Fujitsu siemens Wireless LAN User Guide

answers 2
User Guide
Wireless LAN
English
Dieses Handbuch wurde auf Recycling-Papier gedruckt. This manual has been printed on recycled paper. Ce manuel est imprimé sur du papier recyclé. Este manual ha sido impreso sobre papel reciclado. Questo manuale è stato stampato su carta da riciclaggio. Denna handbok är tryckt på recyclingpapper. Dit handboek werd op recycling-papier gedrukt.
Herausgegeben von/Published by Fujitsu Siemens Computers GmbH
Bestell-Nr./Order No.: A26391-K133-Z131-1-7619 Ausgabe/Edition 3 Printed in the Federal Republic of Germany AG 0704 07/04
Wireless LAN (general)
Wireless LAN
User Guide
Installation of Odyssey
Using Odyssey Client
Index
July 2004 edition
Microsoft, MS, MS-DOS, W indows, and Windows NT are registered trademarks of Microsoft Corporation.
Odyssey is a registered trademark of Funk Software.
All other trademarks referenced are trademarks or registered trademarks of their respective owners, whose protected rights are acknowledged.
Copyright Fujitsu Siemens Computers GmbH 2004
All rights, including rights of translation, reproduction by printing, copying or similar methods, in part or in whole, are reserved.
Offenders will be liable for damages.
All rights, including rights created by patent grant or registration of a utility model or design, are reserved.
Delivery subject to availability. Right of technical modification reserved.
This manual was produced by cognitas. Gesellschaft für Technik-Dokumentation mbH www.cognitas.de

Contents

Wireless LAN (general)....................................................................................................................1
Wireless network as per IEEE 802.11 standard.................................................................................1
Ad hoc mode .............................................................................................................................2
Infrastructure mode....................................................................................................................2
Operating system requirements ................................................................................................. 2
Wireless network names (SSID)................................................................................................3
802.11 network security.............................................................................................................3
Wired-Equivalent Privacy (WEP) with preconfigured keys .........................................................4
Wi-Fi Protected Access (WPA) and TKIP encryption.................................................................4
802.1X standard ................................................................................................................................5
Extensible Authentication Protocol (EAP) ..................................................................................5
Important notes .................................................................................................................................6
Safety notes...............................................................................................................................6
CE marking................................................................................................................................6
Radio frequencies and security standards .................................................................................7
Installation of Odyssey....................................................................................................................9
Installing Odyssey Client ...................................................................................................................9
Configure and Enable Wizard ....................................................................................................9
Using Odyssey Client ....................................................................................................................11
Odyssey Client Manager Overview.................................................................................................. 11
Odyssey Client Manager display..............................................................................................12
Controlling network connections - "Connection" window..................................................................12
Selecting an adapter................................................................................................................13
Connecting to a network ..........................................................................................................13
Scanning for wireless networks................................................................................................13
Reconnecting to a network ......................................................................................................15
Reauthenticating in a network..................................................................................................15
Disconnecting from a network connection................................................................................ 15
Viewing connection information ...............................................................................................15
Defining profiles - "Profiles" window.................................................................................................16
Adding or changing profile - "Profile Properties" window.......................................................... 17
"Authentication" tab .................................................................................................................20
Configuring wireless networks - "Networks" window ........................................................................27
Adding or changing networks – "Network Properties" window..................................................28
Specifying trusted servers - "Trusted Servers" window ............................................................34
Simple method for configuring trusted servers .........................................................................35
Advanced method for configuring trusted servers ....................................................................37
Untrusted servers ....................................................................................................................42
Configuring network adapters - "Adapters" window..........................................................................43
Adding a wireless adapter........................................................................................................45
Removing an adapter from the list of adapters.........................................................................45
Odyssey Client Manager - "Settings" menu .....................................................................................46
"Preferences" menu item .........................................................................................................46
"Security settings" menu item ..................................................................................................47
"Enable/Disable Odyssey" menu item......................................................................................49
"Close" menu item ...................................................................................................................49
Odyssey Client Manager - "Commands" menu ................................................................................ 49
"Forget Password" menu item .................................................................................................50
"Forget Temporary Trust" menu item .......................................................................................50
A26391-K133-Z131-1-7619, edition 3
Contents
Odyssey Client Manager - "Help" menu .......................................................................................... 50
"Help topics" menu.................................................................................................................. 50
"License keys" menu item ....................................................................................................... 51
"Odyssey" context menu ................................................................................................................. 51
"Odyssey for Fujitsu Siemens Computers" menu item ............................................................ 51
"Enable Odyssey/Disable Odyssey" menu item ...................................................................... 51
"Help" menu item .................................................................................................................... 52
"Exit" menu item...................................................................................................................... 52
Features......................................................................................................................................... 53
Overview......................................................................................................................................... 53
Technical details ............................................................................................................................. 54
Declaration of Conformity ............................................................................................................ 57
Index .............................................................................................................................................. 59
A26391-K133-Z131-1-7619, edition 3

Wireless LAN (general)

A wireless network card is integrated in your device. This User Guide describes how to make the settings for your wireless LAN.
Notational conventions
The meanings of the symbols and fonts used in this manual are as follows:
Pay particular attention to texts marked with this symbol. Failure to observe this warning endangers your life, destroys the system, or may lead to loss of data. Failure to follow the
!
instructions may lead to loss of data, invalidate your warranty, destroy the device, or endanger your life.
Indicates important information which is required to use the system properly.
i
Text which follows this symbol describes activities that must be performed in the order shown.
Text in this typeface indicates screen outputs.
Text in italics indicates programme names, commands or menu items.
"Quotation marks" indicate names of chapters, disks and other media and terms that are being emphasised.

Wireless network as per IEEE 802.11 standard

The integrated network card operates in accordance with the IEEE 802.11 standard. Frequencies from the ISM frequency bands are used as a communication medium (ISM, Industrial, Scientific, Medical). The wireless network card may be operated without registration and free of charge. The IEEE 802.11 standard provides several options for using the ISM frequency bands:
IEEE 802.11a 5.0 GHz band 54 Mbit/s
IEEE 802.11b 2.4 GHz band 11 Mbit/s
IEEE 802.11g 2.4 GHz band 54 Mbit/s
The wireless networks operating in accordance with 802.11 can easily be connected to existing Ethernet networks. With the exception of a few additional parameters, wireless network cards that operate in accordance with 802.11 are one system with a normal Ethernet card. This means that you can use all protocols via a 802.11 wireless network just as with a cable-connected Ethernet (IP, IPX, NetBIOS,...). The only difference is that you need not lay cables between the computers. The number of all wireless LAN stations that can reach each other directly is generally referred to as a cell. The IEEE standard offers two operating modes - the ad hoc mode (peer-to-peer) and the infrastructure mode.
In addition to describing modulation and data framing, this standard includes an authentication and encryption method called Wired Equivalent Privacy (WEP). Many corporations are deploying wireless 802.11 networks. 802.11 networks are beginning to appear in hotels, airports, and other "hotspots" as a means of internet access.
A26391-K133-Z131-1-7619, edition 3 1
Wireless LAN (general)

Ad hoc mode

A wireless LAN in the ad hoc mode, also called peer-to-peer mode, consists of a single closed cell. Ad hoc wireless networks result when a workgroup comes together with its systems and would like to interconnect these for data exchange. Any number of systems can be added to this type of network and can leave it again.
So that several ad hoc wireless networks do not interfere with each other in radio traffic, there is a unique network name, the SSID (Service Set Identifier). The SSID is used for addressing so that a data packet can always be assigned to a certain cell.
If you want to join an existing cell, you require the network name (SSID), which you enter in the settings for the network card. The network card then searches for a wireless network with this SSID during start-up. When the network card has found a wireless network, it connects to it and you can communicate with the systems in this wireless network. If two cells are very close together, the radio channels of these networks should be 4 to 5 channels apart. This applies to 802.11b and 802.11g.

Infrastructure mode

In the infrastructure mode, a base station, referred to as an access point, exists in addition to the mobile stations. In the infrastructure mode the access point assumes the function of a "guard". In contrast to the adhoc mode, each system must log on to the AccessPoint before it is allowed to exchange data in the cell.
Another task of the access point is the connection of the cells with a cable-connected Ethernet. As due to the logon requirement, the access point knows at all times exactly which stations are on the radio side, it can decide exactly which data must be sent to it and which don't. This process is also referred to as bridging.
To increase the range of a wireless network, several access points with the same SSID can be used.
When a system enters the wireless net, it searches among the reachable access points for the one with the strongest signal and logs on there. Two systems logged on to different access points communicate with each other in this way, even when they are not within direct radio reach. If a system also continuously monitors the radio situation after the logon, it can detect how the signals from an access point become weaker and those of another become stronger, and can then log on to the stronger one without the user noticing. This procedure is referred to as roaming.

