Note If you do not change any of the configuration parameters, the default values are used.

Step 1 When you create or select a profile on the Profiles screen and tap the Edit button, the Properties screen

appears (see Figure 5-1).

Figure 5-1 Properties Screen

The Property box lists the configuration parameters that can be changed, and the Value box contains the
highlighted parameter’s current value. The Value box can appear as a drop-down menu with several
possible values from which to choose or as a blank field in which characters are to be entered.

Step 2 Table 5-1 lists and describes the client adapter’s configuration parameters. Follow the instructions in the

table to initially set or change any parameters.

Note The security parameters (Network Security Type, WEP, User Name, User Password, User

Domain, PAC Provisioning Mode, and PAC Authority) are listed at the end of the table because
they require further action.

5-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Table 5-1 Client Adapter Configuration Parameters

Parameter Description

SSID The service set identifier (SSID) identifies the specific wireless

network that you want to access.

Range: You can key in up to 32 characters (case sensitive)

Default: A blank field

Note If you leave this parameter blank, your client adapter can

associate to any access point on the network that is configured
to allow broadcast SSIDs (see the AP Radio Hardware page in
the access point management system). If the access point with
which the client adapter is to communicate is not configured to
allow broadcast SSIDs, the value of this parameter must match
the SSID of the access point. Otherwise, the client adapter
cannot access the network.

Client Name A logical name for your Windows CE device. It allows an administrator

to determine which devices are connected to the access point without
having to memorize every MAC address. This name is included in the
access point’s list of connected devices.

Range: You can enter up to 16 characters

Default: A blank field

Note Each computer on the network should have a unique client

name.

Infrastructure Mode Specifies the type of network in which your client adapter is installed.

Options: Ye s or No

Default: Yes

Infrastructure Mode Description

Yes Indicates that your wireless network is

connected to a wired Ethernet network
through an access point.

No Often referred to as ad hoc or peer-to-peer

mode. Indicates that your wireless network
consists of a few wireless devices that are
not connected to a wired Ethernet network
through an access point.

5-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Power Save Mode Sets your client adapter to its optimum power-consumption setting.

Options: CAM, Fast PSP, or Max PSP

Default: Fast PSP (Power Save Mode)

Power Save Mode Description

CAM (Constantly Awake
Mode)

Keeps the client adapter powered up
continuously so there is little lag in
message response time.

Consumes the most power but offers the
highest throughput. Is recommended for
desktop computers and devices that use
AC power.

Fast PSP (Power Save
Mode)

Switches between PSP mode and CAM
mode, depending on network traffic. This
mode switches to CAM when retrieving a
large number of packets and switches back
to PSP after the packets have been
retrieved.

Is recommended when power consumption
is a concern but you need greater
throughput than that allowed by Max PSP.

Max PSP (Max Power
Savings)

Causes the access point to buffer incoming
messages for the client adapter, which
wakes up periodically and polls the access
point to see if any buffered messages are
waiting for it. The adapter can request
each message and then go back to sleep.

Conserves the most power but offers the
lowest throughput. Is recommended for
devices for which power consumption is
the ultimate concern (such as small
battery-powered devices).

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Authentication Type Defines how your client adapter will attempt to authenticate to an

access point.

Options: Open or Shared Key

Default: Open

Authentication Description

Open Authentication Enables your client adapter, regardless of

its WEP settings, to authenticate and
attempt to communicate with an access
point. If LEAP, EAP-FAST, or host-based
EAP is enabled on your client adapter,
Open Authentication is the only available
option.

Shared Key
Authentication

Enables your client adapter to
communicate only with access points that
have the same WEP key. This option is
available only if Static WEP Keys is
selected.

The access point sends a known
unencrypted “challenge packet” to the
client adapter, which encrypts the packet
and sends it back to the access point.
The access point attempts to decrypt
the encrypted packet and sends an
authentication response packet indicating
the success or failure of the decryption
back to the client adapter.

Note Cisco recommends that shared key authentication not be used

because it presents a security risk.

Mixed Mode Indicates whether the client adapter can associate to an access point that

allows both WEP and non-WEP associations.

• If the access point with which the client adapter is to associate

has WEP set to Optional and WEP is enabled on the client adapter,
you must enable Mixed Mode on the adapter. Otherwise, the client
adapter cannot establish a connection with the access point.

• If the access point with which the client adapter is to associate does

not have WEP set to Optional, Mixed Mode should be set to
Disabled on the adapter.

Options: Enabled or Disabled

Default: Disabled

Note For security reasons, Cisco recommends that WEP-enabled and

WEP-disabled clients not be allowed in the same cell because
broadcast packets are sent unencrypted, even to clients running
WEP.

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

World Mode Enables the client adapter to adopt the maximum transmit power level

and the frequency range of the access point to which it is associated,
provided the access point is also configured for world mode. This
parameter is available only in infrastructure mode and is designed for
users who travel between countries and want their client adapters to
associate to access points in different regulatory domains.

Options: Enabled or Disabled

Default: Disabled

Note When World Mode is enabled, the client adapter is limited to

the maximum transmit power level allowed by the country of
operation’s regulatory agency.

Data Rates Specifies the rate at which your client adapter should transmit or

receive packets to or from access points (in infrastructure mode) or
other clients (in ad hoc mode).

Auto is recommended for infrastructure mode; setting a specific data
rate is recommended for ad hoc mode.

Options: Auto, 1 Mb Only, 2 Mb Only, 5.5 Mb Only, or 11 Mb Only

Default: Auto

Data Rate Description

Auto Uses the 11-Mbps data rate when possible

but drops to lower rates when necessary

1 Mb Only Offers the greatest range but the lowest

throughput

2 Mb Only Offers less range but greater throughput

than the 1 Mbps Only option

5.5 Mb Only Offers less range but greater throughput
than the 2 Mbps Only option

11 Mb Only Offers the greatest throughput but the

lowest range

Note Your client adapter’s data rate must be set to Auto or must

match the data rate of the access point (in infrastructure mode)
or the other clients (in ad hoc mode) with which it is to
communicate. Otherwise, your client adapter may not be able
to associate to them.

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-7

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Transmit Power Defines the power level at which your client adapter transmits. This

value must not be higher than that allowed by your country’s regulatory
agency (FCC in the U.S., DOC in Canada, ETSI in Europe, MKK in
Japan, etc.).

Options: Max, 100 mW, 50 mW, 30 mW, 20 mW, 5 mW, or 1 mW

Default: Max (the maximum level programmed into the client adapter

and allowed by your country’s regulatory agency)

Note Reducing the transmit power level conserves battery power but

decreases radio range.

Note If the client adapter is running, ACU queries the adapter and

displays the settings programmed into the adapter. If the client
adapter is not running, ACU displays power level options based
on the last known radio type.

Note When World Mode is enabled, the client adapter is limited to

the maximum transmit power level allowed by the country of
operation’s regulatory agency.

Note If you are using an older version of a 350 series client adapter,

your power level options may be different than those listed
here.

Offline Channel Scan Causes the client adapter to periodically scan for a better access point

with the same SSID if the signal strength falls below 50%.

Options: Enabled or Disabled

Default: Enabled

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-8

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

WEP Specifies the type of wired equivalent privacy (WEP) that your client

adapter will use.

Options: No WEP, Static WEP Keys, or Dynamic WEP Keys

Default: No WEP

WEP Description

No WEP Disables WEP for your client adapter.

Static WEP Keys Enables static WEP for your client adapter

after you enter a valid WEP key.

Note Go to Step 3 for instructions on

entering a static WEP key and
enabling WEP.

Dynamic WEP Keys Enables WEP keys to be derived

automatically during EAP authentication.

If you set the Network Security Type to
LEAP or EAP-FAST, Dynamic WEP Keys
is set automatically. If, on a PPC 2002
device, you set the Network Security Type
to Host Based EAP, you must set the WEP
parameter to Dynamic WEP Keys.

Note Go to Step 3 for instructions on

setting dynamic WEP keys.

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-9

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Network Security Type Specifies the type of 802.1X authentication that your client adapter will

use.

Options: None, LEAP, EAP-FAST, or Host Based EAP

Default: None

Network Security Type Description

None Disables 802.1X authentication for your

client adapter.

LEAP Specifies that your client adapter use

LEAP authentication.

Note Go to Step 3 for instructions on

enabling LEAP.

EAP-FAST Specifies that your client adapter use

EAP-FAST authentication.

Note Go to Step 3 for instructions on

enabling EAP-FAST.

Host Based EAP
(PPC 2002 devices only)

Specifies that your client adapter use any

802.1X authentication type for which your
operating system has support (such as
EAP-TLS or PEAP).

Note Go to Step 3 for instructions on

enabling host-based EAP.

User Name If you are planning to use saved LEAP or saved EAP-FAST credentials

rather than entering them in WLM, this parameter specifies the
username that is to be saved and used automatically for authentication.
This parameter is available only if the Network Security Type is set to
LEAP or EAP-FAST.

