Configuring EAP for Wireless Network Connectivity By Victor Zapata

Similar documents
Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Integration Guide. Eduroam

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Configuring the Client Adapter through Windows CE.NET

802.1x Radius Setup Guide Working AirLive AP with Win X Radius Server

Wired Dot1x Version 1.05 Configuration Guide

Windows Smart Card Logon Use Case

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

MCSA Guide to Networking with Windows Server 2016, Exam

Configuring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP

Configuring the Client Adapter through the Windows XP Operating System

Configuring the Client Adapter through the Windows XP Operating System

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Cisco Systems, Inc. Aironet Access Point

Wireless PC Network Settings

Install and Issuing your first Full Feature Operator Card

Copyright

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Zebra Mobile Printer, Microsoft IAS, Cisco Controller TLS and WPA-TLS, Zebra Setup Utility

Protected EAP (PEAP) Application Note

Configuring the Cisco VPN 3000 Concentrator with MS RADIUS

Configuring 802.1X Authentication Client for Windows 8

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

BitLocker: How to enable Network Unlock

Reference Card: How to connect Windows 7 to UniWireless

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

20411D D Enayat Meer

Secure Access Configuration Guide For Wireless Clients

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

Cisco Systems, Inc. Wireless LAN Controller

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

SCCM Plug-in User Guide. Version 3.0

Zebra Setup Utility, Zebra Mobile Printer, IAS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Securing Wireless LANs with Certificate Services


WHITE PAPER: 802.1X PORT AUTHENTICATION WITH MICROSOFT S ACTIVE DIRECTORY

Configuring a VAP on the WAP351, WAP131, and WAP371

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Implementing Security in Windows 2003 Network (70-299)

Cisco 802.1x Wireless using PEAP Quick Reference Guide

Certificate Management

Internet access system through the Wireless Network of the University of Bologna (last update )

Installation and Configuration Guide

Zebra Setup Utility, Zebra Mobile Printer, Microsoft IAS, Cisco Access Point, PEAP and WPA-PEAP

UMDNJ Wireless Documentation Windows 7

V7610 TELSTRA BUSINESS GATEWAY

V1.0 Nonkoliseko Ntshebe October 2015 V1.1 Nonkoliseko Ntshebe March 2018

Figure 5-25: Setup Wizard s Safe Surfing Screen

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Release Notes for the Nortel Networks Wireless LAN Mobile Adapter 2201 Release

ms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/efsguide.htm

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Authentication and Security: IEEE 802.1x and protocols EAP based

PMS 138 C Moto Black spine width spine width 100% 100%

whitepaper How to Use 802.1X on HP Jetdirect Print Servers May 2008 Table of Contents:

VMware AirWatch Certificate Authentication for EAS with ADCS

Configuring a Wireless LAN Connection

Securing Your Wireless LAN

Installation and Configuration Guide

Workshop on Windows Server 2012

Microsoft NPS Configuration Guide

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Module 9. Configuring IPsec. Contents:

WDT3250 RF Setup Guide

Configuring the WMIC for the First Time

Manually Configuring Windows 7 for Wireless PittNet

SecureW2 Client for Windows Administrator Guide. Version 2.2

etoken Integration Guide etoken and ISA Server 2006

802.1x Port Based Authentication

Security Setup CHAPTER

Learn How to Configure EnGenius Wi-Fi Products for Popular Applications

CounterACT 802.1X Plugin

Owner of the content within this article is Written by Marc Grote

IMPORTANT INFORMATION FOR CURTIN WIRELESS ACCESS - STUDENT / WINDOWS XP -

Install Windows 2000 Drivers and Utilities for the Cisco Aironet 340/350 Series Client Adapters

Figure 35: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.

U S E R M A N U A L b/g PC CARD

Certification Authority

Release Notes for Cisco Aironet a/b/g Client Adapters (CB21AG and PI21AG) for Windows Vista 1.1

Connecting to the NJITSecure wireless network.