Operating system requirements

Windows 2000 and Windows XP
2 A26391-K133-Z131-1-7619, edition 3
Wireless LAN (general)

Wireless network names (SSID)

Each wireless network has a name. You can select the wireless network you want to connect to, by specifying its name. Network names allow different wireless networks in the same vicinity to coexist without intruding on each other. For example, the company next door to yours may also use wireless networking, and you want to make sure that your PC connects to your company’s network, and not the other’s, even though your PC is within range of their access points. (How to prevent intruders from connecting to your company’s network is the subject of the security discussion, below.) A network name is simply a text sequence up to 32 characters long, such as "Bayonne Office", or "Acme-Marketronics", or "BE45789", for example. A network name is case-sensitive, so you have to be careful if you type it in. You always have the option to scan for available networks. This allows you select the network from a list, preventing any network naming errors. The 802.11 standard refers to network names as "Service Set Identifier", or SSID for short.

802.11 network security

With the advent of wireless networking, security becomes a critical concern to a far greater extent than it had been previously, for the simple reason that it is easy for an attacker to eavesdrop on such connections. With wired networking, most organisations can rely on physical security to protect their networks. An attacker would have to get inside a company’s offices to be able to plug in to the LAN and observe network traffic.
All it takes to observe wireless network traffic is a PC with a wireless card and a comfortable spot in the parking lot outside or in the office next door. The following are some of the things that are required to make a wireless network safe:
A user must be authenticated by the network before he or she is allowed access, to make the
network safe from intruders.
The network must be authenticated by the user before the user allows his or her PC to connect
to the network. This is to prevent a wireless device posing as a legitimate network from gaining access to the user’s PC.
The mutual authentication between user and network must be cryptographically protected.
This insures that you are connecting to the network you want, and not some phony one.
The wireless connection between a PC and access point must be encrypted, so
eavesdroppers cannot access data that is supposed to be private.
There are two basic mechanisms for providing this type of secure encryption over a wireless network:
Preconfigured secrets, called WEP keys. These keep unauthorised users off the wireless
network and encrypt the data of legitimate users.
Authentication using a protocol called 802.1X. This uses a variety of underlying authentication
protocols to control network access. The strongest of these protocols can provide mutual authentication of user and network, and can dynamically create keys to encrypt wireless data.
A26391-K133-Z131-1-7619, edition 3 3
Wireless LAN (general)

Wired-Equivalent Privacy (WEP) with preconfigured keys

With preconfigured WEP (Wired-Equivalent Privacy), both the client PC and access point are assigned the same secret key. This key is used to encrypt all the data between the PC and access point. In addition, the W EP key can be used to authenticate the client PC to the access point. Unless the PC can prove it knows the WEP key, it is not allowed onto the network.
If the access point requires a WEP key for authentication, you must carry out the assignment to the access point in the Shared mode. The association mode is set in the network properties.
If the access point does not require a WEP key for authentication, this is referred to as the "open" mode. The association mode is set in the network properties.
If the access point requires a WEP encryption for WPA instead of TKIP for the authentication, all required WEP keys are generated from an ASCII passphrase, which you configure for your access point and for Odyssey Client.
See the following topics:
"Specifying association mode", for directions for selecting an association mode in Odyssey Client
"Specifying an appropriate encryption method for your association mode", for directions for selecting WEP encryption when using shared mode
"Preconfigured keys (WEP)", to use static WEP keys with Odyssey Client
"Pre-shared keys (WPA)", to configure W EP encryption in W PA mode

Wi-Fi Protected Access (WPA) and TKIP encryption

As an enhancement to the 802.11 wireless standard, Wi-Fi Protected Access (WPA) encompasses a number of security enhancements over Wired-Equivalent Privacy. These enhancements include the following:
Improved data encryption via TKIP (temporal key integrity protocol). TKIP provides stronger encryption than WEP, by dynamically updating the encryption keys every 10,000 packets.
802.1X authentication with EAP. If the hardware of the access points in your network requires that you carry out the authentication via the extended WPA mode, you can configure Odyssey Client so that the authentication is carried out in the W PA mode. If the hardware is configured for TKIP encryption, you can configure Odyssey Client for this enhanced data encryption method as well. In addition to conforming to 802.1X specifications for dynamic key generation (available with the strongest authentication methods), W PA allows for pre-shared keys to be generated for TKIP (or WEP) encryption from a passphrase. If you configure a passphrase for key generation in your access points, you must configure the same passphrase in Odyssey Client.
4 A26391-K133-Z131-1-7619, edition 3
Wireless LAN (general)
See the following topics:
"Specifying association mode", to use W PA mode with Odyssey Client
"Specifying an appropriate encryption method for your association mode", to use TKIP
encryption in WPA mode
"Pre-shared keys (WPA)" to configure a static passphrase

802.1X standard

The IEEE 802.1X protocol provides authenticated access to a LAN. This standard applies to wireless as well as wired networks. In a wireless network, the 802.1X authentication occurs after the
802.11 association is implemented. Wired networks use the 802.1X standard without any 802.11 association.
The WEP protocol using preconfigured keys has various shortcomings, both in terms of ease of administration, as well as security. To alleviate these problems, the IEEE introduced another standard, 802.1X. 802.1X provides better security than preconfigured WEP keys, and is easier to deploy, particularly on large networks.
Using preconfigured WEP keys, it is the wireless client PC that is authenticated to the network. W ith
802.1X, it is the user that is authenticated to the network with the user credentials, which may be a password, a certificate, or a token card. The authentication is not performed by the access point, but rather by a central server. If this server uses the RADIUS protocol, it is called a RADIUS server.
With 802.1X, a user can log in to the network from any PC, and many access points can share a single RADIUS server to perform the authentication. This makes it much easier for the network administrator to control access to the network.
See the following topics for details:
Extensible Authentication Protocol (EAP)
Session resumption
Reauthentication

Extensible Authentication Protocol (EAP)

802.1X uses the protocol called EAP (Extensible Authentication Protocol), to perform authentication. EAP is not an authentication mechanism per se, but is a common framework for transporting actual authentication protocols. The advantage of EAP is that the basic EAP mechanism does not have to be altered as new authentication protocols are developed.
A26391-K133-Z131-1-7619, edition 3 5
Wireless LAN (general)

Important notes

Safety notes

Most of the safety information is contained in the "Getting Started" manual of your device. Some of the most important information is outlined below.
Switch off the radio components (Bluetooth or wireless LAN) on the device when you are in a hospital, an operating room or near a medical electronics system. The transmitted radio waves can impair the operation of the medical devices.
The "EasyGuide" manual provided with your device describes how to deactivate the radio component.
Keep the device at least 20 cm from a pacemaker, as otherwise the proper operation of the pacemaker may be impaired by radio waves.
The transmitted radio waves can cause an unpleasant humming in hearing aids.
Switch off the device when you are in an aircraft or driving in a car.
Do not let the device near flammable gases or into hazardous environments (e.g. paintshops)
with radio components switched on, as the transmitted radio waves can cause an explosion or a fire.
The company Fujitsu Siemens Computers GmbH cannot be held responsible for radio or television faults arising from unauthorised changes made to this device. Fujitsu Siemens is, furthermore, not responsible for replacing and / or exchanging connector cables and devices which have not been specified by Fujitsu Siemens Computers GmbH. The user is solely responsible for repairing faults arising from such unauthorised changes made to a device and for replacing and/or exchanging devices.

CE marking

This equipment complies with the requirements of Directive 1999/5/EC of the European Parliament and Commission from 9 March, 1999 governing Radio and Telecommunications Equipment and mutual recognition of conformity.
This device is approved for use in Belgium, Denmark, Germany, Finland, Greece, Great Britain, Ireland, Italy, Luxembourg, the Netherlands, Austria, Portugal, Sweden, Switzerland, Spain, Iceland, Liechtenstein and Norway. Contact the corresponding government office of the respective country for current information on possible operating restrictions. If your country is not included in the list, then please contact the corresponding supervisory authority as to whether the use of this product is permitted in your country.
6 A26391-K133-Z131-1-7619, edition 3
Wireless LAN (general)
Restrictions
France
Limited frequency range: only the channels 10 to 13 (2457 MHz or 2472 MHz) may be
used in France. It is prohibited to use the device outdoors.
Italy
A ministerial permit is also required for use indoors. Please contact the seller concerning
the required procedure. It is prohibited to use the device outdoors.
Netherlands
A licence is required for use outdoors. Please contact the seller concerning the required
procedure.