Note Go to Step 3 for instructions on entering the LEAP or

EAP-FAST username.

User Password If you are planning to use saved LEAP or saved EAP-FAST credentials

rather than entering them in WLM, this parameter specifies the
password that is to be saved and used automatically for authentication.
This parameter is available only if the Network Security Type is set to
LEAP or EAP-FAST.

Note Go to Step 3 for instructions on entering the LEAP or

EAP-FAST password.

User Domain If you are planning to use saved LEAP or saved EAP-FAST credentials

rather than entering them in WLM, this parameter specifies the domain
name (if required) that is to be saved and used automatically for
authentication. This parameter is available only if the Network Security
Type is set to LEAP or EAP-FAST.

Note Go to Step 3 for instructions on entering the LEAP or

EAP-FAST domain name.

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-10

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Configuring Your Client Adapter

Step 3 If you plan to use any of the security features (static WEP, LEAP, EAP-FAST, EAP-TLS, or PEAP), read

the “Overview of Security Features” section below and follow the instructions for the security feature
you want to activate.

Step 4 Tap OK on the Properties screen to save any changes you have made. If the profile you just edited is the

active profile and your client adapter is inserted, the changes are applied immediately.

PAC Provisioning Mode Enables automatic or manual protected access credentials (PAC)

provisioning for this profile. This parameter is available only if the
Network Security Type is set to EAP-FAST.

Options: Automatic or Manual

Default: Automatic

PAC Provisioning Mode Description

Automatic Enables automatic PAC provisioning. A

PAC file is obtained automatically as
needed (for instance, when a PAC expires,
when the client adapter accesses a
different server, when the EAP-FAST
username cannot be matched to a
previously provisioned PAC, etc.).

Manual Enables manual PAC provisioning. You

must select a PAC authority or manually
import a PAC file.

Note LDAP user databases support only manual PAC provisioning

while Cisco Secure ACS internal, Cisco Secure ODBC, and
Windows NT/2000/2003 domain user databases support both
automatic and manual PAC provisioning.

Note Provisioning occurs only upon initial negotiation of the PAC or

upon PAC expiration. After the PAC is provisioned, it serves as
the key by which authentication transactions are secured.

Note Go to Step 3 for instructions on enabling automatic PAC

provisioning or manually importing a PAC file.

PAC Authority Contains the names of all the PAC authorities from which a PAC has

previously been provisioned. If this profile is set for manual
provisioning, you must select a PAC authority or import a PAC file.
This parameter is available only if the Network Security Type is set to
EAP-FAST.

Note Go to Step 3 for instructions on selecting a PAC authority.

Table 5-1 Client Adapter Configuration Parameters (continued)

Parameter Description

5-11

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

Overview of Security Features

When you use your client adapter with Windows CE, you can protect your data as it is transmitted
through your wireless network by encrypting it through the use of wired equivalent privacy (WEP)
encryption keys. With WEP encryption, the transmitting device encrypts each packet with a WEP key,
and the receiving device uses that same key to decrypt each packet.

The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your
adapter or dynamically created as part of the EAP authentication process. The information in the “Static

WEP Keys” and “Dynamic WEP Keys with EAP” sections below can help you to decide which type of

WEP keys you want to use. Dynamic WEP keys with EAP offer a higher degree of security than static
WEP keys.

WEP keys, whether static or dynamic, are either 40 or 128 bits in length. 128-bit WEP keys offer a
greater level of security than 40-bit WEP keys.

Note Refer to the “Additional WEP Key Security Features” section on page 5-15 for information on three

security features that can make your WEP keys even more secure.

Static WEP Keys

Each device (or profile) within your wireless network can be assigned up to four static WEP keys. If a
device receives a packet that is not encrypted with the appropriate key (as the WEP keys of all devices
that are to communicate with each other must match), the device discards the packet and never delivers
it to the intended receiver.

Static WEP keys are write-only and temporary; however, you do not need to re-enter them each time the
client adapter is inserted or the Windows CE device is reset. This is because the keys are stored (in an
encrypted format for security reasons) in the registry of the Windows CE device. When the driver loads
and reads the client adapter’s registry parameters, it also finds the static WEP keys, unencrypts them,
and stores them in volatile memory on the adapter.

The ACU Properties screen enables you to view the current WEP key settings for the client adapter and
then to assign new WEP keys or overwrite existing WEP keys as well as to enable or disable static WEP.
Refer to the “Using Static WEP” section on page 5-18 for instructions.

Dynamic WEP Keys with EAP

The new standard for wireless LAN security, as defined by the Institute of Electrical and Electronics
Engineers (IEEE), is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X
and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless
client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS)
server, to which the access point communicates over the wired network.

5-12

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

Up to three 802.1X authentication types can be selected in ACU for use with Windows CE devices:

• EAP-Cisco Wireless (or LEAP)—Support for LEAP is provided not in the Windows CE operating

system but in your client adapter’s firmware and the Cisco software that supports it. RADIUS
servers that support LEAP include Cisco Secure ACS version 2.6 and later, Cisco Access Registrar
version 1.7 and later, and Funk Software’s Steel-Belted RADIUS version 3.0 and later.

LEAP is enabled in ACU, and either a saved LEAP username and password are entered in ACU or
a temporary LEAP username and password are entered in WLM. The username and password are
used by the client adapter to perform mutual authentication with the RADIUS server through the
access point. The temporary LEAP username and password are stored in the client adapter’s volatile
memory and need to be re-entered whenever a LEAP profile is selected, the client adapter is ejected
and reinserted, or the Windows CE device is reset.

• EAP-FAST—This authentication type (Flexible Authentication via Secure Tunneling) is available

on PPC 2002, PPC 2003, and Windows CE .NET 4.2 devices. EAP-FAST uses a three-phased
tunneled authentication process to provide advanced 802.1X EAP mutual authentication.

–

Phase 0 enables the client to dynamically provision a protected access credentials (PAC) when
necessary. During this phase, a PAC is generated securely between the user and the network.

–

Phase 1 uses the PAC to establish a mutually authenticated and secure tunnel between the client
and the RADIUS server. RADIUS servers that support EAP-FAST include Cisco Secure ACS
version 3.2.3 and later.

–

Phase 2 performs client authentication in the established tunnel.

EAP-FAST is enabled in ACU, and either a saved EAP-FAST username and password are entered
in ACU or a temporary EAP-FAST username and password are entered in WLM. In addition,
automatic or manual PAC provisioning is enabled in ACU. The client adapter uses the username,
password, and PAC to perform mutual authentication with the RADIUS server through the access
point. The temporary EAP-FAST username and password are stored in the client adapter’s volatile
memory and need to be re-entered whenever an EAP-FAST profile is selected, the client adapter is
ejected and reinserted, or the Windows CE device is reset.

PACs are created by Cisco Secure ACS and are identified by an ID. The user obtains a copy of the
PAC from the server, and the ID links the PAC to the profile created in ACU. When manual PAC
provisioning is enabled, the PAC file is manually copied from the server and imported onto the client
device. The following rules govern PAC storage:

–

PACs are stored in a single PAC database and are available to all users of the device.

–

PAC files can be added or replaced using the import feature, but they cannot be removed or
exported.

EAP-FAST authentication is designed to support the following user databases over a wireless LAN:

–

Cisco Secure ACS internal user database

–

Cisco Secure ACS ODBC user database

–

Windows NT/2000/2003 domain user database

–

LDAP user database

LDAP user databases (such as NDS) support only manual PAC provisioning while the other three
user databases support both automatic and manual PAC provisioning.

• Host Based EAP (PPC 2002 devices only)—Selecting this option enables you to use any 802.1X

authentication type for which your Windows CE device has support, such as EAP-TLS or PEAP. You
can select this option only on PPC 2002 devices with the 802.1X backport installed.

5-13

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

Note PPC 2003 and other Windows CE .NET 4.2 devices can be configured for EAP-TLS or

PEAP authentication if you configure your client adapter through Windows CE .NET instead
of ACU. See Appendix E for instructions.

–

EAP-TLS—EAP-TLS is enabled or disabled through the Authentication Manager and uses a
dynamic session-based WEP key, which is derived from the client adapter and RADIUS server,
to encrypt data. EAP-TLS requires the use of certificates for authentication.

RADIUS servers that support EAP-TLS include Cisco Secure ACS version 3.0 or later and
Cisco Access Registrar version 1.8 or later.

–

Cisco PEAP—Cisco PEAP authentication (also known as PEAP-GTC) is designed to support
One-Time Password (OTP), Windows NT or 2000 domain, and LDAP user databases over a
wireless LAN. It is based on EAP-TLS authentication but uses a password instead of a client
certificate for authentication. Cisco PEAP is enabled or disabled through the Authentication
Manager and uses a dynamic session-based WEP key, which is derived from the client adapter
and RADIUS server, to encrypt data. Cisco PEAP requires you to enter your username and
password in order to start the authentication process and gain access to the network. RADIUS
servers that support Cisco PEAP authentication include Cisco Secure ACS version 3.1 or later.

