See the Profile Wizard Overview for a description of when the Profile Wizard is launched.
The options displayed are dependent on the Operating Mode (Device to Device or Infrastructure) selected on the General Settings page.
Name |
Setting |
Network Authentication |
|
Data Encryption |
None |
Enable 802.1x (Authentication Type) |
|
Cisco Options |
Click to view the Cisco Compatible Extensions Options page. Note: Cisco Compatible Extensions are automatically enabled for CKIP, LEAP or EAP-FAST profiles. |
Back |
View the prior page in the Profile Wizard. |
Next |
View the next page in the Profile Wizard. If more security information is required then the next Step of the Security page is displayed. |
OK |
Close the Profile Wizard and save the profile. |
Cancel |
Close the Profile Wizard and cancel any changes made. |
Help? |
Displays the help information for the current page. |
This ad hoc network uses no network authentication with WEP data encryption.
Name |
Description |
Network Authentication |
Open: No authentication used. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network. |
Data Encryption |
None: No data encryption used. WEP: WEP data encryption can be configured using 64-bit or 128-bit. When WEP encryption is enabled on an access point, the WEP key provides a way to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point. |
Encryption Level |
64-bit or 128-bit: 64-bit or 128-bit encryption. |
Key Index |
1,2,3,4: Up to four passwords may be specified by changing the Key Index. |
Wireless Security Password (WEP Key) |
Type the wireless network Password (WEP Key) in the text box. The Password is the same value used by the Wireless Access Point or Router. Contact your wireless network administrator for this password.
Pass phrase (64-bit): Enter 5 alphanumeric characters, 0-9, a-z or A-Z. Hex key (64-bit): Enter 10 alphanumeric hexadecimal characters, 0-9, A-F.
Pass phrase (128-bit): Enter 13 alphanumeric characters, 0-9, a-z or A-Z. Hex key (128-bit): Enter 26 alphanumeric hexadecimal characters, 0-9, A-F. |
There is no network authentication or data encryption used on this network.
Name |
Description |
Network Authentication |
Open: Open: No authentication used. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network. |
Data Encryption |
None: No data encryption used. |
Enable 802.1x |
Unchecked. |
This network uses no network authentication with WEP data encryption.
Name |
Description |
Network Authentication |
Open: No authentication used. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network. |
Data Encryption |
WEP: WEP data encryption can be configured using 64-bit or 128-bit. WEP settings can be used with all Network Authentication protocols. When WEP encryption is enabled on an access point, the WEP key provides a way to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point. |
Encryption Level |
Unchecked. |
Key Index |
1,2,3,4: Up to four passwords may be specified by changing the Key Index. |
Wireless Security Password (WEP Key) |
Type the wireless network Password (WEP Key) in the text box. The Password is the same value used by the Wireless Access Point or Router. Contact your wireless network administrator for this password. Pass phrase and hex key options are:
Pass phrase (64-bit): Enter 5 alphanumeric characters, 0-9, a-z or A-Z. Hex key (64-bit): Enter 10 alphanumeric hexadecimal characters, 0-9, A-F.
Pass phrase (128-bit): Enter 13 alphanumeric characters, 0-9, a-z or A-Z. Hex key (128-bit): Enter 26 alphanumeric hexadecimal characters, 0-9, A-F. |
Name |
Description |
Network Authentication |
Shared: Shared authentication is accomplished with a pre-configured WEP key. Use this mode for 802.11 Authentication. This mode can work with any 802.1x authentication protocol and with the following data encryption options; None, WEP (64-bit, or 128-bit) or CKIP (64-bit, or 128-bit). Refer to Security Overview - Open and Shared Key authentication for more information |
Data Encryption |
None: No data encryption used. WEP: WEP data encryption can be configured using 64-bit or 128-bit. CKIP: Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security protocol for data encryption in 802.11 media. |
Enable 802.1x |
Disabled. |
Encryption Level |
64-bit or 128-bit: When switching between 64-bit and 128-bit encryption, the previous settings are erased and a new key must be entered. |
Key Index |
1,2,3,4: Up to four passwords may be specified by changing the Key Index. |
Wireless Security Password (WEP Key) |
Enter the wireless network Password (WEP Key) in the text box. The Password is the same value used by the Wireless Access Point or Router. Contact your wireless network administrator for this password.
