|
Step
|
Reference
|
|---|
Review RADIUS and IAS concepts. | IAS Overview; Understanding IAS |
Review IAS implementation best practices. | IAS Best Practices |
Review IAS security issues. | Security information for IAS |
If you are using certificates to authenticate wireless clients, install a computer certificate on the IAS server computers. | Computer certificates for certificate-based authentication |
Install IAS on the servers to be used as primary and backup IAS servers. | Install IAS |
Configure the properties of the primary IAS server, including the ports used and event log settings. | Configure IAS Properties |
Configure logging methods for user authentication and accounting requests. | Configure Logging for User Authentication and Accounting |
Add the wireless access points as RADIUS clients on the primary IAS server. | Add RADIUS clients |
Use the New Remote Access Policy Wizard to create a common policy for wireless access. | Add a remote access policy |
If you are using secure password authentication through Protected Extensible Authentication Protocol (PEAP), also called PEAP-EAP-MS-CHAP v2, configure authentication methods for the remote access policy. | Configure PEAP and EAP methods; PEAP |
If you want client and server certificate authentication using Protected Extensible Authentication Protocol (PEAP), also called PEAP-EAP-TLS, configure authentication methods for the remote access policy. | Configure PEAP and EAP methods; PEAP |
If you want client and server certificate authentication using PEAP-EAP-TLS, install a certificate on the wireless client from floppy disk, or deploy smart cards. | Checklist: Installing a user certificate from floppy disk on a wireless client; Checklist: Deploying smart cards for logging on to Windows; PEAP; Network access authentication and certificates |
If you are using certificate authentication with EAP-TLS and initially installing a user certificate on your wireless clients over a wireless connection, enable guest authentication. | Guest authentication |
If you are using certificate authentication with EAP-TLS and initially installing a user certificate on your wireless clients over a wireless connection, create a group named Guests and add the Guest account as a member. | Create a new group; Add a member to a group |
If you are using certificate authentication with EAP-TLS and initially installing a user certificate on your wireless clients over a wireless connection, use the New Remote Access Policy Wizard to create a custom policy for new wireless clients (clients that do not have user certificates). Set the NAS-Port-Type condition to Wireless-IEEE 802.11 and Wireless-Other, and the Windows-Groups condition to Guests. On the Dial-in Constraints tab of the profile, restrict the maximum session time to 10 minutes. On the Advanced tab of the profile, add the Tunnel-Type attribute with the value of Virtual LANs (VLAN), and then add the Tunnel-Pvt-Group-ID attribute with the VLAN ID value that corresponds to guest wireless clients. | Add a remote access policy |
Copy the IAS configuration from the primary IAS server to the backup IAS server. | Copy the IAS configuration to another server |
Register the primary and backup IAS servers in the appropriate Active Directory domains. | Enable the IAS server to read user accounts in Active Directory |
Verify the configuration of the wireless access points. Ensure that the RADIUS servers used for authentication and accounting for the wireless access point are the IAS server computers. | Manufacturer's documentation |
Optional. Install a user certificate on wireless clients over a wireless connection. | Checklist: Installing a user certificate on a wireless client over a wireless connection |
Optional. Install user certificates on wireless clients over an unauthenticated Ethernet connection. | Checklist: Installing a user certificate on a wireless client over an unauthenticated Ethernet connection |
Optional. Install user certificates from floppy disk on wireless clients. | Checklist: Installing a user certificate from floppy disk on a wireless client |