Radio frequencies and security standards

The following information represents the status of January 2002. Current information is available from the corresponding government office of your country (e.g. www.regtp.de).
IEEE standard 802.11a frequencies
Country Channel
36 5180 MHz
Austria X X X X
Belgium X X X X X X X X
Denmark X X X X
Finland X X X X X X X X
France X X X X
Germany X X X X
Greece
Italy
Ireland X X X X X X X X
Luxembourg
Netherlands X X X X
Norway X X X X
Portugal X X X X
Spain
Sweden X X X X
Switzerland X X X X
Great Britain X X X X X X X X
Channel 40 5200 MHz
Channel 44 5220 MHz
Channel 48 5240 MHz
Channel 52 5260 MHz
Channel 56 5280 MHz
Channel 60 5300 MHz
Channel 64 5320 MHz
A26391-K133-Z131-1-7619, edition 3 7
Wireless LAN (general)
IEEE standard 802.11b (11 Mbits/s) / 802.11g (54 Mbits/s) frequencies
Wireless network cards and adapters are intended for operation in the ISM (Industrial, Scientific, Medical) frequency range between 2.4 and 2.4835 GHz in accordance with the IEEE 802.11b standard. As each of the 13 usable radio channels requires a bandwidth of 22 MHz due to the DSSS (Direct Sequence Spread Spectrum) process, a maximum of three mutually independent channels (e.g. 1, 6 and 11) are available. In the following tables you will find the channels permitted in your country:
Channel No. / MHz
1 / 2412 X X X
2 / 2417 X X X
3 / 2422 X X X
4 / 2427 X X X
5 / 2432 X X X
6 / 2437 X X X
7 / 2442 X X X
8 / 2447 X X X
9 / 2452 X X X
10 / 2457 X X X X
11 / 2462 X X X X
12 / 2467 X X
13 / 2472 X X
Europe, R&TTE
France, R&TTE
US FCC
CA RSS-210
8 A26391-K133-Z131-1-7619, edition 3

Installation of Odyssey

The installation software for Odyssey Client is located in the directory C:\Add on\Software.
Before you install, please note the following:
Your wireless network adapter card and associated driver software should have already been installed.
Under Windows 2000 and Windows XP you must have administrator rights.

Installing Odyssey Client

To install Odyssey Client:
Double-click on the file FSC-OdysseyClient.msi in the directory C:\Add on\Software.
The installation wizard is run to guide you through the installation process.
Click on Next to continue.
The licence conditions are shown.
Click on the option I accept the terms in the license agreement to recognise the licence conditions
and click on Next to continue.
Enter your user data and click on Next to continue.
Select the Complete option in the Setup Type window to carry out the installation in the default
directory. Select the Custom option if you want to specify the installation directory yourself. This option should only be used by experienced users. Click on Next to continue.
The installation wizard now has all information required to begin with the installation.
Click on Back if you want to check or change your entries, and click on Install to start the
installation.
The installation is started. This can take a few minutes. When the installation is completed, the InstallShield Wizard Completed window will appear. You can run the Odyssey Client immediately or have the Readme file displayed first.
Click on Finish to complete the installation.
On a computer with several user accounts, Odyssey Client is available following installation of all users. However, the settings for control of the Odyssey Client operation are user-specific and must be carried out for each user account individually.

Configure and Enable Wizard

When you install Odyssey Client for the first time, Configure and Enable Wizard automatically appears following the installation to complete configuration of and activate Odyssey Client.
If you do not want to carry out the configuration at this time, you can do this later. Start the Odyssey Client Manager under Start – Programs – Fujitsu Siemens Computers – Odyssey Client for Fujitsu Siemens
Computers – Odyssey Client Manager for Fujitsu Siemens Computers. Configure and Enable Odyssey Wizard automatically starts up.
A26391-K133-Z131-1-7619, edition 3 9

Using Odyssey Client

Odyssey Client Manager Overview

Odyssey Client for Fujitsu Siemens Computers is the name of the Windows interface of the Odyssey Client Manager with which you can control and configure your wireless LAN. This interface is consistent for all Fujitsu Siemens Computers platforms on which you can run the product.
Start the Odyssey Client Manager under Start – All Programs – Fujitsu Siemens Computers –
Odyssey Client for Fujitsu Siemens Computers – Odyssey Client Manager or double-click on the
Odyssey Client Manager icon in the task bar.
A26391-K133-Z131-1-7619, edition 3 11
Using Odyssey Client

Odyssey Client Manager display

For most network connections, Odyssey Client Manager consists of a number of windows that allow you to control different aspects of its operation:
In the Connection window you can control your network connection and view your current connection status.
Use the Profiles window to set information that is used when you authenticate, or log in, to the network, such as your password or certificate.
Use the Networks window to configure different wireless networks and how you want to connect to them.
Use the Trusted Servers window to set certificate and identity information about the servers that may authenticate you when you connect, to ensure that you are logging in to the network that you intend.
The Adapters window lets you configure one or more network adapters (interface cards) for wireless networks.
All of the windows are listed at the left of the Odyssey Client Manager display. Click the name of any window to view or modify it.

Controlling network connections - "Connection" window

12 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

Selecting an adapter

If you or your administrator has configured more than one adapter for use with Odyssey, then you can use the Adapter drop-down list in the Connection window to associate any of those adapter cards with a network connection.
Once you select an adapter, the Adapter type field in the Connection window is updated to reflect the type of wireless adapter you select.

Connecting to a network

When you connect to a network using a wireless adapter, you specify all the information required for the connection using an Odyssey Client network definition. In the process, you must also enter the authentication information you have previously defined in an Odyssey Client profile (see "Adding or changing profile - "Profile Properties" window" in the "Defining profiles - "Profiles" window" section).
The Connect to network checkbox lets you connect and disconnect from the wireless network. If you want to be connected to a wireless network, make sure this box is marked.
The drop-down list to the right of Connect to network lets you select a wireless network to connect to. All networks you have already configured using the Networks window appear in this list.
The network names are shown in square brackets after the network description.
The following symbol is located before the name:
for networks
To connect to a network that you have already configured:
Select the network you wish to establish the connection to from the selection menu.
Mark Connect to network, if it is not already marked.
To disconnect from a network, unmark Connect to network.

Scanning for wireless networks

If you travel frequently, you may want to want to authenticate through locally available wireless networks that you have not already configured. To connect to a wireless network that is not yet configured, follow these steps:
Click on Scan in the Connection window.
Odyssey Client surveys the air waves and displays a list of all wireless networks that are currently reachable.
A26391-K133-Z131-1-7619, edition 3 13
Using Odyssey Client
Select the network to which you want to connect, and click OK.
If you have already configured the settings for this network, Odyssey Client attempts to
connect to it using those settings.
If you have not yet configured settings for this network, the Network Properties window
first appears. Specify settings and click OK.
Odyssey Client attempts to connect to the network.
14 A26391-K133-Z131-1-7619, edition 3
Only those wireless networks for which the administrator has configured SSID (network name) as visible ("send beacons") are visible during scanning.) If the SSID is not visible,
i
then you must enter the network from the Networks window.
Using Odyssey Client

Reconnecting to a network

If the radio connection to a network does not function properly, you can disconnect the existing connection and establish a new connection.
Click on Reconnect in the Connection window.
The existing connection is disconnected and a new connection to the selected wireless network is established. The new connection may be with a different access point (on the same network) than your previous connection, depending on factors such as signal strength. If authentication is required on this network, you are reauthenticated when the new connection starts. If dynamic encryption keys are in use, they are refreshed.

Reauthenticating in a network

When you click Reauthenticate in the Connection window, Odyssey Client reauthenticates you over the existing connection shown in the display, without starting a new connection. If dynamic encryption keys are in use, they are refreshed.

Disconnecting from a network connection

To disconnect a network connection, remove the marking in the checkbox Connect to network for wireless connections.

Viewing connection information

The Status field in the Connection window displays the current status of your connection to the network through this adapter. One of the following messages appears:
Status message Definition
open and authenticated The connection is authenticated, and you are connected.
open / authenticating Reauthentication is in progress, and you are connected.
open / requesting authentication You have requested reauthentication, and you are connected.
open The connection is not authenticated, but you are connected.
peer-to-peer The network type is peer-to-peer (ad hoc), and you are
authenticating You are not yet connected, but authentication is in progress.
requesting authentication You are not yet connected, but you have requested
waiting to authenticate You are not yet connected and the last authentication was
A26391-K133-Z131-1-7619, edition 3 15
connected.
authentication from the access point.
unsuccessful, however you are waiting for another attempt.
Using Odyssey Client
Status message Definition
searching for access point You are not connected, and communication with an access
searching for peer(s) You are not connected, and communication with other PCs
disconnected You are not connected, and Connect to network may be
Odyssey is disabled You are not connected and Odyssey Client has been
adapter not present You are not connected and the configured adapter is not
The Elapsed time field in the Connection window displays the time that has elapsed since the current connection has begun.
The Network (SSID) field displays the name of the wireless network to which you are connected. Refer also to "Wireless network names (SSID)".
The Access point field displays the MAC address of the wireless access point to which you are connected. (A MAC address is a unique 48-bit number encoded into a device by the manufacturer.)
The Packets in/out field displays the total number of network packets received and transmitted since this connection began.
point on the requested network has not been established. This may occur when your adapter does not support 802.1X, or if your access point is not within range.
on the peer-to-peer network has not been established.
unmarked. Refer to "Connecting to a network".
disabled.
currently available. This may occur when your adapter does not support 802.1X.