Note To use Cisco PEAP authentication, you must have checked the Install Cisco PEAP

Support check box during installation.

When you enable Network-EAP or Require EAP on your access point and configure your client adapter
for LEAP, EAP-FAST, EAP-TLS, or PEAP, authentication to the network occurs in the following
sequence:

1. The client associates to an access point and begins the authentication process.

Note The client does not gain access to the network until authentication between the client and

the RADIUS server is successful.

2. Communicating through the access point, the client and RADIUS server complete the authentication

process, with the password (LEAP and PEAP), password and PAC (EAP-FAST), or certificate
(EAP-TLS) being the shared secret for authentication. The password or PAC is never transmitted
during the process.

3. If authentication is successful, the client and RADIUS server derive a dynamic, session-based WEP

key that is unique to the client.

4. The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.

5. For the length of a session, or time period, the access point and the client use this key to encrypt or

decrypt all unicast packets (and broadcast packets if the access point is set up to do so) that travel
between them.

Refer to one of these sections for instructions on enabling EAP authentication:

• Enabling LEAP, page 5-20

• Enabling EAP-FAST, page 5-21

• Enabling Host-Based EAP, page 5-25

5-14

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

Note Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following

URL for additional information on RADIUS servers:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt2/scrad.htm

Fast Roaming (CCKM)

Some applications that run on a client device may require fast roaming between access points. Voice
applications, for example, require seamless roaming to prevent delays and gaps in conversation. Support
for fast roaming is available for LEAP- or EAP-FAST-enabled clients in firmware version 5.40.10 or
later.

During normal operation, LEAP- or EAP-FAST-enabled clients mutually authenticate with a new access
point by performing a complete LEAP or EAP-FAST authentication, including communication with the
main RADIUS server. However, when you configure your wireless LAN for fast roaming, LEAP- or
EAP-FAST-enabled clients securely roam from one access point to another without the need to
reauthenticate with the RADIUS server. Using Cisco Centralized Key Management (CCKM), an access
point that is configured for wireless domain services (WDS) uses a fast rekeying technique that enables
client devices to roam from one access point to another in under 150 milliseconds (ms). Fast roaming
ensures that there is no perceptible delay in time-sensitive applications such as wireless Voice over IP
(VoIP), enterprise resource planning (ERP), or Citrix-based solutions.

This feature does not need to be enabled on the client adapter; it is supported automatically in client
adapter firmware version 5.40.10 or later. However, it must be enabled on the access point.

Note Access points must use Cisco IOS Release 12.2(11)JA or later to enable fast roaming. Refer to the

documentation for your access point for instructions on enabling this feature.

Reporting Access Points that Fail LEAP or EAP-FAST Authentication

The following client adapter and access point firmware versions support a feature that is designed to
detect access points that fail LEAP or EAP-FAST authentication:

• Client adapter firmware version 5.40.10 or later

• 12.00T or later (340, 350, and 1200 series access points)

• Cisco IOS Release 12.2(4)JA or later (1100 series access points)

An access point running one of these firmware versions records a message in the system log when a
client running one of these firmware versions discovers and reports another access point in the wireless
network that has failed LEAP or EAP-FAST authentication.

The process takes place as follows:

1. A client with a LEAP or EAP-FAST profile attempts to associate to access point A.

2. Access point A does not handle LEAP or EAP-FAST authentication successfully, perhaps because

the access point does not understand LEAP or EAP-FAST or cannot communicate to a trusted LEAP
or EAP-FAST authentication server.

3. The client records the MAC address for access point A and the reason why the association failed.

4. The client associates successfully to access point B.

5-15

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

5. The client sends the MAC address of access point A and the reason code for the failure to access

point B.

6. Access point B logs the failure in the system log.

Note This feature does not need to be enabled on the client adapter or access point; it is supported

automatically in the firmware of both devices. However, both the client and access point must use these
firmware versions or later.

Additional WEP Key Security Features

The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are
designed to prevent sophisticated attacks on your wireless network’s WEP keys. These features do not
need to be enabled on the client adapter; they are supported automatically in the client adapter driver and
firmware. However, they must be enabled on the access point.

Note Access point firmware version 11.10T or later is required to enable these security features. Refer to the

software configuration guide for your access point for instructions on enabling these features.

Message Integrity Check (MIC)

MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. MIC adds a few bytes to each packet to make the packets tamper-proof.

The ACU Status screen indicates if MIC is supported by the client adapter’s driver and is enabled on the
access point. See Figure 5-2.

Figure 5-2 ACU Status Screen

5-16

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

Note If you enable MIC on the access point, your client adapter’s driver must support MIC; otherwise,

the client cannot associate.

Temporal Key Integrity Protocol (TKIP)

This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.

Note If you enable TKIP on the access point, your client adapter’s firmware must support TKIP;

otherwise, the client cannot associate.

Broadcast Key Rotation

EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless
client devices using LEAP, EAP-FAST, EAP-TLS, or PEAP authentication can associate to the access
point. Client devices using static WEP (with open or shared key authentication) cannot associate.

Synchronizing Security Features

In order to use any of the security features discussed in this section, both your client adapter and the access
point to which it will associate must be set appropriately. Tab le 5- 2 indicates the client and access point
settings required for each security feature. This chapter provides specific instructions for enabling the security
features on your client adapter. Refer to the documentation for your access point for instructions on
enabling any of these features on the access point.

Table 5-2 Client and Access Point Security Settings

Security Feature Client Setting Access Point Setting

Static WEP with open
authentication

Create a WEP key and enable Static
WEP Keys and Open
Authentication

Set up and enable WEP and enable
Open Authentication for the SSID

Static WEP with shared key
authentication

Create a WEP key and enable Static
WEP Keys and Shared Key
Authentication

Set up and enable WEP and enable
Shared Key Authentication for the
SSID

LEAP authentication Enable LEAP Set up and enable WEP and enable

Network-EAP for the SSID

EAP-FAST authentication Enable EAP-FAST and enable

automatic provisioning or import a
PAC fil e

Set up and enable WEP and enable
Network-EAP for the SSID

5-17

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Overview of Security Features

EAP-TLS authentication

If using ACU to
configure card (on PPC
2002 devices)

Enable Host Based EAP and
Dynamic WEP Keys in ACU and
select TLS as the EAP Type in the
Authentication Manager

Set up and enable WEP and enable
Open Authentication for the SSID
and specify the use of EAP

If using Windows CE
.NET to configure card
(on PPC 2003 and
Windows CE .NET 4.2
devices)

Select Enable 802.1X
Authentication on This Network
and TLS as the EAP Type

Set up and enable WEP and enable
Open Authentication for the SSID
and specify the use of EAP

PEAP authentication

If using ACU to
configure card (on PPC
2002 devices)

Enable Host Based EAP and
Dynamic WEP Keys in ACU and
select Cisco PEAP (or PEAP if the
Microsoft PEAP supplicant is
installed) as the EAP Type in the
Authentication Manager

Set up and enable WEP and enable
Open Authentication for the SSID
and specify the use of EAP

If using Windows CE
.NET to configure card
(on PPC 2003 and
Windows CE .NET 4.2
devices)

Select Enable 802.1X
Authentication on This Network
and Cisco PEAP (or PEAP, which
denotes the Microsoft PEAP
supplicant) as the EAP Type

Set up and enable WEP and enable
Open Authentication for the SSID
and specify the use of EAP

Fast roaming (CCKM) Enable LEAP or EAP-FAST and

use firmware version 5.40.10 or
later

Use firmware version 12.2(11)JA
or later, select a cipher suite that is
compatible with CCKM, and
enable Network-EAP and CCKM
for the SSID

Note To allow both 802.1X

clients and non-802.1X
clients to use the SSID,
enable optional CCKM.

Reporting access points
that fail LEAP or
EAP-FAST authentication

No settings required; automatically
enabled in firmware version

5.40.10 or later

No settings required; automatically
enabled in the following firmware
versions: 12.00T or later (340, 350,
and 1200 series access points) or
Cisco IOS Release 12.2(4)JA or
later (1100 series access points)

MIC Automatically enabled in driver Set up and enable WEP with full

encryption, set MIC to MMH or
select Enable MIC check box, and
set Use Aironet Extensions to Yes

Table 5-2 Client and Access Point Security Settings

Security Feature Client Setting Access Point Setting

5-18

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Using Static WEP

Using Static WEP

This section provides instructions for entering new static WEP keys or overwriting existing static WEP
keys.

Enabling Static WEP and Entering a New Static WEP Key

Follow these steps to enter a new static WEP key for this profile.

Step 1 From the Properties screen, select Network Security Type under Property and None from the list of

options in the Value box.

Step 2 Select WEP under Property and Static WEP Keys from the list of options in the Value box.

Step 3 Tap th e WEP Keys button. The WEP Keys screen appears (see Figure 5-3).

