802.1X Authenticated Wired Access
Updated: February 12, 2010
Applies To: Windows Server 2008, Windows Vista
Windows Server® 2008 provides features that you can use to deploy Institute of Electrical and Electronic Engineers (IEEE) 802.1X authenticated wired service for IEEE 802.3 Ethernet network clients. In combination with the 802.1X-capable Ethernet switches and other Windows Server 2008 services that you deploy on your network, you can use these Windows Server 2008 features to control who can access your network.
You can also use features in Windows Server 2008 to define the local area network (LAN) adapter connectivity and security settings that your clients use for connection attempts. For example, Network Policy Server (NPS) allows you to create and enforce network access policies for authentication, and authorization, and client health. The Wired Network (IEEE 802.3) Policies in Windows Server 2008 Group Policy enable you to configure your network client computers with the security and connectivity settings that they must use to connect to your network.
There are two primary locations for product Help about 802.1X authenticated wired deployments. 802.3 wired product Help is associated with the following two features.
When you open any tab or dialog box within the properties of the Wired Network (IEEE 802.3) Policies Group Policy extension, you can press F1 to obtain conceptual information about each setting.
After you install Network Policy Server, product Help is available when you open the Network Policy Server Microsoft Management Console (MMC) and press F1. NPS product Help pertaining to 802.1X authenticated wired access configuration is dispersed throughout the NPS product Help, and logically linked in the topic “Checklist: Configure NPS for 802.1X Authenticating Switch Access;” the main body of which resides in the section titled “Client Computer Configuration.”
The NPS product Help is also available on the Web at http://go.microsoft.com/fwlink/?LinkID=108010.
This companion guide to the Foundation Network Guide provides instructions about how to deploy 802.1X authenticated wired access by using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).
To successfully deploy the technologies in this guide, you must first deploy the technologies in the following guides.
Windows Server 2008 Foundation Network Guide
Foundation Network Companion Guide: Deploying Server Certificates
See “Related Foundation Network Guides” for Web and download details.
Windows Server 2008 Foundation Network Guide.
Available for download in Word format at the Microsoft Download Center: http://go.microsoft.com/fwlink/?LinkId=105231.
Available in HTML format in the Windows Server 2008 Technical Library: http://go.microsoft.com/fwlink/?LinkId=106252.
Foundation Network Companion Guide: Deploying Server Certificates.
Available for download in Word format at the Microsoft Download Center: http://go.microsoft.com/fwlink/?LinkId=108259.
Available in HTML format in the Windows Server 2008 Technical Library: http://go.microsoft.com/fwlink/?LinkId=108258.
Foundation Network Companion Guide: Deploying Computer and User Certificates.
The 802.1X Authenticated Wired Access Design Guide can help you plan and design a new end-to-end 802.1X authenticated deployment for Ethernet networks, using features in Windows Server 2008 and 802.1X-capable wired switches that you deploy on your network. This design guide:
Describes the recommended deployment scenarios and designs for the 802.1X authenticated wired deployments that use NPS and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected EAP-Transport Layer Security (PEAP-TLS), or Protected EAP-Microsoft Challenge Handshake Protocol version 2 (PEAP-MS-CHAP v2).
Provides information to help you determine which supported design is appropriate for your deployment needs, by comparing the benefits and disadvantages of each.
Provides design recommendations and guidelines based on factors such as: Security, availability, reliability, scalability, manageability, interoperability, performance, cost-effectiveness, and other requirements.
The 802.1X Wired Access Deployment Guide provides information about how to deploy IEEE 802.1X authenticated wired Ethernet network access. The guide contains information about how to configure network policies in NPS to authenticate and authorize clients to connect to your LAN. NPS is the Windows Server 2008 implementation of Remote Authentication Dial-in User Service (RADIUS). In the addition, this guide provides deployment information about how to configure:
802.3 wired client security groups in the Active Directory Users and Computers MMC snap-in.
Wired client security and connectivity setting on Ethernet network adapters by using the wired Group Policy extension, Wired Network (IEEE 802.3) Policies.
Authentication methods such as EAP and PEAP for use with 802.1X deployments.
The 802.1X Authenticated Wired Access Deployment Guide is available in HTML format at http://go.microsoft.com/fwlink/?LinkId=137750.
The Netsh commands for wired local area network (LAN) provide methods to configure connectivity and security settings for computers running Windows Vista® and Windows Server 2008. You can use the Netsh LAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh LAN commands to view wired 802.1X Group Policy and to administer user wired 802.1X settings.