Defining profiles - "Profiles" window

An Odyssey Client profile contains all the information necessary to authenticate you to the network. This includes information such as your login name, your password or certificate, and the protocols by which you can be authenticated. Your profile is, in effect, the identity that you present to the network and the means that you use to prove that identity.
You can have different profiles for different networks. For example, you may have different login names or passwords on different networks, or you may use a password on one network, and a certificate on another.
Click in the Odyssey Client Manager on Profiles to display the window.
16 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
The Profiles window lists all the profiles that have been configured. When you first use Odyssey Client Manager, you may find a profile called Initial Profile, containing commonly used settings. Alternatively, your network administrator may have already created one or more profiles for you.
To add a profile, click Add. The Profile Properties window appears. Set the name for the new profile, configure the settings, and click OK.
To remove a profile, select the profile and click Remove.
To modify a profile, select the profile and click Properties, or double-click the profile. The Profile
Properties window appears. Modify the settings and click OK.

Adding or changing profile - "Profile Properties" window

The Profile Properties window allows you to configure a profile. The window is displayed when you click Add or Properties from the Profiles window.
When you add a new profile, you must enter a unique name in the Profile Name field. For example, you may want to use "Office", for your profile associated with your place of employment, and "Home" for your home network.
Once you specify and save a profile, you do not have the ability to edit the profile name when you edit any of its other profile properties. You can, however, remove the profile and create a new one with a different name.
A26391-K133-Z131-1-7619, edition 3 17
Using Odyssey Client
In addition to the profile name, you can configure (and edit) the following parameters in a profile:
Login name in the User Info tab
Password and/or certificate in the Authentication tab
A specification of the authentication protocols which can be used for your authentication for the network in the TTLS Settings and PEAP Setting tabs
"User Info" tab
The User Info tab lets you configure the name you use to log in, as well as your password and/or certificate information.
18 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Login name
Enter your user name into the Login name field. This is the name that is presented to the network when you authenticate. If you are authenticating against a Windows Active Directory, use the form, domain\user name, (for example, Acme\george). Otherwise you use a login name in accordance with the syntax which your administrator has specified for user names in the authentication database.
Please note that:
If you are logged in to your network domain, (as opposed to local logon), by default, Odyssey Client populates this field with the standard network form, domain\user name, where user name is your user name.
If you are logged in to your client locally (as opposed to a network domain), Odyssey Client only enters your user name in this field.
It is possible that you must add the server name after your login name for the purpose of routing your authentication to the proper server.
For example, acme\george@sales.acme.com. Your network administrator can tell you how to set this field correctly.
Password
Mark Permit login using password to enable authentication methods that use your password for authentication. You can specify which password Odyssey Client uses:
Select use Windows password if you want to authenticate to the network using the same password you present when you log in to Windows.
Select prompt for password if you want Odyssey Client to prompt you when it is time to authenticate.
Select use the following password and enter a password in the box below, if you want Odyssey Client to save your password and use it each time you authenticate with this profile.
If you select prompt for password, you are generally only prompted the first time you are authenticated after startup. Odyssey Client remembers this password and reuses it for the duration of your Windows session. The password you enter applies only to a single profile. If you are authenticated using a different profile, you are prompted again.
You may also be prompted to enter your Windows password when connecting to the network on some occasions.
If you accidentally enter an incorrect password or have any other type of authentication failure. This feature is in place, in part, so as to prevent accidental lockout due to the reuse of bad passwords.
If you are required to change your Windows password periodically, and you are accessing the network with EAP-TTLS or PEAP authentication before Windows logon.
Certificate
Mark Permit login using my certificate to enable authentication methods that use your certificate for authentication.
To select a personal certificate with which to authenticate, click Browse. A list of your personal certificates appears. Select a certificate and click OK.
A26391-K133-Z131-1-7619, edition 3 19
This is an advanced feature. See your network administrator for information on which certificate to select if you require one.
i
Using Odyssey Client

"Authentication" tab

In the Authentication tab you can specify protocols with which you authenticate yourself in the network.
20 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Selecting Authentication Protocols
The Authentication protocols list displays the protocols that you have enabled for authentication. You may have a single authentication protocol in the list, or you may have several. If you have more than one, you can order them by preference. The sequence determines the protocol which the server uses when more than one common protocol is available.
To reorder protocols, select a protocol and use the up and down arrow buttons to reposition it.
To remove a protocol, select the protocol, and click Remove.
To add a protocol to the list, click Add. The Add EAP Protocol window appears. Select one or
more protocols to add, and click OK. You can select more than one protocol if you hold down Ctrl on your keyboard as you select with your mouse. Note that any protocols you have already selected are not listed in this window.
Validating the Server Certificate
Certain protocols, such as EAP-TTLS, PEAP, and EAP-TLS, allow you to verify the identity of the authentication server as the server verifies your identity. This is called mutual authentication.
Mark Validate server certificate to verify the identity of the authentication server based on its certificate when using EAP-TTLS, PEAP, and EAP-TLS. (This field is marked by default.) You can select trusted authentication server certificates using the Trusted Servers window. Refer to "Specifying trusted servers - "Trusted Servers" window".
You should, as a general rule, mark Validate server certificate. As an option, you can deactivate this important security measure, however only when no certificate is required by the server. You should only do so when your network administrator instructs you to.
A26391-K133-Z131-1-7619, edition 3 21
Using Odyssey Client
"TTLS Settings" tab
The TTLS Settings tab lets you configure the use of EAP-TTLS as an authentication protocol. These settings are only relevant when you select EAP-TTLS as one of your authentication protocols in the Authentication tab.
EAP-TTLS works by creating a secure, encrypted tunnel through which you present your credentials to the authentication server. Thus, inside EAP-TTLS there is yet another inner authentication protocol that you must configure.
22 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Selection of inner authentication protocol
Select the desired inner authentication protocol in the Inner Authentication Protocol selection menu. The following protocols are available:
PAP
CHAP
MS-CHAP
MS-CHAP-V2
PAP/Token
EAP
The most commonly used protocol is MS-CHAP-V2. The protocol allows you to be authenticated against a Windows Domain Controller as well as other, non-Windows user databases.
CHAP is the most frequently used protocol for the authentication of user databases which do not run under Windows.
PAP/Token is the protocol to use with token cards. W hen you use PAP/Token, the password value you enter into the password dialogue is never cached, since any Token-based password is only good for one use.
Check with your network administrator to determine which inner authentication protocol can be used on your network.
EAP as inner authentication protocol
If you select EAP as your inner authentication protocol, you must configure the list of Inner EAP protocols with one or more protocols.
To add a protocol to the list, click Add. The Add EAP Protocol window appears. Select one or
To remove a protocol, select the protocol, and click Remove.
To reorder protocols, select a protocol and use the up and down arrow buttons to reposition it.
You cannot use CHAP as a process for the inner authentication for a Windows NT domain or Active Directory. Therefore, do not use CHAP for authentication on the
i
Odyssey-Server, as it only authenticates itself for a Windows domain or an Active Directory.
more protocols to add, and click OK. You can select more than one protocol if you hold down Ctrl on your keyboard as you select with your mouse. Note that any protocols you have already added are not listed in this window.
A26391-K133-Z131-1-7619, edition 3 23
Using Odyssey Client
Setting an anonymous name
EAP-TTLS has a unique feature that other protocols do not offer. Because EAP-TTLS sets up an encrypted tunnel for your credentials, it is also able to pass your login name through that tunnel. That means that not only are your credentials secure from eavesdropping, but your identity is protected as well.
Thus, with EAP-TTLS you have two identities: an inner one, and an outer one. The inner identity is your actual login name, and is taken from the Login name field in the User Info tab. Your outer identity can be completely anonymous. Set your outer identity in the Anonymous name field.
As a general rule, set Anonymous name to anonymous, that is, its default value. In some cases you are required to add additional text. For example, if this outer identity is used to route your authentication to the proper server, and you may be required to use anonymous@acme.com. Your network administrator can tell you how to configure this field correctly.
"PEAP Settings" tab
If you select EAP/PEAP as an authentication method in the Authentication tab, then you can use up to three inner EAP authentication methods:
EAP/MS-CHAP-V2
EAP/Token Card
EAP/MD5-Challengeto add or remove any inner authentication methods used with PEAP:
Select the PEAP Settings tab.
Your outer identity can be anonymous only if EAP-TTLS is the only authentication protocol configured on the Authentication Protocols tab. If other protocols are also enabled,
i
Odyssey Client cannot keep your identity private, and the Anonymous name field is disabled. If you would like the anonymity EAP-TTLS provides, you must configure EAP­TTLS as the sole authentication protocol.
24 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Select any protocols you want to remove and click Remove.
Click Add to add a protocol.
A26391-K133-Z131-1-7619, edition 3 25
Using Odyssey Client
The Add EAP Protocol window appears.
Select one or more protocols to add, and click OK.
Note that any protocols you have already selected are not listed in this window.
Click OK when you are completely done modifying the profile configuration.
26 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

