802.1X Authenticated Wireless Access
Windows Server provides features that you can use to deploy IEEE 802.1X authenticated wireless service for wireless network clients. In combination with the 802.1X-capable wireless access points APs and other Windows Server services that you deploy on your network, you can use these Windows Server features to control who can access your network.
You can also use features in Windows Server to define the wireless network adapter connectivity and security settings that your wireless clients use for connection attempts. For example, Network Policy Server NPS allows you to create and enforce network access policies for authentication, authorization, and client health. The Wireless Network (IEEE 802.11) Policies in Windows Server Group Policy GPO enable you to configure your network client computers with the security and connectivity settings that they must use to connect to your network.
This checklist provides the tasks required to deploy 802.1X wireless access points with Network Policy Server (NPS).
Task | Reference |
---|---|
Install and configure 802.1X wireless access points on your network. | RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation |
Determine the authentication method you want to use. | RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; EAP Overview; PEAP Overview; and your hardware documentation |
Autoenroll a server certificate to servers running NPS or purchase a server certificate. | Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at http://go.microsoft.com/fwlink/?LinkId=33675 |
If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS) without smart cards, autoenroll client or computer certificates to domain member client computers. | Deploy Client Computer Certificates and Deploy User Certificates |
Configure 802.1X wireless access clients by using the Group Policy Management extension, Wireless Network (IEEE 802.11) Policies. | Configure 802.1X Wireless Access Clients by using Group Policy Management |
Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in NPS. | Add a New RADIUS Client and RADIUS Client |
Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points. | Create a Group for a Network Policy |
In NPS, configure one or more network policies for 802.1X wireless access. | Add a Network Policy; Create policies for 802.1X Wired or Wireless with a Wizard; and Network Policies |