Figure 5-3 WEP Keys Screen

TKIP Automatically enabled in firmware Set up and enable WEP, set TKIP to

Cisco or select Enable Per Packet
Keying check box, and set Use
Aironet Extensions to Yes

Broadcast key rotation Enable LEAP, EAP-FAST,

EAP-TLS, or PEAP

Set up and enable WEP and set
Broadcast WEP Key Rotation
Interval to any value other than
zero (0)

Table 5-2 Client and Access Point Security Settings

Security Feature Client Setting Access Point Setting

5-19

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Using Static WEP

This screen allows you to create up to four static WEP keys.

Step 4 For the static WEP key that you are entering (1, 2, 3, or 4), select a WEP key size of 40 or 128 on the

right side of the screen. 128-bit client adapters can use 40- or 128-bit keys, but 40-bit adapters can use
only 40-bit keys. If 128 bit is not supported by the client adapter, this option is grayed out, and you are
unable to select it.

Step 5 Obtain the static WEP key from your system administrator and enter it in the blank field for the key you

are creating. Follow the guidelines below to enter a new static WEP key:

• WEP keys can consist of the following hexadecimal characters: 0-9, A-F, and a-f.

• WEP keys must contain the following number of characters:

–

10 hexadecimal characters for 40-bit keys
Example: 12345abcde

–

26 hexadecimal characters for 128-bit keys
Example: AB34CD78EFab01cd23ef456789

• Your client adapter’s WEP key must match the WEP key used by the access point (in infrastructure

mode) or clients (in ad hoc mode) with which you are planning to communicate.

• When setting more than one WEP key, the keys must be assigned to the same WEP key numbers for

all devices. For example, WEP key 2 must be WEP key number 2 on all devices. When multiple
WEP keys are set, they must be in the same order on all devices.

Note After you enter a WEP key, you can write over it, but you cannot edit or delete it.

Step 6 Tap th e Tr a n s m it Key button to the left of the key you want to use to transmit packets. Only one WEP

key can be selected as the transmit key.

Step 7 Tap OK to write your WEP key(s) to the client adapter’s volatile memory and the registry of the

Windows CE device or tap Cancel to exit the WEP Keys screen without updating the keys.

Step 8 Tap OK to save your changes.

Overwriting an Existing Static WEP Key

Follow these steps to overwrite an existing static WEP key.

Step 1 From the Properties screen, tap the WEP Keys button. The WEP Keys screen appears (see Figure 5-3).

A check mark appears in the Already Set? box for all existing static WEP keys.

Note For security reasons, the codes for existing static WEP keys do not appear on the screen. Also,

you can write over existing keys, but you cannot edit or delete them.

Step 2 Decide which existing static WEP key you want to overwrite.

Step 3 Tap within the blank field of that key.

Step 4 Enter a new key, following the guidelines outlined in Step 5 of the “Enabling Static WEP and Entering

a New Static WEP Key” section on page 5-18.

5-20

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling LEAP

Step 5 Make sure the Trans m i t Key button to the left of your key is selected, if you want this key to be used to

transmit packets.

Step 6 Tap OK to write your new static WEP key to the client adapter’s volatile memory and the registry of the

Windows CE device or tap Cancel to exit the WEP Keys screen without overwriting any keys.

Step 7 Tap OK to save your changes.

Disabling Static WEP

Follow these steps if you ever need to disable static WEP.

Note Selecting LEAP for the Network Security Type disables static WEP automatically.

Step 1 Double-tap the ACU icon or select Start > Programs > Cisco > ACU. The Profiles screen appears.

Step 2 Select the profile that you want to change from the Manage Profiles box and tap the Edit button.

Step 3 Select WEP under Property and No WEP from the list of options in the Value box.

Step 4 Tap OK to save your changes.

Enabling LEAP

Before you can enable LEAP authentication, your network devices must meet the following
requirements:

• Client adapters must support WEP.

• Access points to which your client adapter may attempt to authenticate must use the following

firmware versions or later: 11.23T (340 and 350 series access points), 11.54T (1200 series access
points), or Cisco IOS Release 12.2(4)JA (1100 series access points).

• All necessary infrastructure devices such as access points and servers must be properly configured

for LEAP authentication.

Note Cisco recommends the use of strong passwords for LEAP authentication in order to minimize the risk of

successful attacks by rogue access points. Refer to the “Creating Strong Passwords” section on page 9-4
for tips on creating strong passwords.

5-21

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling EAP-FAST

Follow these steps to enable LEAP authentication for this profile.

Step 1 From the Properties screen, select Network Security Type under Property and LEAP from the list of

options in the Value box. When LEAP is enabled, the following parameters on the Properties screen are
changed automatically:

• WEP is set to Dynamic WEP Keys.

• Authentication Type is set to Open.

Step 2 Perform one of the following:

• If you want to use a temporary username and password (which must be entered whenever a LEAP

profile is selected, the client adapter is ejected and reinserted, or the Windows CE device is reset in
order to authenticate and gain access to the network), go to Step 3.

• If you want to use a saved username and password (which do not need to be entered whenever a

LEAP profile is selected, the client adapter is ejected and reinserted, or the Windows CE device is
reset because authentication occurs automatically as needed using your saved credentials), enter
your LEAP username, password, and optional domain name in the User Name, User Password, and
User Domain edit boxes.

Note Usernames are limited to 64 ASCII characters, and passwords are limited to 32 ASCII

characters. However, if a domain name is entered in the User Domain field, the sum of the
username and domain name is limited to 63 ASCII characters.

Step 3 Tap OK to enable LEAP.

Step 4 Refer to the “Using LEAP or EAP-FAST” section on page 6-2 for instructions on authenticating using

LEAP.

Enabling EAP-FAST

Before you can enable EAP-FAST authentication, your network devices must meet the following
requirements:

• 350 series client adapters must be installed on a PPC 2002, PPC 2003, or Windows CE .NET 4.2

device.

• Client adapters must support WEP and use firmware version 5.40.10.

• Access points to which your client adapter may attempt to authenticate must use the following

firmware versions or later: 11.23T (340 and 350 series access points), 11.54T (1200 series access
points), or Cisco IOS Release 12.2(4)JA (1100 series access points).

• All necessary infrastructure devices such as access points, servers, gateways, and user databases

must be properly configured for EAP-FAST authentication.

5-22

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling EAP-FAST

Obtaining a PAC File (Manual PAC Provisioning Only)

If you are planning to enable manual PAC provisioning for this EAP-FAST profile, you must obtain a
PAC file before you can import it for use on your Windows CE device. Follow these steps if you have
not yet obtained a PAC file.

Step 1 Obtain the PAC file (*.pac) from your system administrator.

Step 2 Establish an ActiveSync connection between your laptop or PC and your Windows CE device.

Step 3 Use Windows Explorer to copy the PAC file and paste it into a folder under My Computer > Mobile

Device.

Note For PPC devices, the destination must be either the Business or Personal folder.

Step 4 Follow the steps in the “Enabling EAP-FAST” section below to import the PAC file for your Windows

CE device.

Enabling EAP-FAST

Follow these steps to enable EAP-FAST authentication for this profile.

Step 1 From the Properties screen, select Network Security Type under Property and EAP-FAST from the list

of options in the Value box. When EAP-FAST is enabled, the following parameters on the Properties
screen are changed automatically:

• WEP is set to Dynamic WEP Keys.

• Authentication Type is set to Open.

Step 2 Perform one of the following:

• If you want to use a temporary username and password (which must be entered whenever an

EAP-FAST profile is selected, the client adapter is ejected and reinserted, or the Windows CE device
is reset in order to authenticate and gain access to the network), go to Step 3.

• If you want to use a saved username and password (which do not need to be entered whenever an

EAP-FAST profile is selected, the client adapter is ejected and reinserted, or the Windows CE device
is reset because authentication occurs automatically as needed using your saved credentials), enter
your EAP-FAST username, password, and optional domain name in the User Name, User Password,
and User Domain edit boxes.

Note Usernames are limited to 64 ASCII characters, and passwords are limited to 32 ASCII

characters. However, if a domain name is entered in the User Domain field, the sum of the
username and domain name is limited to 63 ASCII characters.

5-23

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling EAP-FAST

Step 3 Perform one of the following:

• If you want to enable automatic PAC provisioning, select PAC Provisioning Mode under Property

and Automatic from the list of options in the Value box. A protected authentication credentials
(PAC) file is obtained automatically as needed (for instance, when a PAC expires, when the client
adapter accesses a different server, when the EAP-FAST username cannot be matched to a
previously provisioned PAC, etc.). This is the default setting. If you select this option, go to Step 5.

• If you want to enable manual PAC provisioning, select PAC Provisioning Mode under Property and

Manual from the list of options in the Value box. You must select a PAC authority or manually

import a PAC file. If you select this option, go to Step 4.

Note LDAP user databases support only manual PAC provisioning while Cisco Secure ACS

internal, Cisco Secure ODBC, and Windows NT/2000/2003 domain user databases support
both automatic and manual PAC provisioning.