Configuring wireless networks - "Networks" window

The Networks window allows you to configure settings for connecting to any number of wireless networks.
Click in the Odyssey Client Manager on Networks to display the window.
All configured networks are listed. You can perform the following tasks in the Networks window:
To add a network, click Add. The Network Properties window appears. Configure the settings for the new network and click OK (see section "Adding or changing networks – "Network Properties" window").
To remove a network, select the network and click Remove.
To modify the settings for a network, select the network and click Properties, or double-click the
network name. The Network Properties window appears. Modify the settings and click OK (see section "Adding or changing networks – "Network Properties" window").
A26391-K133-Z131-1-7619, edition 3 27
Using Odyssey Client
Network titles
The network designations in the Networks window are structured as follows:
The name of the network appears in angled brackets.
The description of the network precedes the name. This description is taken from the
Description field in the Network Properties window. You can add your own description to any network you configure. This helps you to distinguish networks.
The field for the network description is useful in situations in which you want to switch between different "personalities" in one and the same network. For example, you may want to use different credentials at different times. The description field also makes it possible to distinguish between two different networks with the same network name.
Network names are arbitrary text chosen by an administrator. So it is possible for two unrelated networks to have the same name. In the illustration of the Networks window, there are two Toronto networks. The configured descriptions indicate that password credentials are used with one and certificate credentials with the other.
Adding or changing networks – "Network Properties" window
You can configure wireless network settings in the Network Properties window. Click Add or Properties from the Networks window to view the network properties. The Add Network or Network Properties window appears.
28 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Here you can configure the following parameters.
Network properties in the Network section
Authentication fields in the Authentication section
Pre-configured keys (WEP or WPA) in the Pre-configured keys section
A26391-K133-Z131-1-7619, edition 3 29
Using Odyssey Client
Network
You can perform the following tasks in this section of the Network Properties window:
Specifying network name
Searching for a network
Configuring Odyssey to connect to any available network
Specifying a description of the network
Specifying the network type
Specifying association mode
Specifying an appropriate encryption method for your association mode
Specifying network name
Set Network name (SSID) to the name of the wireless network. The network name may be up to 32 characters long. It is case-sensitive. This name must be entered correctly in order to successfully connect.
Searching for a network
You can type in the name of the network directly, or you can click Scan to select from a list of all currently visible networks.
When you are in the vicinity of the network you are configuring, using the Scan button is not only easier than typing, but also guarantees that the network name is set correctly.
Note that only access points that transmit beacons are visible to you when you use the Scan button.
Configuring Odyssey for connection to any desired network
Odyssey Client Manager provides a special network configuration called [any]. The [any] network connects to any available network, regardless of its name. The [any] network is useful when you are wandering through conferences, hotels or other locations that provide network access. When you select the [any] network, from the Connection window, you can connect to such networks without having to configure them individually.
To configure an [any] network, mark Connect to any available network and click on OK.
Although you can use WEP keys and profiles with [any], the more common practice is to use [any] without 802.11 or 802.1X authentication.
Specifying a description of the network
Network descriptions are useful for distinguishing between networks with the same or similar names. You can enter the network description in the Description field.
30 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Specifying the network type
If you did not use the Scan button to select your network, you must specify the type of network by choosing one of the options from the Network type drop-down list.
Select Access point (infrastructure mode) if this network uses access points to provide connectivity to the corporate network or the internet. This is the most common setting.
Select Peer-to-peer (ad-hoc mode) to set up a private network with one or more other PCs.
Specifying association mode
Before authentication can take place, you must associate your client to an access point. The association mode that is required of you depends on your access point hardware, and how it is configured. Your network administrator can help you configure the association mode that is required for your network.
See "Wired-Equivalent Privacy (WEP) with preconfigured keys" and "Wi-Fi Protected Access (WPA) and TKIP encryption" for more information on these encryption and association mode choices.
You can chose one of three association modes:
Open for the connection to a network by an access point or switch with 802.1X authentication. Choose this mode if you are not required to select Shared mode or W PA.
Shared, for connecting to a network through an access point that requires WEP keys for association and data encryption.
WPA, for connecting to a network through an access point that implements WPA (Wi-Fi Protected Access).
Specifying an appropriate encryption method for your association mode
Your choice of encryption method also depends on the access point requirements. Your selection options differ in accordance with the selected association mode. Further information can be found under "Wired-Equivalent Privacy (WEP) with preconfigured keys" and "Wi-Fi Protected Access (WPA) and TKIP encryption".
You have the following options:
none, for using 802.1X authentication without WEP keys. This option is only available when you have selected the open association mode.
WEP, for using WEP keys for data encryption. This option is available for all association modes, and is required when you associate in Shared mode. When you select this option, you must fill in WEP keys in the Pre-configured keys section of the Network Properties window. You must select this option when the access points in your network require WEP keys for the authentication (Shared mode).
TKIP, for using the temporal key integrity protocol. Choose this option when the access points in your network require WPA association, and are configured for TKIP data encryption.
AES when using the extended default encryption protocol. Choose this option when the access points in your network require WPA association, and are configured for AES data encryption.
A26391-K133-Z131-1-7619, edition 3 31
Using Odyssey Client
Authentication fields
In the Authentication section you can configure network authentication with the following characteristics:
Authenticate using profile
Automatic key generation
Authenticate using profile
If the wireless network you are configuring requires that you authenticate using your personal credentials, mark Authenticate using profile, and select the profile to use for authentication from the drop-down list at the right. You must have already configured a profile appropriate for authenticating onto this network.
When you mark Authenticate using profile, Odyssey Client performs an 802.1X authentication using your password, certificate, or by other means, as is configured in the selected profile.
Automatic key generation
Mark Keys will be generated automatically for data privacy if the authentication method specified in the profile results in the creation of dynamic WEP keys for use between your PC and the access point. Certain authentication methods, such as EAP-TTLS, PEAP, and EAP-TLS, generate keys. Other authentication methods do no generate keys. If you use EAP-TTLS, PEAP, or EAP-TLS to authenticate, mark this field. You can use any of these authentication methods for access points with 802.1x authentication. This option is more secure than using static (preconfigured) keys. Leave this option unmarked if you are required to use preconfigured WEP keys, or, in the case of WPA authentication, a pre-shared key.
Preconfigured keys (WEP or WPA)
The wireless network may require that you preconfigure WEP keys, or that you pre-share a passphrase, in the case of WPA authentication. You can enter keys in the lower portion of Network Properties.
Pre-shared keys (WPA)
If you associate in W PA mode, and you do not generate keys automatically when you associate an authentication profile to the network connection, then you must supply a pre-shared ASCII passphrase in Passphrase field. This passphrase is used as a seed to generate the required keys.
32 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Preconfigured keys (WEP)
If you select the Shared mode, you must configure at least one WEP key. You must also configure at least one WEP key when you select WEP encryption for the open mode, and you do not generate keys automatically when you associate an authentication profile to the network connection. W EP keys serve the following purposes:
Associate with an access point before a connection can be established (shared mode).
Encrypt data between your PC and the access point (or other PCs in a peer-to-peer network)
see "Wired-Equivalent Privacy (WEP) with preconfigured keys".
If the wireless network uses 802.1X authentication and dynamic WEP keys are generated (i.e., you mark Authenticate using profile and Keys will be generated automatically for data privacy), then you do not need to enter preconfigured WEP keys for data privacy. However, it is possible, though not typical, to use preconfigured WEP keys for authentication in addition to 802.1X. For example, EAP­MD5 does not generate WEP keys for data encryption, so you must supply one when your profile is set to authenticate with this method.
If you implement either of these uses of preconfigured WEP keys, you must mark the appropriate boxes and set one or more WEP keys appropriately:
Mark authenticate to access points (shared mode) if preconfigured WEP keys are required to authenticate to an access point prior to connection to the wireless network.
Mark Keys will be generated automatically for data privacy to use preconfigured WEP keys for encryption of data over the wireless network. Enter the WEP keys in fields Key 0 through Key 3. The values entered here must match those of the access points or peer computer to which you connect. It is most common for Key 0 to be used, although your network may require other keys as well. You can enter keys either as ordinary text characters (ASCII) or hexadecimal characters.
WEP keys are either 40 or 104 bits long. This corresponds to either 5 or 13 characters when you enter them as ASCII characters, or 10 or 26 characters when you enter them as hexadecimal digits.
To enter any preconfigured WEP keys:
In the Format for entering keys list, select either ASCII characters or hexadecimal digits, depending
on how you want to enter the keys.
Type in the text fields Key 0 through Key 3, each key that you want to preconfigure.
A26391-K133-Z131-1-7619, edition 3 33
Using Odyssey Client

Specifying trusted servers - "Trusted Servers" window

The Trusted Servers window allows you to configure which authentication servers you trust for the purpose of logging you in to the network.
Click in the Odyssey Client Manager on Trusted Servers to open the window.
When you configure trust in a server, you must not only specify the name of the server, but also the certificate chain to which it belongs. Odyssey Client is very flexible and offers a simple, highly developed method for configuring trusted servers.
Further information can be found under "Extensible Authentication Protocol (EAP)".
34 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

