Scalability; Using Computer-Only Authentication - Extreme Networks Summit WM Technical Reference Manual

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

Windows Recommendations and Best Practices

account database (such as different Active Directory forests). RADIUS messages are forwarded to a

member of the corresponding remote RADIUS server group matching the connection request policy.

Investigate whether the wireless APs need RADIUS vendor-specific attributes (VSAs) and configure

●

them during the configuration of the remote access policy on the Advanced tab of the remote access

policy profile.

Scalability

When designing for scalability, use the following best practice:

For a large amount of authentication traffic within an Active Directory forest, use a layer of RADIUS

●

proxies running Windows Server 2003 IAS between the wireless APs and the RADIUS servers.

By default, an IAS RADIUS proxy balances the load of RADIUS traffic across all the members of a

●

remote RADIUS server group on a per authentication basis and uses failover and failback

mechanisms. Members of a remote RADIUS server group can also be individually configured with

priority and weight settings so that the IAS proxy favors specific RADIUS servers.

Using Computer-only Authentication

Some network administrators want to use only computer authentication. By using only computer

authentication, a wireless client computer must perform computer-level 802.1X authentication with a

wireless AP using either a computer certificate (when using EAP-TLS authentication) or the computer's

account name and password (when using PEAP-MS-CHAP v2 authentication) before it can access the

organization network. With computer-only authentication, only valid computers can connect to the

wireless network. Computers that do not have a computer account in the organization's domain cannot

connect. This prevents users from bringing computers from home and connecting to the organization's

wireless LAN. Home computers represent a threat to the organization network because they are not

managed in the same way as member computers and can introduce viruses or other malicious programs

into the organization network.

For more information about computer authentication and user authentication, see "Windows XP

Wireless Deployment Technology and Component Overview" at

prodtechnol/winxppro/maintain/wificomp.mspx

You can configure computer-only authentication using the Wireless Network (IEEE 802.11) Policies

Group Policy extension or through the registry.

Summit WM Technical Reference Guide, Software Version 5.1

http://www.microsoft.com/technet/

Table of Contents

Scalability; Using Computer-Only Authentication - Extreme Networks Summit WM Technical Reference Manual

Scalability

Using Computer-only Authentication

Related Manuals for Extreme Networks Summit WM

Related Content for Extreme Networks Summit WM

Table of Contents