Specifications
802.1x Solution Cookbook 237
CHAPTER 11
802.1x Solution Cookbook
This chapter describes the theory, configuration, and operation of
a wireless network based on Microsoft Windows client and
server components and utilizing the 802.1x authentication
protocol. This design is based on an actual deployment in a K-12
school district located in the United States. The key features of
this design include:
z Two-phase authentication based on both computer and user
authentication
z Role-based authorization to segment student, faculty, and IT
staff network access
z Laptops and client devices that are shared by multiple users
throughout the day
z Secure guest access
z Link-layer encryption using per-user dynamic WEP keys
The school system has deployed a wireless network consisting of
an OmniAccess 6000 Wireless LAN system, over two hundred
laptops with integrated 802.11 network interface cards running
Microsoft Windows XP, several dozen HP iPAQ 2215 PDAs
running Microsoft PocketPC 2003, and a Microsoft server
infrastructure. The laptops are shared by students during the
instructional day to provide Internet access and access to central
storage on a Windows 2003 Server machine. PDAs are used by
the faculty only. Approximately one hundred Alcatel 52 Access
Points have been deployed throughout the initial building to
provide wireless coverage. The building is several decades old
and constructed with concrete interior walls, so a higher than
required number of APs was deployed to ensure both coverage
and performance.