Note Provisioning occurs only upon initial negotiation of the PAC or upon PAC expiration. After

the PAC is provisioned, it serves as the key by which authentication transactions are secured.

Step 4 Perform one of the following to enable manual PAC provisioning:

• Select PAC Au t h o r i t y under Property and select the PAC authority associated with the profile’s

SSID from the list of options in the Value box. The list contains the names of all the PAC authorities
from which PACs have previously been provisioned.

• If the PAC authority list is empty or does not contain the name of a desired PAC authority, follow

these steps to import a PAC file:

a. Tap the PAC Import button. The Aironet Client Utility Open screen appears (see Figure 5-4).

Figure 5-4 Aironet Client Utility Open Screen

5-24

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling EAP-FAST

b. Select the folder where the PAC file is located from the Folder drop-down menu. Then tap the

file (*.pac) in the Name field in the center of the window.

Note The filename and extension of PAC files is determined by the PAC authority that issues

them, but the standard file extension is pac.

c. If the PAC Password screen appears (see Figure 5-5), enter the PAC file password and tap OK.

Figure 5-5 PAC Password Screen

Note PAC file passwords are optional. The PAC authority determines whether to issue PAC

files that require user-supplied passwords. Nevertheless, all PAC files (even those
without passwords) are encrypted and protected. PAC file passwords are different from
EAP-FAST passwords and need to be entered only once, at the time a PAC is imported.

d. If you try to import a PAC file with the same PAC ID as a previously imported PAC file, you are

asked if you want to replace the existing PAC. If you tap Yes , the existing PAC is replaced by
the new one from the imported file.

e. The PAC file is imported, and the PAC authority that issued the PAC file is added to the PAC

authority list as the active PAC authority.

Step 5 Tap OK to enable EAP-FAST. If you imported a PAC file, it is now added to your PAC database.

Step 6 Refer to the “Using LEAP or EAP-FAST” section on page 6-2 for instructions on authenticating using

EAP-FAST.

5-25

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Enabling Host-Based EAP

Before you can enable host-based EAP authentication, your network devices must meet the following
requirements:

• The Windows CE device must be a PPC 2002 device.

Note PPC 2003 and other Windows CE .NET 4.2 devices can be configured for EAP-TLS or

PEAP authentication if you configure your client adapter through Windows CE .NET instead
of ACU. See Appendix E for instructions.

• Client adapters must support WEP.

• Access points to which your client adapter will attempt to authenticate must use the following

firmware versions or later: 11.23T (340 and 350 series access points), 12.2(4)JA (1100 series access
points), or 11.54T (1200 series access points).

• All necessary infrastructure devices such as access points, servers, gateways, and user databases

must be properly configured for the authentication type you plan to enable on the client.

Obtaining and Importing CA and User Certificates

EAP-TLS and PEAP authentication require the use of certificates. EAP-TLS requires both a Certificate
Authority (CA) certificate and a user certificate while PEAP requires only a CA certificate. After you
import the necessary certificates, you should not have to repeat this procedure until the certificates expire
(at a time that is predetermined by the certificate server).

Note Chapter 8 provides instructions for viewing and removing certificates, if necessary.

Obtaining CA and User Certificates

If you have not yet obtained a CA certificate (for EAP-TLS or PEAP) and a user certificate (for
EAP-TLS), follow these steps.

Step 1 Obtain the certificate file(s) (*.cer or *.crt) from your system administrator.

Step 2 Establish an ActiveSync connection between your laptop or PC and your Windows CE device.

Step 3 Open Windows Explorer on your laptop or PC.

Step 4 Copy the certificate file(s) and paste them into a folder under My Computer > Mobile Device.

Step 5 Follow the steps in the “Importing a CA Certificate” section on page 5-26 and the “Importing a User

Certificate” section on page 5-27 to import the certificate file(s) for your Windows CE device.

5-26

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Importing a CA Certificate

If you are planning to use EAP-TLS or PEAP authentication on a PPC 2002 device, follow these steps
to import the CA certificate.

Step 1 Select Start > Programs > Cisco > CertMgr. The Certificate Manager screen appears (see Figure 5-6).

Figure 5-6 Certificate Manager Screen

Step 2

Make sure Trusted Authorities appears in the Certificate drop-down menu.

Step 3 Tap th e Import button.

Step 4 The Certificate Manager Open screen appears (see Figure 5-7).

5-27

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Figure 5-7 Certificate Manager Open Screen

Step 5

Tap the CA certificate file.

Step 6 The Certificate Manager screen reappears with the name of the CA certificate server listed in the middle

of the screen.

Step 7 Tap OK to close the Certificate Manager.

Importing a User Certificate

If you are planning to use EAP-TLS authentication on a PPC 2002 device, follow these steps to import
the user certificate.

Note As an alternative to the procedure below, you can use the Certificate Manager to import a user certificate.

To do so, follow the steps in the “Importing a CA Certificate” section above, but make sure My
Certificates (not Trusted Authorities) appears in the Certificate drop-down menu in Step 2 and tap the
user certificate file (not the CA certificate file) in Step 5.

Step 1 Make sure that your Windows CE device has an ActiveSync link to a laptop or PC that is on the same

network as the certificate server you want to use.

Step 2 Select Start > Programs > Cisco > Enroll. The Certificate Enrollment screen appears (see Figure 5-8).

5-28

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Figure 5-8 Certificate Enrollment Screen

Step 3

Enter your username, password, and server name for your certificate server, which can be obtained from
your system administrator, in the appropriate fields.

Step 4 Tap th e Enroll button. The box at the bottom of the screen indicates the status of the certificate

enrollment by changing from Ready to Processing.

If the operation is successful, the following message appears: “A certificate has been added to your
device.”

Step 5 Tap OK to close the Certificate Enrollment screen.

Enabling Host-Based EAP

Follow these steps to enable host-based EAP authentication (EAP-TLS or PEAP) for this profile on a
PPC 2002 device.

Note Because EAP-TLS and PEAP authentication are not enabled in ACU, you cannot switch between these

authentication types simply by switching profiles in ACU. You can create a profile in ACU that uses
host-based EAP, but you must enable the specific authentication type in the Authentication Manager. In
addition, only one authentication type can be set at a time; therefore, if you have more than one profile
in ACU that uses host-based EAP and you want to use another authentication type, you must change the
authentication type in the Authentication Manager after switching profiles in ACU.

Step 1 From the Properties screen, select Network Security Type under Property and Host Based EAP from

the list of options in the Value box.

Step 2 Select WEP under Property and Dynamic WEP Keys from the list of options in the Value box.

5-29

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Step 3 Tap OK to save your changes.

Step 4 Select Start > Programs > Cisco > AuthMgr. The Authentication screen appears (see Figure 5-9).

Figure 5-9 Authentication Screen

Step 5

Perform one of the following, depending on the authentication type you want to use:

• If you are planning to use EAP-TLS, go to the “Enabling EAP-TLS” section below.

• If you are planning to use PEAP, go to the “Enabling PEAP” section on page 5-30.

Enabling EAP-TLS

Follow these steps to enable EAP-TLS for this profile.

Step 1 For EAP Type, select TLS.

Step 2 If your Windows CE device has more than one user certificate, tap the Properties button. On the Select

Certificate screen, select the user certificate that you want to use and tap OK.

Step 3 The configuration is complete. Tap the Connect button on the Authentication screen to start the EAP

authentication process.

Note Any time you make a change to the active profile in ACU or the Authentication Manager, you

must tap the Connect button on the Authentication screen to start the authentication process.

Step 4 Refer to the “Using EAP-TLS” section on page 6-5 for instructions on authenticating using EAP-TLS.

5-30

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Enabling Host-Based EAP

Enabling PEAP

Follow these steps to enable PEAP for this profile.

Step 1 For EAP Type, select Cisco PEAP or PEAP. If you select Cisco PEAP, go to Step 2. If you select PEAP,

go to Step 8.

Note PEAP appears as an EAP Type option on a PPC 2002 device if the Microsoft PEAP

supplicant (rather than the Cisco PEAP supplicant) is installed.

Step 2 Tap th e Properties button. The PEAP Properties screen appears (see Figure 5-10).

Figure 5-10 PEAP Properties Screen

Step 3

Make sure that the Validate server certificate check box is checked if server certificate validation is
required (recommended).

Step 4 If you want to specify the name of the server to connect to, check the Connect only if server name ends

in check box and enter the appropriate server name suffix in the field below.

Note If you enter a server name and the client adapter connects to a server that does not match the

name you entered, you are prompted to accept or cancel the connection during the authentication
process.

Note If you leave this field blank, the server name is not verified, and a connection is established as

long as the certificate is valid.

5-31

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Disabling LEAP, EAP-FAST, or Host-Based EAP

Step 5 Make sure that the name of the certificate authority from which the server certificate was downloaded

appears in the Trusted root certificate field. If necessary, tap the arrow on the drop-down menu and select
the appropriate name.