Simple method for configuring trusted servers

In the large majority of cases, you can use the simple method of configuring trust. With this method, you must specify two items:
The server domain name, or the ending of the domain name (for example, acme.com)
The certificate of any certificate authority in the chain. This could be the certificate of a root or
an intermediate certificate authority.
Domain Names
Each server has a domain name that uniquely identifies it and that domain name is normally contained in the "Subject CN" field of the server certificate.
A server domain name ends with the name of a larger administrative domain, to which the server belongs. For example, the Acme company might have the a domain name, such as acme.com. The company might also have several authentication servers, with the names auth1.acme.com, auth2.acme.com, and auth3.acme.com, for example.
As is apparent from this example, by specifying what the server domain name must end with, you can configure trust for all the servers in an organisation with a single entry.
Adding a trusted server entry
To add an entry to the trusted servers list, follow these steps:
Click Add. The Add Trusted Servers Entry window appears.
In the Server domain name must end with field, enter the name (or final elements of the name) of
the domain to which the trusted server must belong. You are not allowed to leave this entry blank.
A26391-K133-Z131-1-7619, edition 3 35
Using Odyssey Client
Set the Server certificate must be issued by field to the certificate of the certificate authority that
must have directly or indirectly issued the server certificate. To assign a certificate, follow these steps:
– Click Browse to get a list of certificates.
Select one certificate from the list and click on OK.
You can select a Root or Intermediate Certificate Authority as a certificate. It need not be the certificate that directly issued the server certificate. It may be any certificate in the chain.
Removing a trusted server entry
To remove an entry from the trusted servers list, select the entry and click Remove.
Editing a trusted server entry
To edit an entry in the trusted servers list, select the entry and click Edit. The Edit Trusted Servers Entry window appears, allowing you to modify the server domain and the certificate of the issuer.
36 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

Advanced method for configuring trusted servers

If you need more trust control, you can use the advanced method.
With this method, the entire tree of trust is displayed. The trust tree shows all configured trusted servers.
Each path through the trust tree defines a set of rules for matching a certificate chain. Odyssey Client trusts an authentication server only if its certificate chain matches at least one path through the trust tree.
A path through the trust tree is composed of two or more nodes:
Each top-level node is the certificate of a root or intermediate certificate authority.
Each intermediate node (if present) is the name of an intermediate certificate authority in the
Each end node is the name of a server you trust with the authentication. The names of
If you do not have a working knowledge of certificates and certificate chains, you should not attempt to configure trust using the advanced method. Consult your network
i
administrator as to how to configure trusted servers.
chain.
certificate authorities and servers may be specified as subject names or as domain names. In addition, you may specify that the name in a certificate must match the configured name exactly or that it must end in the configured name.
A26391-K133-Z131-1-7619, edition 3 37
Using Odyssey Client
Displaying the trust tree
To display the trust tree, click Advanced. The Trusted Servers window appears in which you can display and change the trust rules.
Adding certificate nodes
To add a new certificate to the top level of the trust tree:
Click on Add certificate. The Select Certificate windows appears.
Select a certificate and click OK. You may select either from the list of intermediate or trusted
root certificates.
For detailed information about any certificate before you add it, select the certificate and click View.
38 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Adding authentication servers or intermediate CA nodes
All nodes below the top level identify either authentication servers or intermediate certificate authorities. With an end node it is assumed that it designates an authentication server. Otherwise, it is assumed to identify an intermediate certificate authority. To add an authentication server or intermediate certificate authority to the tree:
Select the node in the tree, beneath which you want to add the new item.
Click on Add Identity. The Add Identity window appears.
Enter the information that defines the rules that Odyssey Client uses to match a certificate in
the server certificate chain to this node.
Click on OK.
A26391-K133-Z131-1-7619, edition 3 39
Using Odyssey Client
The Add Identity window lets you set the matching rules for a single node in the trust tree.
To specify a trusted server or an Intermediate CA with a valid certificate, select:
regardless of its name to match any certificate, provided it is signed by the certificate authority in the node above.
if its name matches the following name exactly to require that the name in the certificate exactly match the name you specify.
if its name ends with the following name to require that the name in the certificate is subordinate to the name you specify. For example, a certificate with name "sales.acme.com" would match an entry of "acme.com".
For Name of server or intermediate CA, enter the name (or final elements of a name) you want to match. (This field is not required if you make the selection regardless of the name.). The form of the name depends on your choice of Name type.
For the certificate authority Name type, you must indicate how the name is interpreted and where in the certificate the name is found. Select one of the following options:
Domain name in Subject Alternative Name or Common Name if the domain name (e.g., acme.com) is found in the Subject Alternative Name field in the certificate or, if that is not present, the Common Name within the Subject field of the certificate (this is the most typical choice).
Domain name in Subject Alternative Name if the domain name is found in the Subject Alternative Name field in the certificate. This is similar to the previous selection with entry.
40 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
Subject Name if the name is an X.500 name and is found in the Subject field in the certificate. If you completely or partially enter a subject name, you must do this in the X.500 form. It corresponds to any same or lower-level certificate subject name.
For example, if you enter the following:
OU=acme.com, C=US
it matches any of the following subject names::
O=sales, OU=acme.com, C=USCN=george, O=sales, OU=acme.com, C=US
For the maximum number of intermediate certificates, set the maximum number of certificates that may appear in the chain between this node and the node directly above this node. You many select a number between 0 and 5, or unlimited:
If you choose 0, the certificate that matches this node must have been signed using the
If you choose 1, the certificate that matches this node may have been signed by the certificate
If you choose unlimited, any number of certificates may appear in the chain between the
If you enter text that includes commas, each comma must be enclosed by single quotation marks.
i
certificate that matches the node above this node.
that matches the node above, or by a certificate that in turn has been signed by the certificate that matches the node above.
certificate that matches this node and the one that matches the node above.
Removing nodes
To remove a node, select the node in the tree you want to remove, and click Remove. The selected node, and any node beneath it is removed from the tree.
The following nodes can be removed:
Top level certificate node
Intermediate CA node
Server node
Displaying certificate information
For detailed information about any certificate at the top level of the trust tree, select the certificate and click View Certificate.
A26391-K133-Z131-1-7619, edition 3 41
Using Odyssey Client

Untrusted servers

Under the following conditions, you are given the option to trust a previously untrusted server during network authentication:
You have set temporary trust (Enable Server temporary trust) in the Security Settings menu.
The authenticating profile mandates server validation.
The trusted root certificate authority of the server certificate (in the example shown below, the
certificate "ACMERootCA") is installed on your client machine.
If this is the case, the following dialog appears while you are authenticating to the network.
42 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client
The dialog shows the entire certificate chain between the authentication server and a trusted root certificate authority. To see detailed information about any certificate in the chain, select the certificate and click View.
If you want to temporarily trust this server (i.e., until Odyssey is restarted) in order to authenticate and connect to the network, click Yes. Otherwise, click No. You may be asked to type in your password, depending on the profile you set up for this connection.
If you want to permanently trust this server by adding to the Trusted Servers list, mark Add this trusted server to the database and click Yes. The server is added to the trusted servers list, using the name shown in the Server name must end with field. You may edit the server name. For example, if the server name is "auth2.acme.com", you can change it to acme.com, if you want to trust all authentication servers belonging to the "acme.com" domain.

Configuring network adapters - "Adapters" window

The Adapters window lets you select one or more network adapters (interface cards) for wireless networking. You can select more than one adapter if you hold down Ctrl on your keyboard as you select with your mouse.
The Adapters window lists all the wireless adapters that are configured in Odyssey Client. Most likely you have configured a single adapter. However, you may configure more than one adapter. You can use the Adapters window for the following tasks:
Adding a wireless adapter
Removing an adapter from the list of adapters
Click in the Odyssey Client Manager on Adapters to open the window.
Your adapter must already have been installed on your system before you can configure Odyssey Client to use it.
i
A26391-K133-Z131-1-7619, edition 3 43
Using Odyssey Client
44 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

Adding a wireless adapter

To add a wireless adapter that Odyssey Client has not yet recognised, follow these steps from the Adapters window of Odyssey Client Manager:
Click Add. The Add Adapter window appears, displaying a list of all network adapters that are
installed on your PC (except for the ones Odyssey Client is already configured to use).
Select the Wireless tab.
Select your desired adapter from the list of adapters displayed, and click OK.
Note that only adapters that you have not yet added to the Adapters window are displayed. If you do not see your wireless adapter in the list, select All Adapters.
Make sure that all adapters you select on the Wireless tab are indeed wireless.
!

