802.1X Authenticated Wireless Access
Updated: February 17, 2010
Applies To: Windows Server 2008, Windows Vista
Windows Server® 2008 provides features that you can use to deploy Institute of Electrical and Electronic Engineers (IEEE) 802.1X authenticated wireless service for IEEE 802.11 wireless network clients. In combination with the 802.1X-capable wireless access points (APs) and other Windows Server 2008 services that you deploy on your network, you can use these Windows Server 2008 features to control who can access your network.
You can also use features in Windows Server 2008 to define the wireless network adapter connectivity and security settings that your wireless clients use for connection attempts. For example, Network Policy Server (NPS) allows you to create and enforce network access policies for authentication, authorization, and client health. The Wireless Network (IEEE 802.11) Policies in Windows Server 2008 Group Policy enable you to configure your network client computers with the security and connectivity settings that they must use to connect to your network.
There are two primary locations for product Help about 802.1X authenticated wireless deployments. Wireless product Help is associated with the following two features.
When you open any tab or dialog box within the properties of the Wireless Network (IEEE 802.11) Policies Group Policy extension, you can press F1 to obtain conceptual information about each setting.
After you install Network Policy Server, product Help is available when you open the Network Policy Server Microsoft Management Console (MMC) and press F1. NPS product Help pertaining to 802.1X authenticated wireless access configuration is dispersed throughout the NPS product Help.
The NPS product Help is also available on the Web at http://go.microsoft.com/fwlink/?LinkID=108010.
The Windows Server® 2008 Foundation Network Guide provides instructions on how to plan for and deploy the core components that are required for a fully functioning network. It also explains how to set up a new Active Directory® Domain Services (AD DS) domain in a new forest.
This companion guide to the Foundation Network Guide provides instructions about how to deploy 802.1X authenticated wireless access by using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).
To successfully deploy the technologies in this guide, you must first deploy the technologies in the following guides.
- Windows Server 2008 Foundation Network Guide
- Foundation Network Companion Guide: Deploying Server Certificates
See “Related Foundation Network Guides” for Web and download details.
Windows Server 2008 Foundation Network Guide.
- Available for download in Word format at the Microsoft Download Center: http://go.microsoft.com/fwlink/?LinkId=105231.
- Available in HTML format in the Windows Server 2008 Technical Library: http://go.microsoft.com/fwlink/?LinkId=106252.
Foundation Network Companion Guide: Deploying Server Certificates.
- Available for download in Word format at the Microsoft Download Center: http://go.microsoft.com/fwlink/?LinkId=108259.
- Available in HTML format in the Windows Server 2008 Technical Library: http://go.microsoft.com/fwlink/?LinkId=108258.
Foundation Network Companion Guide: Deploying Computer and User Certificates.
The 802.1X Authenticated Wireless Access Design Guide can help you plan and design a new end-to-end 802.1X authenticated wireless infrastructure deployment, using features in Windows Server 2008 and 802.1X-capable wireless access points that you deploy on your network. This design guide:
Describes the recommended deployment scenarios and designs for the 802.1X authenticated wireless deployments that use NPS and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected EAP-Transport Layer Security (PEAP-TLS), or Protected EAP-Microsoft Challenge Handshake Protocol version 2 (PEAP-MS-CHAP v2).
Provides information to help you determine which supported design is appropriate for your wireless deployment needs, by comparing the benefits and disadvantages of each.
Provides design recommendations and guidelines based on factors such as: Security, availability, reliability, scalability, manageability, interoperability, performance, cost-effectiveness, and other requirements.
The 802.11 Wireless Deployment Guide provides information about how to deploy IEEE 802.1X authenticated wireless network access. The guide contains information about how to configure network policies in NPS to authenticate and authorize wireless clients to connect to your network. NPS is the Windows Server 2008 implementation of Remote Authentication Dial-in User Service (RADIUS). In the addition, this guide provides deployment information about how to configure:
- Wireless security groups in the Active Directory Users and Computers MMC snap-in.
- Wireless client security and connectivity setting on wireless network adapters by using
the wireless Group Policy extension, Wireless Network (IEEE 802.11) Policies.
- Authentication methods such as EAP and PEAP for use with 802.1X wireless deployments.
The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows Vista® and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.
The Netsh Commands for Wireless Local Area Network (WLAN) reference is available in HTML format at http://go.microsoft.com/fwlink/?LinkID=81752