Note If you leave this field blank, you are prompted to accept a connection to the root certification

authority during the authentication process.

Step 6 Check the Connect only if server is signed by specified trusted root CA check box if you want to

ensure that the certificate server uses the trusted root certificate specified in the field above. This
prevents the client from establishing connections to rogue access points.

Step 7 Tap OK to save your settings. The configuration is complete.

Step 8 Tap th e Connect button on the Authentication screen to start the EAP authentication process.

Note Any time you make a change to the active profile in ACU or the Authentication Manager, you

must tap the Connect button on the Authentication screen to start the authentication process.

Step 9 Refer to the “Using PEAP” section on page 6-6 for instructions on authenticating using PEAP.

Disabling LEAP, EAP-FAST, or Host-Based EAP

Follow these steps to disable LEAP, EAP-FAST, or host-based EAP (EAP-TLS or PEAP) for a particular
profile on a PPC 2002 device.

Step 1 Double-tap the ACU icon or select Start > Programs > Cisco > ACU. The Profiles screen appears.

Step 2 Select the profile that you want to change from the Manage Profiles box and tap the Edit button.

Step 3 Select Network Security Typ e under Property and None from the list of options in the Value box.

Step 4 Tap OK to save your changes.

5-32

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 5 Configuring the Client Adapter

Disabling LEAP, EAP-FAST, or Host-Based EAP

CHA P TER

6-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

6

Using EAP Authentication

This chapter explains the sequence of events that occurs and the actions you must take when a profile
that is set for EAP authentication is selected for use.

The following topics are covered in this chapter:

• Overview, page 6-2

• Using LEAP or EAP-FAST, page 6-2

• Using EAP-TLS, page 6-5

• Using PEAP, page 6-6

6-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Overview

Overview

This chapter explains the sequence of events that occurs as soon as you select a profile that uses EAP
authentication as well as after you eject and reinsert the client adapter, reset the Windows CE device, or
are informed that your username and password have expired. The chapter contains three sections based
on the profile’s authentication type:

• Using LEAP or EAP-FAST, see below

• Using EAP-TLS, page 6-5

• Using PEAP, page 6-6

Follow the instructions for your profile’s authentication type to successfully authenticate.

Note If any error messages appear during authentication, refer to Chapter 9 for explanations and

recommended actions.

Using LEAP or EAP-FAST

With a Temporary Username and Password

After you select a profile that uses LEAP or EAP-FAST authentication (with a temporary username and
password) or you eject and reinsert the client adapter or reset your Windows CE device while this profile
is selected, follow these steps to authenticate using LEAP or EAP-FAST.

Step 1 The Wireless Login Module screen appears (see Figure 6-1).

Figure 6-1 Wireless Login Module Screen

6-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using LEAP or EAP-FAST

Note You can also start WLM by selecting Start > Programs > Cisco > Wireless Login Module. You

may want to do this if you inadvertently exited WLM after it started or if you roam to a different
part of the network where a different login is required.

Step 2 Obtain your LEAP or EAP-FAST username and password from your system administrator.

Note The password is optional because not all host accounts on the RADIUS server are set up with a

password.

Step 3 Enter your LEAP or EAP-FAST username in the User Name field.

Step 4 Enter your LEAP or EAP-FAST password in the Password field if your RADIUS server account was set

up with a password.

Note For security reasons, the characters entered for the password are displayed as asterisks.

Step 5 If your RADIUS server account specifies a domain, enter the domain name in the Domain field.

Step 6 Tap OK. If the username and password were entered correctly, they are written to volatile memory on

the client adapter. The username and password remain on the client adapter until a different profile is
selected, the client adapter is ejected and reinserted, or the Windows CE device is reset.

Note If you want to terminate the LEAP or EAP-FAST session, tap the Logout button. If you want to

exit WLM, tap the Cancel button.

Step 7 One of three scenarios occurs:

1. The client adapter authenticates to the RADIUS server using your username and password and receives

a dynamic, session-based WEP key. The ACU Profiles screen indicates if your client adapter is
authenticated to an access point.

2. If you enter the username or password incorrectly or enter ones that are not valid for the RADIUS

server on the network, the Wireless Login Module screen reappears with a message indicating that
your login was incorrect. You are able to retry immediately by re-entering the username and
password.

3. The client adapter times out while trying to authenticate, possibly because it is out of range of an

access point. After 30 seconds, a message appears indicating that the authentication attempt timed
out and that you need to rerun WLM.

6-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using LEAP or EAP-FAST

With a Saved Username and Password

After you select a profile that uses LEAP or EAP-FAST authentication (with a saved username and
password) or you eject and reinsert the client adapter or reset your Windows CE device while this profile
is selected, the client adapter should authenticate automatically. The ACU Profiles screen indicates if
your client adapter is authenticated to an access point.

Note If you entered your username or password incorrectly in the ACU Properties screen or entered

ones that are not valid for the RADIUS server on the network, the Wireless Login Module screen
appears with a message indicating that your login was incorrect. Tap Cancel; then change your
username or password on the ACU Properties screen and tap OK.

Note If you want to log out of a LEAP or EAP-FAST session, select Start > Programs > Cisco >

Wireless Login Module and tap the Logout button on the Wireless Login Module screen.

After Your EAP-FAST Credentials Expire

If the EAP-FAST credentials (username and password) for your current profile expire or become invalid,
follow these steps to change your password.

Step 1 When the Password Expired screen appears (see Figure 6-2) to indicate that your password has expired,

enter your old password in the Old Password field.

Figure 6-2 Password Expired Screen

Step 2

Enter your new password in both the New Password and Confirm New fields and tap OK.

Step 3 If prompted, log off and on again in order to update your local cached account with your new password.

6-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using EAP-TLS

Using EAP-TLS

After you select a profile that uses host-based EAP authentication and configure the card for EAP-TLS,
follow these steps to EAP authenticate.

Note These instructions are applicable after profile selection, card ejection and reinsertion, or reset.

Step 1 If a message appears informing you that you need to accept a certificate to begin the EAP authentication

process, tap the message and follow the instructions provided to accept the certificate.

Note You should not have to accept a certificate for future authentication attempts. After you accept

one, the same certificate is used subsequently.

Step 2 If a message appears indicating the root certification authority for the server’s certificate and it is the

correct certification authority, tap OK to accept the connection. Otherwise, tap Cancel.

Step 3 If a message appears indicating the server to which your client adapter is connected and it is the correct

server to connect to, tap OK to accept the connection. Otherwise, tap Cancel.

Step 4 The User Logon screen appears (see Figure 6-3).

Figure 6-3 User Logon Screen

Step 5

Enter your EAP-TLS username and optional domain name (which are registered with the RADIUS
server) in the appropriate fields. For example, if your EAP-TLS username is jsmith and the domain name
is corporate, you would enter jsmith in the User Name field and corporate in the Domain field.

6-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using PEAP

Note If your network uses a Cisco Secure ACS server, you must leave the Domain field blank and

enter the fully qualified domain name in the User Name field as follows:
username@fully.qualified.domain. For example, if your EAP-TLS username is jsmith and the
domain name is corporate on Cisco.com, you would enter jsmith@corporate.cisco.com in the
User Name field and leave the Domain field blank.

Step 6 Tap OK. The client adapter should now EAP authenticate.

To verify authentication on a PPC 2002 device, select Start > Programs > Cisco > AuthMg r. The Status
field at the bottom of the screen shows the authentication status. If the authentication is successful, the
Status field displays Authenticated, and the IP Address field displays the IP address of the client adapter.

Using PEAP

After Profile Selection, Card Insertion, or Reset

After you select a profile that uses host-based EAP authentication and configure the card for PEAP,
follow these steps to EAP authenticate.

Note These instructions are applicable for use with Windows NT or 2000 domain, LDAP, or OTP user

databases after profile selection, card ejection and reinsertion, or reset.

Step 1 If a message appears informing you that you need to select a certificate or other credentials to access the

network, tap this message.

Step 2 If a message appears indicating the root certification authority for the server’s certificate and it is the

correct certification authority, tap OK to accept the connection. Otherwise, tap Cancel.

Step 3 If a message appears indicating the server to which your client adapter is connected and it is the correct

server to connect to, tap OK to accept the connection. Otherwise, tap Cancel.

Step 4 The Static Password screen appears (see Figure 6-4).

Note If a message appears prompting you to process your logon information for your wireless

network, tap this message. Then the Static Password screen appears.

6-7

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using PEAP

Figure 6-4 Static Password Screen

Step 5

Enter your PEAP username and password (which are registered with the RADIUS server) in the
appropriate fields.

Step 6 If applicable, enter your domain name in the Domain field.

Note A domain name is not required for OTP databases.

Step 7 Tap OK. The client adapter should now EAP authenticate.