Pass phrase (64-bit): Enter 5 alphanumeric characters, 0-9, a-z or A-Z. Hex key (64-bit): Enter 10 alphanumeric hexadecimal characters, 0-9, A-F.
Pass phrase (128-bit): Enter 13 alphanumeric characters, 0-9, a-z or A-Z. Hex key (128-bit): Enter 26 alphanumeric hexadecimal characters, 0-9, A-F. |
Obtain and install a client certificate, refer to Setting up the Client for TLS authentication or consult your system administrator.
![]() |
NOTE: | (1) Before starting, you must obtain a user name and password on the RADIUS server from your system administrator. (2) For personal/home networks use Wi-Fi Protected Access Personal (WPA/WPA2 Personal) mode. WPA-2 Enterprise requires an authentication server. |
Name |
Description |
Network Authentication |
WPA-Enterprise
Refer to Security Overview - Open and Shared Key authentication for more information |
Data Encryption |
AES-CCMP |
Enable 802.1x |
Checked.. |
Authentication Type | TLS. Refer to TLS Authentication. |
Wi-Fi Protected Access (WPA) is a security enhancement that strongly increases the level of data protection and access control to a wireless network. WPA enforces 802.1x authentication and key-exchange and only works with dynamic encryption keys. To strengthen data encryption, WPA utilizes Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements that include a per-packet key mixing function, a message integrity check (MIC) named Michael an extended initialization vector (IV) with sequencing rules, and a also re-keying mechanism. Using these improvement enhancements, TKIP protects against WEP's known weaknesses.
Name |
Description |
Network Authentication |
WPA-Personal: See Security Overview WPA2-Personal: See Security Overview |
Data Encryption |
WEP: WEP data encryption can be configured using 64-bit or 128-bit. WEP settings can be used with all Network Authentication protocols. When WEP encryption is enabled on an access point, the WEP key provides a way to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point. CKIP: Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security protocol for encryption in 802.11 media. Refer to Security Overview for more information. Note: CKIP is enabled only when the checkbox for Cisco Client eXtentions is selected. TKIP: To improve data encryption, Wi-Fi Protected Access utilizes its Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements including a re-keying method. Refer to Security Overview for more information. Note: TKIP is enabled only when the checkbox for Cisco Client eXtentions is selected. |
Default is unchecked (Disabled). Select this option to enable Cisco-Client Options. Refer to Cisco Compatible Extensions Options for details. From the Cisco Compatible Extensions Options page you can enable Radio Management support and Mixed Cells mode. Check this box to enable CKIP and TKIP data encryption and 802.1x LEAP authentication on the Security Settings page. |
|
Enter your network key (wireless security password) for your wireless network in the Network key field. Make sure that the network key used matches the Windows network key.
Password:
WPA-Personal uses Wi-Fi Protected Access authentication. Pre Shared Key (WPA-PSK) mode does not use an authentication server. WPA-PSK requires configuration of a pre-shared key (PSK). The data encryption key is derived from the PSK. |
MD5 authentication is a one-way authentication method that uses user names and passwords. This method does not support key management, but does require a pre-configured key if data encryption is used.
MD5 Settings
Name |
Description |
Network Authentication |
Open: No authentication used. Refer to Open and Shared Key authentication for more information. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network. |
Data Encryption |
None: No data encryption used. |
Enable 802.1x |
Checked. |
Authentication Type |
MD5: A one-way authentication method that uses user names and passwords. |
Use the Windows logon user name and password |
If this feature is selected the user’s credentials are retrieved from the user’s Windows Logon process.
|
Prompt for the user name and password |
Prompts for a user name and password before you connect the wireless network. The user name and password must be first set in the authentication server by the administrator. |
Use the following user name and password |
The user name and password must be first set in the authentication server by the administrator.
User Name: This user name must match the user name that is set in the authentication server. Password: This password must match the password that is set in the authentication server. The entered password characters display as asterisks. Confirm Password: Re-enter the user password. |
MD5 authentication is a one-way authentication method that uses user names and passwords. This method does not support key management, but does require a pre-configured key if data encryption is used.
MD5 Settings for Shared/None, Open/WEP, Open/CKIP.
