Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
271272273274275276277278279280
802.1x Solution Cookbook 249
Chapter 11
Windows Group Membership Configuration
The authentication policy configured in IAS depends on the group
membership of the computer or user in Active Directory. These policies are
responsible for passing group information back to the Alcatel switch for use in
assigning computers or users to the correct role and thus determining their
network access privileges. Only computers or users that are members of the
following groups are allowed access to the wireless network:
z Domain Computers – this group is used for all computers to authenticate
to the network.
z Student – this group is used for all student users
z Faculty – this group is used for all faculty users
z Sysadmin – this group is used for system administrators
Group Policy Configuration
Windows 2003 Server contains support for Group Policy Objects to configure
client wireless settings. Because there are a number of wireless settings that
must be made on each client device, use of a GPO ensures that each client is
correctly configured. The GPO push must be done from a wired network the
first time, since a chicken-and-egg problem would result if wireless were used
for network connectivity. To initiate a group policy update manually, issue the
“gpupdate” command from the client computer.
Within the policy, several different settings are available. The information
below appears on each client device as long as the domain policy has been
updated.
Sets up general properties for the policy.
z Specifies that each client should check for policy updates every 60 min-
utes.
z Clients should only connect to Access Points. Clients should not connect
to or form ad-hoc networks.
z Clients will use the built-in Wireless Zero Configuration service to config-
ure wireless settings.
z Clients should not connect to non-preferred networks.
Sets up preferred ESSIDs that clients should connect to.
z The only ESSID clients should connect to is “Wireless LAN-01”.
Sets up general network properties for the ESSID.
z The ESSID name is “Wireless LAN-01”.