Removing an adapter from the list of adapters

To remove an adapter from the list of adapters in the Adapters window, select the adapter you want to remove and click Remove.
Odyssey Client stops using the adapter. The adapter is still installed on your system, but operates as if Odyssey Client is not present.
A26391-K133-Z131-1-7619, edition 3 45
Using Odyssey Client

Odyssey Client Manager - "Settings" menu

In the Settings menu of the Odyssey Client Manager window, the following menu items are available:
Preferences
Security settings
Enable/Disable Odyssey
Close

"Preferences" menu item

You can change the way that Odyssey Client operates by selecting the Preferences menu item. The Odyssey Preferences window appears.
Set your preferences, and click OK to make them effective:
If you select Hide tray icon, then the Odyssey icon is not displayed in the task bar (at the bottom right of your screen).
If you select Hide control panel icon, then the Odyssey icon is not displayed on the Windows Control Panel.
If you have the Windows Control Panel open when you select Hide control panel icon and click OK, then your control panel is refreshed. (Press the F5 key to see the effects). In
i
some cases, you may only see the effect after rebooting.
46 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

"Security settings" menu item

To configure advanced security options related to authentication, select Security Settings. The Security Settings window appears.
The security options are initially set to default values that should suit most purposes. You can restore the defaults at any time by clicking Set defaults.
Time fields are expressed in hours, with up to two decimal places. For example, to specify one hour and fifteen minutes, enter 1.25.
Session resumption
You can enable the use of session resumption from the Security Settings window.
To use enable session resumption:
Mark Enable session resumption.
Set Do not resume sessions older than to the maximum number of hours that an initial
authentication can be used to accelerate reauthentication. Once the time limit has elapsed, a completely fresh authentication is performed on your next reauthentication. The number of hours can have up to two decimal places. For example, to specify one hour and fifteen minutes, enter 1.25.
By default, session resumption is enabled, and an initial authentication is resumed for up to 12 hours.
To disable this feature, unmark Enable session resumption.
A26391-K133-Z131-1-7619, edition 3 47
Using Odyssey Client
Automatic reauthentication
You can enable or disable the Automatic reauthentification feature of Odyssey Client as well.
Mark Enable automatic reauthentication in the Security Settings window, in order to cause Odyssey Client to periodically initiate reauthentication with the server.
Set in Reauthenticate every, the time period, in hours, for reauthentication to take place automatically.
Unmark Enable automatic reauthentication in the Security Settings window, in order to disable this feature.
By default, Automatic reauthentification is not enabled. This is because your network administrator may have already configured your access points or authentication server to perform periodic reauthentication. Ask your network administrator for the correct setting for this option.
Server temporary trust
Normally, you configure your authentication server in the Trusted Servers window. However, there may be times when you are visiting a network whose authentication server is not yet configured as trusted in the Trusted Servers window. In this case, you can activate the Temporary Trust option for this untrusted server.
Mark Enable server temporary trust from the Security Settings window, in order to enable temporary trust. Unmark this field to disable this feature. Notice the following about this feature:
If temporary trust is enabled, you are given the option of whether or not to trust an untrusted server temporarily when you attempt to authenticate to an untrusted server. Refer also to "Untrusted servers".
The Untrusted Server window that opens when you attempt to authenticate to a server for which you have not configured trust, permits you to permanently add the server to your trust tree. Thus, you can use temporary trust as an alternative to the Trusted Servers window, and configure trusted servers as they are encountered.
If temporary trust is not enabled, then any authentication attempt that requires the validation of a server certificate fails when the server is not explicitly trusted.
Set Maximum time for temporary trust to the maximum number of hours you want Odyssey Client to continue to trust a server once you accept it.
The default behaviour is that temporary trust is enabled, and that 12 hours is the maximum time that a particular server is trusted once you accept.
These settings are not relevant if you decide to permanently trust the server by marking Add this trusted server to the database in the Untrusted Server window.
i
48 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

"Enable/Disable Odyssey" menu item

Select Enable Odyssey or Disable Odyssey to turn Odyssey Client on or off. Odyssey Client is initially enabled, and normally you should not need to disable it. If you choose Disable Odyssey Client, it disconnects all adapters without changing any Connection window settings. The Odyssey Client programme still runs, but it is totally isolated from wireless network connections.
You should only disable Odyssey Client if you had concerns about your current Odyssey configuration. You might disable Odyssey Client, for example, if you are worried that Odyssey Client is in an insecure state and you just want to make sure you are off the network until you get a chance to inspect your settings.
Odyssey Client can also be enabled and disabled from the pop-up menu that appears when you right-click the Odyssey icon in the task bar.
To stop Odyssey Client from running entirely, select the Exit menu item when you right­click the Odyssey icon in the task bar.
i

"Close" menu item

Select Close to close the Odyssey Client Manager window. Although the user interface is no longer visible, Odyssey Client continues to perform its networking operations normally.
You can restart Odyssey Client Manager at any time, in any of the following ways:
from the task bar: Double-click the Odyssey icon, or right-click it and choose Odyssey for Fujitsu Siemens Computers.
from Control Panel: Double-click the Odyssey for Fujitsu Siemens Computers icon.
from the Windows Start menu: select Start – Programs – Fujitsu Siemens Computers – Odyssey
Client for Fujitsu Siemens Computers – Odyssey Client Manager for Fujitsu Siemens Computers.
To stop Odyssey Client from running entirely, select the Exit menu item when you right­click the Odyssey icon in the task bar.
i

Odyssey Client Manager - "Commands" menu

The following menu items are available from the Commands menu:
Forget Password
Forget Temporary Trust
A26391-K133-Z131-1-7619, edition 3 49
Using Odyssey Client

"Forget Password" menu item

When you first authenticate using a profile set to prompt for password, you are asked to type in your password. Odyssey Client saves this password and uses it for each subsequent authentication with the aid of this profile without you being asked for this entry again. This password normally remains saved until you restart your computer or Odyssey Client.
If Odyssey Client is not to save the entered passwords, select Forget Password. When your password is needed again, you are prompted to enter it.
You might need to use this menu item if you enter your password incorrectly or if your password has been changed on the authentication server.

"Forget Temporary Trust" menu item

If you enable Temporary trust from Settings - Security Settings, then whenever you encounter an untrusted authentication server, a window pops up. This window allows you to use that server as trusted server temporarily. Odyssey Client remembers that trusted server for as long a period of time as is configured in Security Settings.
If the list of temporary trusted servers is to be deleted again immediately, select Forget Temporary Trust.
You might need to use this menu item if you accept a server as temporarily trusted and then decide to break your connection with it. If you want to be sure the connection is broken immediately, you should disable session resumption and then click Reconnect in the Connection window.

Odyssey Client Manager - "Help" menu

The Help menu has the following items:
Help topics
License keys
View Readme File
About

"Help topics" menu

Select Help Topics to bring up the Odyssey Client help system.
You can also get context-sensitive help at any time by pressing F1 . The help system appears opened at the section that best explains your current situation.
50 A26391-K133-Z131-1-7619, edition 3
Using Odyssey Client

"License keys" menu item

Select License Keys from the help menu, to manage your Odyssey Client licence keys.
A licence key is a text sequence that represents your licence to use Odyssey Client.

"Odyssey" context menu

If you right-click on the Odyssey icon in the task bar, the following menu items appear:
Odyssey for Fujitsu Siemens Computers
Enable Odyssey or Disable Odyssey
Help
Exit

"Odyssey for Fujitsu Siemens Computers" menu item

If you select the Odyssey for Fujitsu Siemens Computers menu item the Odyssey Client Manager (the user interface for Odyssey Client) is displayed.

"Enable Odyssey/Disable Odyssey" menu item

Select Enable Odyssey or Disable Odyssey to turn Odyssey Client on or off.
Odyssey Client is initially enabled, and usually you should not need to disable it. If you choose Disable Odyssey Client, it disconnects all adapters without changing any Connection window settings. The Odyssey Client programme still runs, but it is totally isolated from wireless network connections.
You should only disable Odyssey Client if you had concerns about your current Odyssey configuration. You might disable Odyssey Client, for example, if you are worried that Odyssey Client is in an insecure state and you just want to make sure you are off the network until you get a chance to inspect your settings.
Odyssey Client can also be activated and deactivated with the Odyssey Client Manager.
A26391-K133-Z131-1-7619, edition 3 51
Using Odyssey Client

"Help" menu item

One of the menu items that appears when you right-click on the Odyssey icon in the task bar is Help. There are two further options: Help Topics and About.
If you select Help Topics, the Help system appears in a window opened to the table of contents.
If you select About, product version and copyright information are displayed.