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

CounterACT Wireless Plugin

Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer

Introduction: Broadcom BCM943142HM Wireless Communication Device User's Guide

iconnect625w Copyright Disclaimer Enabling Basic Wireless Security

Manually Configuring Windows 8 for Wireless PittNet

Package Content IEEE g Wireless LAN USB Adapter... x 1 Product CD-ROM.x 1

Notebook Adapter. Quick Installation Guide WPC300N (EU/LA) Package Contents

ForeScout CounterACT. Configuration Guide. Version 1.8

WAP9112/9114 Quick Start Guide

LAB: Configuring LEAP. Learning Objectives

Configuring Remote Access using the RDS Gateway

Internet access system through the Wireless Network of the University of Bologna

User s Manual Doc. No.:

Transcription:

Configuring EAP for Wireless Network Connectivity By Victor Zapata Requirements: 1. Windows 2000 Domain Controller Service Pack 2 with hotfixes Q306260 and Q304347 OR Service Pack 3 2. Enterprise Certificate Authority 3. Windows 2000 IAS Server (RADIUS) Service Pack 2 with hotfix Q304697 OR Service Pack 3 4. Windows XP/2000 client with computer and user certificates 304347 Server Does Not Make EAP-OE Connection to LAN If a User Is Not Logged On http://support.microsoft.com/?id=304347 306260 Cannot Modify Dial-In Permissions for Computers That Use Wireless http://support.microsoft.com/?id=306260 304697 Some Wireless Values for the RADIUS Attributes Are Not Available http://support.microsoft.com/?id=304697 Outline: I. Installing Enterprise Certificate Server II. III. IV. Installing Computer Certificate on IAS Server Installing Certificates on Client a. Install computer certificate b. Install user certificate c. Configure Automatic Certificate Enrollment via Group Policy Configuring IAS Server a. Register service in Active Directory b. Add RADIUS client c. Create RAS Policy for 802.1x authentication using EAP d. Configure dial-in permissions for domain account V. Configuring the Client for 802.1x authentication VI. Configuring Access Point for 802.1x authentication (Cisco 340/350)

I. Installing Enterprise Certificate Server 1. Install Certificate Services from the Add Remove Programs control panel 2. Select Enterprise root CA then click Next 3. Enter pertinent information to identify the CA, then click Next

4. A CertLog directory is created in %Systemroot%\System32 for certificate database storage, click Next then Finish

II. Installing Computer Certificate on IAS Server 1. Open a Certificates MMC by click on START, then RUN, then type MMC and click OK 2. Click Console in the file menu, then select Add\Remove Snapin 3. Click Add to add a snap-in 4. Select Certificates from the list of snap-ins 5. Select Computer account

6. Select Local computer 7. To request a certificate from the CA, right-click the Personal container, select All Tasks, then Request New Certificate

8. click Next on the Welcome screen 9. select the Computer certificate template

10. create a friendly name to assist in identifying the intended purpose for the computer certificate, then click Next 11. click Finish

III. Installing Certificates on Client A. Install Computer Certificate 1. Open a Certificates MMC by click on START, then RUN, then type MMC and click OK 2. Click File in the file menu, then select Add\Remove Snap-in 3. Click Add to add a snap-in 4. Select Certificates from the list of snap-ins 5. Select Computer account then click Next 6. Select Local Computer then click Finish 7. To request a certificate from the CA, right-click the Personal container, in the Local Computer certificate snap-in, select All Tasks, then Request New Certificate 8. click Next on the welcome screen

9. select the Computer certificate template 10. create a friendly name to assist in identifying the intended purpose for the computer certificate, then click Next

11. click Finish 12. you should now see a computer certificate in the list

B. Install Computer Certificate 1. Open a Certificates MMC by click on START, then RUN, then type MMC and click OK 2. Click File in the file menu, then select Add\Remove Snap-in 3. Click Add to add a snap-in 4. Select Certificates from the list of snap-ins 5. Select My user account then click Finish 6. To request a certificate from the CA, right-click the Personal container, in the Current User certificate snap-in, select All Tasks, then Request New Certificate

7. click Next on the Welcome screen 8. Select User as the requested certificate type 9. enter a friendly name to assist in identifying the intended purpose for the computer certificate, then click Next