Name |
Description |
Network Authentication |
Open: No authentication used. Refer to Open and Shared Key authentication for more information. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network. . |
Data Encryption |
WEP: WEP data encryption can be configured using 64-bit or 128-bit. WEP settings can be used with all Network Authentication protocols. When WEP encryption is enabled on an access point, the WEP key provides a way to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point. CKIP: Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security protocol for encryption in 802.11 media. Refer to Security Overview for more information. |
Enable 802.1x |
Checked. |
Step 1 of 2: WEP Key |
|
Encryption Level |
64-bit: 64-bit or 128-bit encryption. |
Key Index |
1,2,3,4: Up to four passwords may be specified by changing the Key Index. |
Wireless Security Password (WEP Key) |
Enter the wireless network Password (WEP Key) in the text box. The Password is the same value used by the Wireless Access Point or Router. Contact your wireless network administrator for this password. Pass phrase and hex key options are:
Pass phrase (64-bit): Enter 5 alphanumeric characters, 0-9, a-z or A-Z. Hex key (64-bit): Enter 10 alphanumeric hexadecimal characters, 0-9, A-F.
Pass phrase (128-bit): Enter 13 alphanumeric characters, 0-9, a-z or A-Z. Hex key (128-bit): Enter 26 alphanumeric hexadecimal characters, 0-9, A-F. |
Step 2 of 2: MD5 User |
|
Use the Windows logon user name and password: |
If this feature is selected the user’s credentials are retrieved from the user’s Windows Logon process.
|
Prompt for the user name and password: |
Prompts for a user name and password before you connect the wireless network. The user name and password must be first set in the authentication server by the system administrator. |
Use the following user name and password: |
The user name and password must be first set in the authentication server by the IT administrator.
User Name: This user name must match the user name that is set in the authentication server. Password: This password must match the password that is set in the authentication server. The entered password characters display as asterisks. Confirm Password: Re-enter the user password. |
Your Subscriber Identity Module (SIM) card is used to validate your credentials with the network. A SIM card is a special smart card that is used by GSM based digital cellular networks.
EAP-SIM authentication can be used with:
Network Authentication types: Open, Shared, WPA-Enterprise and WPA2-Enterprise
Data Encryption types: None, WEP and CKIP
Name |
Description |
EAP-SIM User |
Specify user name (identity): Select
this option to specify the user name.
|
These settings define the protocol and the credentials used to authenticate a user. TLS authentication is a two-way authentication method that exclusively uses digital certificates to verify the identity of a client and a server.
Name |
Description |
Step 1 of 2: TLS User |
|
Use my smart card or certificate |
Smart card: Click this option if the certificate resides on a smart card. Certificate: Click this option if the certificate resides on this computer |
User Name |
User Name: This user name must match the user name that is set in the authentication server by the administrator prior to client's authentication. The user name is case-sensitive. |
Client Certificate |
Select: TLS requires a Client Certificate from the Personal Certificate store of the Windows logged-in user. This certificate identifies you as the user. This certificate is used for client authentication. Click Select to choose a client certificate |
Step 2 of 2: TLS Server |
|
Certificate Issuer |
Certificate Issuer: The server certificate received during TLS message exchange must have been issued by this certificate authority. Trusted intermediate certificate authorities and root authorities whose certificates exist in the system store are available for selection in the drop-down list box. If Any Trusted CA is selected, any CA in the list is acceptable.
|
Specify Server/Certificate Name |
Check this option if you want to specify your server/certificate name. The server name, or a domain to which the server belongs, based on which of the two options below has been selected.
Note: These parameters should be obtained from the system administrator. |
Server Name |
The server name, or a domain to which the server belongs, depending on which of the two options below has been selected.
Note: These parameters should be obtained from the system administrator. |
These settings define the protocol and the credentials used to authenticate a user. In TTLS, the client uses EAP-TLS to validate the server and create a TLS-encrypted channel between the client and server. The client can use another authentication protocol, typically password-based protocols, such as MD5 Challenge over this encrypted channel to enable server validation. The challenge and response packets are sent over a non-exposed TLS encrypted channel.
