Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM200
31323334353637383940
Summit WM Technical Reference Guide, Software Version 5.3 33
4 Creating the Windows Security Infrastructure
To ensure information and best practice configuration integrity, all information contained in this section
was extracted from this source:
Deploying Secure 802.11 Wireless Networks with Microsoft Windows, by Joseph Davies
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
Wireless client computers running Windows:
Windows XP and Windows Server 2003 have built-in support for IEEE 802.11 wireless access and IEEE
802.1X authentication using the Extensible Authentication Protocol (EAP). Windows 2000 supports IEEE
802.1X authentication when either Windows 2000 Service Pack 4 (SP4) or Windows 2000 Service Pack 3
(SP3) and Microsoft 802.1X Authentication Client is installed (Windows 2000 SP4 is recommended).
At least two Internet Authentication Service (IAS) servers:
At least two IAS servers (one primary and one secondary) are used to provide fault tolerance for
Remote Authentication Dial-In User Service (RADIUS)-based authentication. If only one RADIUS server
is configured and it becomes unavailable, wireless access clients cannot connect. By using two IAS
servers and configuring all wireless access points (APs) (the RADIUS clients) for both the primary and
secondary IAS servers, the RADIUS clients can detect when the primary RADIUS server is unavailable
and automatically fail over to the secondary IAS server.
You can use either Windows Server 2003 or Windows 2000 Server IAS. IAS servers running Windows
2000 must have either SP4 or SP3 with Microsoft 802.1X Authentication Client installed (Windows 2000
SP4 is recommended). IAS is not included with Windows Server 2003, Web Edition
Active Directory® directory service domains:
Active Directory domains contain the user accounts, computer accounts, and dial-in properties that each
IAS server requires to authenticate credentials and evaluate authentication. While not a requirement, to
both optimize IAS authentication and authentication response times and minimize network traffic, IAS
should be installed on Active Directory domain controllers. You can use either Windows Server 2003 or
Windows 2000 Server domain controllers. Windows 2000 domain controllers must have SP3 or SP4
installed.
Computer certificates installed on the IAS servers:
Regardless of which wireless authentication method you use, you must install computer certificates on
the IAS servers.
For EAP-TLS authentication, a certificate infrastructure:
When the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) authentication
protocol is used with computer and user certificates on wireless clients, a certificate infrastructure, also
known as a public key infrastructure (PKI), is needed to issue certificates
For Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-
CHAP v2) authentication, root certification authority (CA) certificates on each wireless client. PEAP-MS-
CHAP v2 is a password-based secure authentication method for wireless connections. Depending on the