Table of Contents
Advertisement
Setting the 802.1X authentication
function – Example of Windows
Server 2003
This section explains how to configure the
authentication server and CA using Microsoft Windows
Server 2003.
Note
As this section describes authentication based on the
user interface in English on Windows Server 2003, the
UI terminology and page configuration may be different
depending on the version of the Operating System or
Service Pack and patch update status.
Before setting
Perform the following settings before configuring an
802.1X network.
Active Directory (domain controller)
The following setting example is based on the
assumption that the Active Directory has been
configured.
Windows IAS configuration
To add the IAS (Internet Authentication Service),
perform the following steps:
1
Configure Remote access/VPN server in Manage
Your Server of Windows Server 2003.
2
Open Add or Remove Programs from Control
Panel of Windows menu.
3
Install Internet Authentication Service in Add/
Remove Windows Components.
CA configuration
To configure the CA, perform the following steps:
1
Open Add or Remove Programs from Control
Panel of Windows menu.
2
Select Add/Remove Windows Components.
3
Add Certificate Services in the Component menu.
4
Select Enterprise root CA on CA Type, and
proceed to next.
5
Type the name of CA on Common Name for this
CA, and configure the CA.
Creating a security group for Active
Directory
1
Open Active Directory Users and Computers
from Administrative Tools of Windows menu.
2
Select Users of the domain with which you want to
perform 802.1X connection.
3
Select New from the context menu, then select
Group and configure the group for 802.1X
connection.
For example, the group "Wired_802.1X_Group" is
assumed for explanation purposes.
Configuring the Internet Authentication
Service
1
Open Internet Authentication Service from
Administrative Tools of Windows menu.
2
Click Register Server in Active Directory on the
operation menu.
3
Read the displayed precautions carefully and click
OK to accept them.
Then, continue to configure the EAP-TLS policy.
4
Select Remote Access Policy and right-click.
5
Select New from the context menu, and select
Remote Access Policy to open the "New Remote
Access Policy Wizard."
6
Select Set up a custom policy.
7
Set the following items:
Policy name: Type "Allow 802.1X Access" as an
example.
Policy conditions: Click Add and add the
following items:
– NAS Port-Type: Ethernet, Wireless-
IEEE802.11, Wireless-Other and Virtual
(VPN)
– Windows-Groups: Wired_802.1X_Group
Permissions: Select Grant remote access
permission.
Edit Profile:
– Dial-in Constraints tab: Specify the session
time out period during which the client is
allowed to be connected, as required.
– Authentication tab: Delete checks from all the
boxes. Click EAP Method and add Smart
Card or other certificates.
Then, continue to configure the RADIUS client.
Using the 802.1X Authentication Function — 802.1X Menu
53
Advertisement
Table of Contents