"Exit" menu item

If you select Exit, Odyssey Client immediately stops running in the background. You may want to use this option when you are not using wireless networking for an extended period.
You can restart Odyssey Client using the Odyssey Client Manager under Start – Programs – Fujitsu
Siemens Computers – Odyssey Client for Fujitsu Siemens Computers – Odyssey Client Manager for Fujitsu Siemens Computers.
52 A26391-K133-Z131-1-7619, edition 3
Features

Features

Overview

Standard
IEEE802.11g
IEEE802.11b
IEEE802.11 legacy
Baseband MAC
GlobespanVirata / Intersil: Cohiba
Wireless LAN Integrated Medium Access Controller with Baseband Processor
ISL3887IK 192pin BGA
Memory
64 kBit Serial I2C bus EEPROM
On Baseband MAC SRAM
RF Frontend
GlobespanVirata / Intersil: Cohiba
VCO: 5GHz Voltage Controlled Oscillator ISL3084IR
TX/RX Direct Down Conversion Transceiver ISL3686BIR
Low Cost Zero IF architecture
TX: Power Amplifier ISL3980
Transmit Power Control
Frequency Range: 2412 to 2472 MHz (EU)
RF I/O Power
RF Output Power: max: +19 dBm
RF Receive Sensitivity : min -96 dBm
Communication
Interface: USB 2.0
RF Link: omni antenna 2.4 GHz
Channels: 1 to 13 (EU) selectable
Time access: CSMA/CA
Data Rates
802.11g-Prism Nitro: 100 Mbps OFDM
802.11g: 54, 48, 36, 24, 18, 12, 9 and 6 Mbps OFDM
802.11b: 11 and 5,5 Mbps CCK
802.11 legacy: 2 and 1 Mbps
Modulation
RF modulations: OFDM and CCK
Baseband modulations: BPSK, QPSK, 16QAM and 64 QAM
Convolutional Coding and Interleaving
Targeted for Multipath Delayed Spreads of 120 ns at 54 Mbps
A26391-K133-Z131-1-7619, edition 3 53
Features
Regulatory Approvals
Compliance to ETSI (EU)
Compliance to FCCI (US)
Quality: WIFI (tested without label)
Software Driver: WHQL
Power Supply
U = 5V (from USB)
I < 495 mA
Basic security features
WLAN security By WIN Software
Internal 64 or 128 bit WEP engine
Encryption protocol is RSA RC4
Software drivers
Supported Operating Systems: WIN 98/ME/2k/XP and follower
Software Access Point
Soft AP with PC-Tel Segue SAM (when required)
Wake On WLAN
Supported (depends from Software)
Form factor
54 x 88,8 mm

Technical details

RF Output Power
Typical Output Power
Transmitter Specifications Condition Power [dBm]
IEEE802.11g
IEEE802.11b 1 Mbps BPSK
54 A26391-K133-Z131-1-7619, edition 3
6 Mbps OFDM 19
9 Mbps OFDM 19
12 Mbps OFDM 18.2
18 Mbps OFDM 18.3
24 Mbps OFDM 17
36 Mbps OFDM 17
48 Mbps OFDM 13.9
54 Mbps OFDM 13.9
18.7
2 Mbps QPSK
5.5 Mbps CCK
11 Mbps CCK
Features
RF Input Sensitivity
Typical Input Sensitivity
Transmitter Specifications Condition Power [dBm]
IEEE802.11g
@ 10 % PERI
IEEE802.11b
@ 8% PER
Communication Range
Typical communication range:
Please note that this is valid for typical environment!
Data Rate [Mbps] Indoor Range [m] Outdoor Range [m]
54 9,5 116
48 12 180
36 19 270
24 25 370
18 30 480
12 36 570
9 44 650
6 55 700
6 Mbps OFDM -91.1
9 Mbps OFDM -89.2
12 Mbps OFDM -87.7
18 Mbps OFDM -85
24 Mbps OFDM -81.1
36 Mbps OFDM -77.3
48 Mbps OFDM -72.1
54 Mbps OFDM -70.2
1 Mbps BPSK -96.0
2 Mbps QPSK -92.5
5.5 Mbps CCK -91.0
11 Mbps CCK -86.7
A26391-K133-Z131-1-7619, edition 3 55
Features
Communication
Channels
Channel Number Channel Frequency Geographic Usage
1 2412 MHz US, EU, J
2 2417 MHz US, EU, J
3 2422 MHz US, EU, J
4 2427 MHz US, EU, J
5 2432 MHz US, EU, J
6 2437 MHz US, EU, J
7 2442 MHz US, EU, J
8 2447 MHz US, EU, J
9 2452 MHz US, EU, J
10 2457 MHz US, EU, FR, J
11 2462 MHz US, EU, FR, J
12 2467 MHz EU, FR, J
13 2472 MHz EU, FR, J
14 2484 MHz J (802.11b only)
Regulatory Aprovals
Compliance:
Country Approval Notes
USA FCC part 15, sec 15.107,
15.109. 15.207, 15.209, 15.247
EU EN60950 incl. A1 - A4
ETSI EN300328 P1 V1.2.2
ETSI EN300328 P2 V1.1.1
ETSI EN301893 V1.2.1
ETSI EN301489-1 V1.4.1
ETSI EN301489-17 V1.1.1
Japan ARIB STD-T71 V1.0, 14
ARIB RCR STD-T33
ARIB STD-T66 V2.0
Yes
Yes
No
56 A26391-K133-Z131-1-7619, edition 3
Declaration of Conformity

Declaration of Conformity

A26391-K133-Z131-1-7619, edition 3 57
Declaration of Conformity
58 A26391-K133-Z131-1-7619, edition 3

Index

802.11 network security 3
802.1X authentication 33
description 4 Open mode 31 without WEP key 31
802.1X standard 5
A
Access point (infrastructure mode) 31 AccessPoint 2 Ad hoc mode 2 Adapters 12 AES data encryption 31 Anonymous name 24
specifying 24
Authentication 4
advanced security options 47 automatic key generation 32 automatic reauthentication 48 Open mode 31 protocol 21
EAP 5 EAP-TLS 21 EAP-TTLS 22 inner 23 PEAP 21
server 21
adding to trust tree 39 Enable Server temporary trust 42 Server temporary trust 48 trusted server 34
verifying identity 21 Shared mode 31 specifying association mode 31 using profile 32 WEP key 4, 31 WPA mode 31
Automatic reauthentication 48
C
CE marking 6 Certificate 19, 35
Authority 35 chain 37 information, viewing 41 node, adding 38
CHAP 23 Close 49 Configuration, Odyssey Client 11 Configure and Enable Wizard 9 Connect to any available network 30
Connection 12
viewing connection status 15
Council Directive 1999/5/EC 6
E
EAP 5 EAP/PEAP 24 EAP-TLS 32 EAP-TTLS 22, 32
specifying anonymous name 24 Enable Odyssey/Disable Odyssey 51 Enable Server temporary trust 42 Enable session resumption 47 Enable/Disable Odyssey 49 Extensible Authentication Protocol 5
F
Forget Password 50 Forget Temporary Trust 50
I
IEEE 802.11a standard, frequencies 7 IEEE 802.11b standard, frequencies 8 Infrastructure mode 2 Inner Authentication Protocol 23 Installation, Odyssey Client 9 Intermediate certificates
adding to trust tree 39
maximum number 41
L
Licence keys 51 Login name 19
M
Menu
Commands 49
Help 50
Settings 46 MS-CHAP-V2. 23
N
Network adapter
activating 45
configuring 43
deactivating 45 Network connection
controlling 12
disconnecting 15
establishing 13
A26391-K133-Z131-1-7619, edition 3 59
Index
Network connection (continued)
establishing (to any desired
network) 30 reauthenticating 15 viewing status 15
Network description 30 Network name 28 Network name (SSID) 30 Network scanning 30 Network security
authentication 3 WEP key 3
Network title 28 Network type
ad hoc 2 Infrastructure 2 specifying 31
Networks 12, 27 Notational conventions 1
O
Odyssey Client
closing 49, 52 configuring 11 installing 9 Manager 11 Manager, viewing 51
Odyssey Client licence key 51 Odyssey context menu 51 Odyssey icon
displaying in the task bar 46 hiding in the task bar 46
Odyssey session resumption 47 Open, mode 31
P
PAP/Token 23 Password
entering 19 not saving 50
PEAP 32 PEAP Settings 25 Peer-to-peer (ad hoc mode) 31 Peer-to-peer mode 2 Poor wireless connection 15 Pre-shared key
description 4 entering 33
Profiles 12, 16
defining 16
R
Radio frequencies 7
S
Safety 6 Server domain 35 Server temporary trust 48 Shared, mode 31
T
TKIP encryption 4, 31 Trust tree 37
adding certificate nodes 38 removing certificate nodes 41
viewing 38 Trusted Root Certificate Authority 43 Trusted servers 12, 34
adding 35
advanced trust check 37
editing 36
removing 36
simple trust check 35
trust tree 37
U
Untrusted server 42 User
credential 5
name 19
W
WEP key 4
enter 33 Wi-Fi Protected Access (WPA) 4 Window
Adapters 12, 43
Connection 12, 15
Networks 12, 27
Profiles 12, 16
Trusted Servers 12, 34 Wired-Equivalent Privacy (WEP) 4 Wireless adapter, configuring 45 Wireless network
configuring 27, 28
establishing network connection 13
IEEE 802.11 standard 1
name 3
Reconnect 15
scanning for 13
Service Set Identifier (SSID) 3 WPA authentication 31
AES 31
passphrase 32
pre-shared key 32 WPA description 4
60 A26391-K133-Z131-1-7619, edition 3
Loading...