Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
31323334353637383940
Creating the Windows Security Infrastructure
Summit WM20 Technical Reference Guide, Software Version 4.234
If you are using PEAP-MS-CHAP v2 authentication, select Extensible Authentication Protocol and
the Protected EAP (PEAP) EAP type, and then click Configure. In the Protected EAP Properties
dialog box, select the appropriate computer certificate and ensure that Secured password (EAP-
MSCHAP v2) is selected as the EAP type.
Profile, Encryption tab: Clear all other check boxes except the Strongest check box. This forces all
wireless connections to use 128-bit encryption. The settings on the Encryption tab correspond to the
MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types RADIUS attributes and might be
supported by the wireless AP. If these attributes are not supported, clear all the check boxes except
No encryption.For more information, see the “Add a remote access policy” procedure in this section
2 For Windows Server 2003 IAS, use the New Remote Access Policy Wizard to create a common
remote access policy with the following settings:
a Policy name: Wireless access to intranet (example)
b Access Method: Wireless
c User or Group Access: Group with the Wireless Users group selected (example group name)
d Authentication Methods: Smart Card or other Certificate type (for EAP-TLS) or Protected EAP
(PEAP) type (for EAP-MS-CHAP v2)
3 If the wireless APs require vendor specific attributes (VSAs), you must add the VSAs to the remote
access policy. For more information, see the “Configure vendor-specific attributes for a remote access
policy” procedure in this section.
4 For Windows 2000 IAS, delete the default remote access policy named Allow access if dial-in
permission is enabled. To delete a remote access policy, right-click the policy name in the Internet
Authentication Service snap-in and click Delete
Best Practice
If you are managing the remote access permission of user and computer accounts on a per-account
basis, use remote access policies that specify a connection type. If you are managing the remote access
permission through the remote access policy, use remote access policies that specify a connection type
and group. The recommended method is to manage remote access permission through the remote
access policy.
Add a remote access policy
1 Open the Internet Authentication Service snap-in.
2 In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.
Configure vendor-specific attributes for a remote access policy
1 Open the Internet Authentication Service snap-in.
2 In the console tree, click Remote Access Policies.
3 In the details pane, double-click the policy for which you want to configure a vendor-specific
attribute (VSA).
4 Click Edit Profile, click the Advanced tab, and then click Add.
5 Look at the list to see whether your vendor-specific attribute is already in the list of available
RADIUS attributes. If it is, double-click it, and then configure it as specified in your wireless AP
documentation.