Name |
Description |
Step 1 of 2: TTLS User |
|
Authentication Protocol |
This parameter specifies the authentication protocol operating over the TTLS tunnel. The protocols are: PAP, CHAP, MD5, MS-CHAP and MS-CHAP-V2. Using PAP, CHAP, MD5, MS-CHAP, and MS-CHAP-V2 protocols:
|
Use Client Certificate |
Select: A client certificate from the Personal certificate store of the Windows logged-in user, this certificate is used for client authentication. |
Roaming Identity |
When using 802.1x MS RADIUS as an authentication server, the authentication server authenticates the device by using the "Roaming Identity" username from Inte. PROSet/Wireless and ignores the "Authentication Protocol MS-CHAP-V2" User Name. This feature is the 802.1x identity supplied to the authenticator. Microsoft IAS RADIUS accepts only a valid username (dotNet user) for EAP clients. Enter a valid username when using 802.1x MS RADIUS. For all other servers, this is an optional field, therefore, it is recommended that this field not contain a true identity, but instead the desired realm (e.g., anonymous@myrealm). |
Step 2 of 2: TTLS Server |
|
Certificate Issuer |
The server certificate received during the PEAP message exchange must have been issued by this certificate authority. Trusted intermediate certificate authorities and root authorities whose certificates exist in the system store are available for selection in the list box. If Any Trusted CA is selected, any CA in the list is acceptable.
|
Specify Server/Certificate Name |
The server name, or a domain to which the server belongs, depending on which of the two fields below has been checked.
Note: These parameters should be obtained from the system administrator. |
Name |
Description |
Step 1 of 2: PEAP User |
|
Authentication Protocol |
This parameter specifies the authentication protocol operating over the PEAP tunnel. The protocols are: MS-CHAP-V2, GTC, and TLS. Using MS-CHAP-V2 and GTC protocols:
|
Using TLS protocol:
|
|
Step 2 of 2: PEAP Server |
|
Certificate Issuer |
The server certificate received during the PEAP message exchange must have been issued by this certificate authority. Trusted intermediate certificate authorities and root authorities whose certificates exist in the system store are available for selection in the list box. If Any Trusted CA is selected, any CA in the list is acceptable.
|
Specify Server/Certificate Name |
Click this option if you want to specify your server/certificate name.
Note: These parameters should be obtained from the system administrator. |
Name |
Description |
Use the Windows logon user name and password |
Selecting this feature, the user credentials are retrieved from the Windows Logon process. |
Prompt for the user name and password |
Selecting this feature, prompts for user name and password before you connect to the wireless network. The user name and password must be first set in the authentication server by the system administrator. |
Use the following user name and password: |
The user name and password must be first set in the authentication server by the system administrator. User Name: This user name must match the user name that is set in the authentication server. Password: This password must match the password that is set in the authentication server. The entered password characters display as asterisks. Confirm Password: Re-enter the user password. |
Click Allow Fast Roaming (Cisco Centralized Key Management (CCKM)) to enable the client wireless adapter for fast secure roaming.
When a wireless LAN is configured for fast reconnection, a LEAP enabled client device can roam from one access point to another without involving the main server. Using Cisco Centralized Key Management (CCKM), an access point configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client without perceptible delay in voice or other time-sensitive applications. |
EAP-FAST is an improvement on LEAP. Refer to Cisco Features for more information.
Cisco Options: Select this feature to enable Cisco Compatible Extensions for this wireless connection profile. From this dialog you can enable/disable Radio Management and Mixed Cells Mode.
![]() |
NOTE: | Cisco Compatible Extensions are automatically enabled for CKIP, LEAP or EAP-FAST profiles. You may override this behavior by checking or un-checking options. |
Name |
Description |
Enable Cisco Compatible Options: |
Select this feature to enable Cisco Compatible Extensions for this wireless connection profile. |
Radio Management: |
Enable Radio Management Support: Click to choose that your wireless adapter provides radio management to the Cisco infrastructure. If the Cisco Radio Management utility is used on the infrastructure, it configures radio parameters, detect interference and Rogue access points. Default setting is checked. |
Mixed Cells Mode: |
Enable Mixed Cells Mode: Click to allow the wireless LAN adapter to communicate with mixed cells. A mixed cell is a wireless network in which some devices use WEP and some do not. Refer to Mixed Cells Mode for more information. Default setting is unchecked. |