To verify authentication on a PPC 2002 device, select Start > Programs > Cisco > AuthMgr. The Status
field at the bottom of the screen shows the authentication status. If the authentication is successful, the
Status field displays Authenticated, and the IP Address field displays the IP address of the client adapter.

6-8

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 6 Using EAP Authentication

Using PEAP

After Your Password Expires (Windows NT or 2000 Domain Databases Only)

If you are using a Windows NT or 2000 domain database with PEAP and the password for your current
username expires, follow these steps to change your password.

Step 1 When the Change Password screen appears (see Figure 6-5) to indicate that your password has expired,

enter your old password in the Old Password field.

Figure 6-5 Change Password Screen

Step 2

Enter your new password in both the New Password and Confirm New Password fields.

Note The password is also changed in the Windows NT or 2000 domain user database.

Step 3 Tap OK. The client adapter should authenticate using your new password.

CHA P TER

7-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

7

Performing Diagnostics

This chapter explains how to use ACU to perform user-level diagnostics.

The following topics are covered in this chapter:

• Overview of ACU Diagnostic Tools, page 7-2

• Setting Signal Strength Display Units, page 7-2

• Viewing the Status of Your Client Adapter, page 7-3

• Viewing Statistics for Your Client Adapter, page 7-5

7-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Overview of ACU Diagnostic Tools

Overview of ACU Diagnostic Tools

The ACU diagnostic tools enable you to assess the performance of your client adapter within the wireless
network. These tools perform the following functions:

• Display your client adapter’s current status

• Display statistics pertaining to your client adapter’s transmission and reception of data

Setting Signal Strength Display Units

Follow these steps to specify the units used to display signal strength on the ACU Status screen.

Step 1 Double-tap the ACU icon or select Start > Programs > Cisco > ACU. The Profiles screen appears.

Step 2 Tap th e Options button. The ACU Options screen appears (see Figure 7-1).

Figure 7-1 ACU Options Screen

Step 3

Select one of the following options for Signal Strength Display Units:

• Percent (%)—Displays the signal strength as a percentage. This is the default setting.

• dBm—Displays the signal strength in decibels with respect to milliwatts.

Step 4 Tap OK to save your changes.

7-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing the Status of Your Client Adapter

Viewing the Status of Your Client Adapter

Follow these steps to view the current status of your client adapter.

Step 1 From the Profiles screen, tap the Status tab. The Status screen appears. Figure 7-2 shows the Status

screen with the signal strength values displayed as percentages, and Figure 7-3 shows the same screen
with the signal strength values displayed in decibels with respect to milliwatts (dBm).

Figure 7-2 Status Screen (with Signal Strength as a Percentage)

Figure 7-3 Status Screen (with Signal Strength in dBm)

7-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing the Status of Your Client Adapter

Table 7- 1 interprets each element of the Status screen.

Table 7-1 Client Adapter Status

Status Description

The first line of the Status screen Indicates the operational mode of your client adapter and the

name or MAC address of any associated access point.

Valu e: Not Associated, Associated, Authenticated, or

Ad Hoc Mode

Note The access point name or MAC address is shown only if

the client adapter is in infrastructure mode and Aironet
Extensions are enabled (on access points running Cisco
IOS release 12.2(4)JA or later).

Signal Strength The signal strength for all received packets. The higher the value

and the more green the bar graph is, the stronger the signal.

The histogram below the bar graph provides a visual
interpretation of the current signal strength. Differences in signal
strength are indicated by the following colors: green (strongest),
yellow (middle of the range), and red (weakest).

Range: 0 to 100% or –95 to –45 dBm

Signal Quality The signal quality for all received packets. The higher the value

and the more green the bar graph is, the clearer the signal.

The histogram below the bar graph provides a visual
interpretation of the current signal quality. Differences in signal
quality are indicated by the following colors: green (highest
quality), yellow (average), and red (lowest quality).

Range: 0 to 100%

Note This setting appears only if you selected signal strength to

be displayed as a percentage. See the “Setting Signal

Strength Display Units” section on page 7-2 for

information.

Noise Level The level of background radio frequency energy in the 2.4-GHz

band. The lower the value and the more green the bar graph is, the
less background noise present.

Range: –100 to –45 dBm

Note This setting appears only if you selected signal strength to

be displayed in dBm. See the “Setting Signal Strength

Display Units” section on page 7-2 for information.

Overall Link Quality The client adapter’s ability to communicate with the access point,

which is determined by the combined result of the adapter’s
signal strength and signal quality.

Valu e: Not Associated, Poor, Fair, Good, Excellent

Note This setting appears only if you selected signal strength to

be displayed as a percentage. See the “Setting Signal

Strength Display Units” section on page 7-2 for

information.

7-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

Step 2 Tap OK to exit the Status screen.

Viewing Statistics for Your Client Adapter

ACU enables you to view statistics that indicate how data is being received and transmitted by your client
adapter. It also shows message integrity check (MIC) statistics if your client adapter’s driver supports
MIC and MIC is enabled on the access point.

Note The receive and transmit statistics are host statistics. That is, they show packets and errors received

or sent by the Windows CE device. Link status tests from the access point or ACU site survey tool
are performed at the firmware level; therefore, they have no effect on the statistics shown by the
Statistics screen.

Signal to Noise Ratio The difference between the signal strength and the current noise

level. The higher the value, the better the client adapter’s ability
to communicate with the access point.

Range: 0 to 90 dB

Note This setting appears only if you selected signal strength to

be displayed in dBm. See the “Setting Signal Strength

Display Units” section on page 7-2 for information.

Driver Version The version of the client adapter driver that is installed on your

Windows CE device.

Firmware Version The version of the firmware that is currently running on your

client adapter.

Message Integrity Check Indicates whether your client adapter is using message integrity

check (MIC) to protect packets sent to and received from the
access point.

MIC prevents bit-flip attacks on encrypted packets. During a
bit-flip attack, an intruder intercepts an encrypted message, alters
it slightly, and retransmits it, and the receiver accepts the
retransmitted message as legitimate.

Note MIC is supported automatically by the client adapter’s

driver, but it must be enabled on the access point.

Valu e: Ye s or No

Current IP Address The IP address of the client adapter. If your Windows CE device

is set up to obtain an IP address from a DHCP server, you can
press the Renew button to initiate a release and renew of the IP
address.

Note This parameter and the Renew button appear only on PPC

2002, PPC 2003, HPC 2000, and CE .NET devices.

Table 7-1 Client Adapter Status (continued)

Status Description

7-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

Follow these steps to view your client adapter’s statistics.

Step 1 From the Profiles screen, tap the Statistics tab. The Receive Statistics screen appears (see Figure 7-4).

Figure 7-4 Receive Statistics Screen

The statistics are calculated as soon as your client adapter is started.

Table 7- 2 describes each receive statistic that is displayed for your client adapter.

Table 7-2 Receive Statistics

Statistic Description

Multicast Packets The number of multicast packets that were received successfully.

Broadcast Packets The number of broadcast packets that were received successfully.

Unicast Packets The number of unicast packets that were received successfully.

Bytes Received The number of bytes of data that were received successfully.

Beacons Received The number of beacon packets that were received successfully.

PLCP CRC Errors The number of times the client adapter started to receive an

802.11 Physical Layer Convergence Protocol (PLCP) header but
the rest of the packet was ignored due to a cyclic redundancy
check (CRC) error in the header.

Note CRC errors can be attributed to packet collisions caused

by a dense population of client adapters, overlapping
access point coverage on a channel, high multipath
conditions from bounced signals, or the presence of other

2.4-GHz signals from devices such as microwave ovens,
wireless handset phones, etc.

7-7

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

Step 2 To view the transmit statistics for your client adapter, tap the arrow in the Category drop-down menu and

select Transmit Stats. The Transmit Statistics screen appears (see Figure 7-5).

Figure 7-5 Transmit Statistics Screen

Table 7- 3 describes each transmit statistic that is displayed for your client adapter.

MAC CRC Errors The number of packets that had a valid 802.11 PLCP header but

contained a CRC error in the data portion of the packet.

Note CRC errors can be attributed to packet collisions caused

by a dense population of client adapters, overlapping
access point coverage on a channel, high multipath
conditions from bounced signals, or the presence of other

2.4-GHz signals from devices such as microwave ovens,
wireless handset phones, etc.

Up Time (hh:mm:ss) The amount of time (in hours:minutes:seconds) since your client

adapter was started. If the client adapter has been running for
more than 24 hours, the time is displayed in days, hours:minutes:
seconds.

Table 7-2 Receive Statistics (continued)

Statistic Description

7-8

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

Step 3 To view the MIC statistics for your client adapter, tap the arrow in the Category drop-down menu and

select MIC Stats. The MIC Statistics screen appears (see Figure 7-6).

Note The MIC Stats option is available only if your client adapter’s driver supports MIC and only

if MIC is enabled on the access point.

Figure 7-6 MIC Statistics Screen

Ta b le 7- 3 Tra ns mi t S ta ti st ic s

Statistic Description

Multicast Packets The number of multicast packets that were transmitted

successfully.

