Share via

Checklist: Configure NPS for 802.1X Authenticating Switch Access

Applies To: Windows Server 2008

Configure NPS for 802.1X authenticating switch access

This checklist provides the steps required to deploy 802.1X authenticating switches with Network Policy Server (NPS).

Task Reference

Install and configure 802.1X authenticating switches on your network.

RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation

Determine the authentication method you want to use.

RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; EAP Overview; PEAP Overview; and your hardware documentation

Autoenroll a server certificate to NPS servers or, if you are using PEAP-MS-CHAP v2 only, optionally purchase a server certificate rather than deploying your own CA.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication (

If you are using EAP-TLS or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers.

Deploy Client Computer Certificates; Deploy User Certificates

Configure 802.1X wired clients using Group Policy.

Configure 802.1X Wired Clients Running Windows Vista with Group Policy

Configure 802.1X authenticating switches as RADIUS clients in NPS.

Add a New RADIUS Client; RADIUS Clients

Create a user group in Active Directory┬« Domain Services (AD DS) that contains the users who are allowed to access the network through the switches.

Create a Group for a Network Policy

In NPS, configure one or more network policies for 802.1X switch access.

Add a Network Policy; Create policies for 802.1X Wired or Wireless with a Wizard; Network Policies