Designing Unauthenticated Access

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Unauthenticated EAP-TLS access can be useful in both corporate and public space environments.

In a corporate environment, this feature can be used to grant guest access to visitors such as consultants. The unauthenticated users are redirected to a specific virtual LAN (VLAN), which provides only limited network access, such as access to the Internet.

In a public space environment, a wireless Internet service provider (ISP) can use this feature to give potential subscribers access to a restricted VLAN with local information. When the person subscribes for Internet access, the ISP provides connectivity to the Internet.

EAP-TLS unauthenticated access provides a means to grant guest access for a wireless client that does not have a certificate installed. EAP-TLS supports one-way authorization or unauthenticated access when a client does not send credentials. If a network access client does not provide credentials, IAS determines whether unauthenticated access is enabled in the remote access policy that matched the connection attempt.

Windows Server 2003 and IAS support unauthenticated wireless connections. For more information about unauthenticated wireless access, see "Wireless access" in Help and Support Center for Windows Server 2003.