Broadcast Packets The number of broadcast packets that were transmitted

successfully.

Unicast Packets The number of unicast packets that were transmitted successfully.

Bytes Transmitted The number of bytes of data that were transmitted successfully.

Packets Retry Long The number of normal data packets that were retransmitted.

Packets Retry Short The number of request-to-send (RTS) packets that were

retransmitted.

Packets Max Retries The number of packets that failed to be transmitted successfully

after exhausting the maximum number of retries.

Up Time (hh:mm:ss) The amount of time (in hours:minutes:seconds) since your client

adapter was started. If the client adapter has been running for
more than 24 hours, the time is displayed in days, hours:minutes:
seconds.

7-9

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

Table 7- 4 describes each MIC statistic that is displayed for your client adapter.

Step 4 Tap OK to exit the Statistics screen.

Table 7-4 MIC Statistics

Statistic Description

Packets MIC OK The number of packets that were received successfully with a

valid MIC.

Packets No MIC The number of packets that were discarded due to no MIC being

found.

Packets Incorrect MIC The number of packets that were discarded due to an incorrect

MIC value.

Packets No MIC Seed The number of packets that were discarded due to no MIC seed

being received.

Packets Wrong MIC Seq The number of packets that were discarded due to the MIC

sequence number being wrong.

7-10

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 7 Performing Diagnostics

Viewing Statistics for Your Client Adapter

CHA P TER

8-1

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

8

Routine Procedures

This chapter provides procedures for common tasks related to the client adapter.

The following topics are covered in this chapter:

• Inserting and Removing a PC Card, page 8-2

• Upgrading the Client Adapter Software, page 8-3

• Client Utility Procedures, page 8-8

• CA and User Certificate Procedures (Host-Based EAP on PPC 2002 Devices Only), page 8-10

• Restarting the Client Adapter, page 8-11

8-2

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 8 Routine Procedures

Inserting and Removing a PC Card

Inserting and Removing a PC Card

This section provides instructions for inserting a PC card into or removing a PC card from a
Windows CE device.

Inserting a PC Card into a Windows CE Device

Follow these steps to insert a PC card into a Windows CE device.

Caution This procedure and the physical connections it describes apply generally to conventional PC card

slots. In cases of custom or nonconventional equipment, be alert to possible differences in PC card
slot configurations.

Step 1 Before you begin, examine the PC card. One end has a dual-row, 68-pin PC card connector. The card is

keyed so it can be inserted only one way into the PC card slot.

Caution Do not force the PC card into your computer’s PC card slot. Forcing it will damage both the card and

the slot. If the PC card does not insert easily, remove the card and reinsert it.

Step 2 Insert the PC card into the PC card slot, applying just enough pressure to make sure it is fully seated (see

Figure 8-1).

Figure 8-1 Inserting a PC Card into a Computing Device

Removing a PC Card from a Windows CE Device

Follow the instructions below whenever you need to remove the PC card from your Windows CE device.

To remove a PC card after it is successfully installed and configured, press the Eject button and pull the
card out of the PC card slot. When the PC card is reinserted, your connection to the network should be
re-established.

88498

8-3

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 8 Routine Procedures

Upgrading the Client Adapter Software

Upgrading the Client Adapter Software

This section provides instructions for the following procedures:

• Upgrading the firmware, see below

• Upgrading the driver and client utilities, page 8-6

Upgrading the Firmware

The client adapter is shipped with the firmware installed in its Flash memory; however, a more recent
version of the firmware may be available from Cisco.com. Cisco recommends using the most current
version of radio firmware. Follow the instructions in this section to find the version of your client
adapter’s firmware and to upgrade it if a more recent version is available from Cisco.com.

Note Firmware version 5.40.10 is recommended for use with client adapter driver and utility version 2.50.

Finding the Firmware Version

Follow these steps to determine if you need to upgrade the client adapter’s firmware.

Step 1 To find the version of firmware that your client adapter is currently using, follow these steps:

a. Double-tap the ACU icon or select Start > Programs > Cisco > ACU.

b. Tap th e Firmware tab. The Firmware screen appears (see Figure 8-2).

Figure 8-2 Firmware Screen

8-4

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 8 Routine Procedures

Upgrading the Client Adapter Software

The current version of your client adapter’s firmware is shown at the top of the screen, provided a
client adapter is inserted in your Windows CE device.

Step 2 To find the latest firmware version available on Cisco.com, follow these steps:

a. Use your computer’s web browser to access the following URL:

http://www.cisco.com/public/sw-center/sw-wireless.shtml

b. Select Option #2: Aironet Wireless Software Display Tables.

c. Select Cisco Aironet Wireless LAN Client Adapters.

d. Find the section for client adapter firmware.

e. Select the link for your client adapter’s series (for example, 350 Series).

f. Look at the available filenames for radio firmware. The numbers that follow the “v” indicate the

version number. For example, v50219 indicates a firmware version of 5.02.19.

Step 3 If the firmware available from Cisco.com has a higher number than the firmware currently installed in

your client adapter, follow the instructions in the “Loading New Firmware” section below to upgrade the
firmware.

Loading New Firmware

Caution To minimize the risk of a power failure during the firmware flashing process, which could render your

client adapter inoperable, Cisco recommends that your Windows CE device be plugged into AC power
or have a fully charged battery at the start of flashing. If a power failure does occur, follow the
instructions in the “Technical Assistance Center” section of the Preface to contact TAC for assistance.

Follow the instructions below to load new firmware into your client adapter.

Step 1 Connect your Windows CE device to a laptop or PC running Microsoft ActiveSync. This is typically

done using a serial or USB cable.

A message appears on the Windows CE device indicating that it is connecting to the host. After the
Windows CE device is connected, the New Partnership window appears on the laptop or PC. This
window asks if you want to set up a partnership.

Step 2 Perform one of the following:

• If you want to establish a partnership that allows you to synchronize files between the laptop or PC

and the Windows CE device, select Yes , click Next, and follow the instructions on the screen to
specify the files to be synchronized and to finish setting up the partnership.

• If you do not want to synchronize files and want to connect as a “guest,” select No and click Next.

The screen indicates that you are connected as a guest.

Step 3 Use the laptop or PC’s web browser to access the following URL:

http://www.cisco.com/public/sw-center/sw-wireless.shtml

8-5

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 8 Routine Procedures

Upgrading the Client Adapter Software

Step 4 Select Option #2: Aironet Wireless Software Display Tables.

Note You can download software from the Software Selector tool instead of the display tables. To

do so, select Option #1: Aironet Wireless Software Selector, follow the instructions on the
screen, and go to Step 9.

Step 5 Select Cisco Aironet Wireless LAN Client Adapters.

Step 6 Find the section for client adapter firmware.

Step 7 Select the link for your client adapter’s series (for example, 350 Series).

Step 8 Select the latest firmware file for your client adapter.

Step 9 Complete the encryption authorization form; then read and accept the terms and conditions of the

Software License Agreement.

Step 10 Select the firmware file again to download it.

Step 11 Save the file to a floppy disk or to the hard drive of your laptop or PC.

Step 12 Locate the file using Windows Explorer, double-click it, and extract the image file (*.img) to a folder.

Step 13 In the ActiveSync window on the laptop or PC, click the Explore button to view the files on the Windows

CE device.

Step 14 Drag and drop the firmware image from Windows Explorer to a location in the ActiveSync window.

Note If your Windows CE device is a PPC running Windows CE 3.0, you must copy the firmware

image to the My Documents folder or a folder under My Documents.

Step 15 After the file is copied, disconnect the Windows CE device.

Step 16 Make sure the client adapter is installed in your Windows CE device and is operational.

Step 17 On your Windows CE device, open ACU and tap the Firmware tab. The Firmware screen appears (see

Figure 8-2).

Step 18 Tap t h e Browse button. The Open window appears (see Figure 8-3).

8-6

Cisco Aironet 350 Series Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE

OL-1375-04

Chapter 8 Routine Procedures

Upgrading the Client Adapter Software

Figure 8-3 Open Window

Step 19

Perform one of the following:

• If you are using a PPC device, select the folder from the Folder drop-down menu where the new

firmware image is located. Then tap the new firmware image file (*.img) in the Name field in the
center of the window.

• If you are using an HPC or Windows CE .NET device, locate the new firmware image file (*.img)

and select it so that it appears in the Name field at the bottom of the screen.

Step 20 Tap OK.

Note If the OK button is unavailable, tap the Enter key on the Windows CE device’s keyboard.

A progress bar displays as the new firmware is loaded. If the selected image is loaded successfully into
the client adapter’s Flash memory, a “Firmware Upgrade Complete!” message appears.

Step 21 Tap OK to exit the Firmware screen.

Upgrading the Driver and Client Utilities

Follow the instructions in this section to find the versions of your client adapter’s driver and client
utilities and to upgrade them if more recent versions are available from Cisco.com.

Note The driver, client utilities, and online help files are installed together.