Setting the 802.1X authentication
function – Example of Windows
This section explains how to configure the
authentication server and CA using Microsoft Windows
As this section describes authentication based on the
user interface in English on Windows Server 2003, the
UI terminology and page configuration may be different
depending on the version of the Operating System or
Service Pack and patch update status.
Perform the following settings before configuring an
Active Directory (domain controller)
The following setting example is based on the
assumption that the Active Directory has been
Windows IAS configuration
Configure Remote access/VPN server in Manage Your
Server of Windows Server 2003. Open Add or Remove
Programs from Control Panel of Windows menu.
Install Internet Authentication Service in Add/
Remove Windows Components.
To configure the CA, perform the following steps:
Open Add or Remove Programs from Control
Panel of the Windows menu.
Select Add/Remove Windows Components.
Add Certificate Services in the Component menu.
Select Enterprise root CA on CA Type.
Type the CA name on Common Name for this CA,
and configure the CA.
Creating a security group for Active
Open Active Directory Users and Computers
from Administrative Tools of the Windows menu.
Select Users of the domain with which you want to
perform 802.1X connection.
Using the 802.1X Authentication Function — 802.1X Menu
Select New from the context menu, then select
Group and configure the group for 802.1X
For example, the group "Wired_802.1X_Group" is
assumed for explanation purposes.
Configuring the Internet Authentication
Open Internet Authentication Service from
Administrative Tools of the Windows menu.
Click Register Server in Active Directory on the
Read the displayed precautions carefully and click
OK to accept them.
Then, continue to configure the EAP-TLS policy.
Select Remote Access Policy and right-click.
Select New from the context menu, and select
Remote Access Policy to open "New Remote
Access Policy Wizard."
Select Set up a custom policy.
Set the following items:
Policy name: Type "Allow 802.1X Access" as an
Policy conditions: Click Add and add the
– NAS Port-Type: Ethernet, Other and Virtual
– Windows-Groups: Wired_802.1X_Group
Permissions: Select Grant remote access
– Dial-in Constraints tab: Specify the session
time out period during which the client is
allowed to be connected, as required.
– Authentication tab: Delete checks from all the
boxes. Click EAP Method and add Smart
Card or other certificates.
Then, continue to configure the RADIUS client.
Select RADIUS Clients and right-click.
Select New RADIUS Client from the context