10. you should now see a user certificate in the list C. Configure Automatic Certificate Enrollment via Group Policy 1. Click the domain object and then right-click Properties 2. Click the Group Policy tab, and then click Edit 3. Expand the Computer Configuration object, and locate the following object: Windows Settings\Security Settings\Public Key Policies\Automatic Certificate Request 4. Right-click the object, click New, and then click Automatic Certificate Request

5. Click the Computer object, and the click Next 6. Click the appropriate Certificate Authority (CA), click Next, and then Finish 7. Verify that the certificate enrollment object has appeared

IV. Configuring IAS Server A. Register Service In Active Directory 1. click Action in the file menu and select Register Service in Active Directory a. This can also be accomplished using the following NETSH command: netsh ras add registeredserver 2. click OK to authorize IAS to access user s dial-in permissions B. Add RADIUS client ( client = access point ) 1. right-click the Clients container and select New Client

2. enter friendly name for Access Point (AP) and specify RADIUS as the protocol to use, then click Next 3. enter the AP s IP address and create a shared secret, then click Next

* enabling the Client must always send the signature attribute in the request option is not necessary as this is already performed when using EAP 4. you should now see the AP in the client list C. Create RAS Policy for 802.1x authentication using EAP

1. right-click Remote Access Polices and select New Remote Access Policy 2. enter friendly name for the RAS Policy, then click Next 3. click Add to specify criteria for RAS connection

4. Select NAS-Port-Type, the click Add 6. select Wireless IEEE 802.11 in the list then click the Add button, the click OK

7. you should now see the NAS-Port-Type specified in the conditions list 8. select Grant remote access permission

9. click the Edit Profile button 10. click on the Authentication tab clear all authentication methods except for Extensible Authentication Protocol 11. select Smart Card or other Certificate as the EAP type 12. click the Configure button and select the appropriate machine certificate

13. ensure that the Control access through Remote Access Policy option is enabled in the Dial-in permissions for the user account. * The Windows 2000 domain must be in native mode in order to enable Control access through Remote Access Policy

14. To configure machine authentication, ensure that the Control access through Remote Access Policy option is enabled in the Dial-in permissions for the machine account.

* Windows 2000 Service Pack 2 must install hotfix Q306260 in order to modify Dial-in permissions for the computer account Run the following at a command prompt after installing the hotfix: ldifde -i -f %systemroot%\system32\mac8021x.ldf -c DC=DN DC=domain,DC=com where each "DC=" after the "DC=DN" is followed by each level of your fully qualified domain namespace (in this example the active directory domain would be domain.com). * Windows 2000 Service Pack 3 Run the same command No hotfix required

V. Configuring The Client for 802.1x Authentication 1. Open the properties of the wireless network adapter and click on the Wireless Networks tab 2. verify that Use Windows to configure my wireless network settings is enabled 3. verify that the target WLAN SSID is listed in the Available networks list 4. select the target WLAN from the list and click the Configure button 5. verify that WEP data encryption is enabled 6. verify that The key is provided to me automatically is enabled 7. click the Authentication tab

8. verify that Enable IEEE 802.1x authentication for this network is enabled 9. click the Properties button 10. verify that Use a certificate on this computer is enabled and that Use simple certificate selection is checked 11. click OK

VI. Configuring The Access Point for 802.1x Authentication a. Specify a Service Set ID (SSID) for the Access Point 1. On the AP Setup page, click on the Identification or Hardware link for the AP Radio 2. Enter SSID name a. enable/disable broadcasting of the SSID

B. Configure AP for RADIUS authentication 1. click on the Security link from the AP Setup page

2. enter the name or IP address of the Windows 2000 IAS server. 3. select RADIUS as the Server Type 4. enter shared secret previously specified on the Windows 2000 IAS server

C. Configure AP Data Encryption using Wired Equivalent Privacy (WEP) 1. select Full Encryption for Data Encryption 2. enable the Open and Network-EAP options for Accept Authentication Type 3. enable the Open option for Require EAP 4. create WEP key/s a. NOTE: to utilize WEP key rotation, you must create multiple WEP keys

v.1.1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback