802.1X Authenticated Wireless Access
Applies To: Windows Server 2008, Windows Vista
Windows Server® 2008 provides features that you can use to deploy Institute of Electrical and Electronic Engineers (IEEE) 802.1X authenticated wireless service for IEEE 802.11 wireless network clients. In combination with the 802.1X-capable wireless access points (APs) and other Windows Server 2008 services that you deploy on your network, you can use these Windows Server 2008 features to control who can access your network.
You can also use features in Windows Server 2008 to define the wireless network adapter connectivity and security settings that your wireless clients use for connection attempts. For example, Network Policy Server (NPS) allows you to create and enforce network access policies for authentication, authorization, and client health. The Wireless Network (IEEE 802.11) Policies in Windows Server 2008 Group Policy enable you to configure your network client computers with the security and connectivity settings that they must use to connect to your network.
Product Help
802.11 Wireless Product Help
There are two primary locations for product Help about 802.1X authenticated wireless deployments. Wireless product Help is associated with the following two features.
Group Policy
When you open any tab or dialog box within the properties of the Wireless Network (IEEE 802.11) Policies Group Policy extension, you can press F1 to obtain conceptual information about each setting.
Network Policy Server
After you install Network Policy Server, product Help is available when you open the Network Policy Server Microsoft Management Console (MMC) and press F1. NPS product Help pertaining to 802.1X authenticated wireless access configuration is dispersed throughout the NPS product Help.
The NPS product Help is also available on the Web at https://go.microsoft.com/fwlink/?LinkID=108010.
Foundation Network Companion Guide: Deploying 802.1X Authenticated Wireless Access with PEAP-MS-CHAP v2
The Windows Server® 2008 Foundation Network Guide provides instructions on how to plan for and deploy the core components that are required for a fully functioning network. It also explains how to set up a new Active Directory® Domain Services (AD DS) domain in a new forest.
This companion guide to the Foundation Network Guide provides instructions about how to deploy 802.1X authenticated wireless access by using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).
Guide requirements
To successfully deploy the technologies in this guide, you must first deploy the technologies in the following guides.
Windows Server 2008 Foundation Network Guide
Foundation Network Companion Guide: Deploying Server Certificates
See “Related Foundation Network Guides” for Web and download details.
Content availability
Available for download in Word format at the Microsoft Download Center: https://go.microsoft.com/fwlink/?LinkId=131302
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=131325
Related Foundation Network Guides
Windows Server 2008 Foundation Network Guide.
Available for download in Word format at the Microsoft Download Center: https://go.microsoft.com/fwlink/?LinkId=105231.
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=106252.
Foundation Network Companion Guide: Deploying Server Certificates.
Available for download in Word format at the Microsoft Download Center: https://go.microsoft.com/fwlink/?LinkId=108259.
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=108258.
Foundation Network Companion Guide: Deploying Computer and User Certificates.
Available for download in Word format at the Microsoft Download Center: https://go.microsoft.com/fwlink/?LinkId=115742.
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=113884.
802.1X Authenticated Wireless Access Design Guide
The 802.1X Authenticated Wireless Access Design Guide can help you plan and design a new end-to-end 802.1X authenticated wireless infrastructure deployment, using features in Windows Server 2008 and 802.1X-capable wireless access points that you deploy on your network. This design guide:
Describes the recommended deployment scenarios and designs for the 802.1X authenticated wireless deployments that use NPS and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected EAP-Transport Layer Security (PEAP-TLS), or Protected EAP-Microsoft Challenge Handshake Protocol version 2 (PEAP-MS-CHAP v2).
Provides information to help you determine which supported design is appropriate for your wireless deployment needs, by comparing the benefits and disadvantages of each.
Provides design recommendations and guidelines based on factors such as: Security, availability, reliability, scalability, manageability, interoperability, performance, cost-effectiveness, and other requirements.
Content availability
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=140670.
802.1X Authenticated Wireless Deployment Guide
The 802.11 Wireless Deployment Guide provides information about how to deploy IEEE 802.1X authenticated wireless network access. The guide contains information about how to configure network policies in NPS to authenticate and authorize wireless clients to connect to your network. NPS is the Windows Server 2008 implementation of Remote Authentication Dial-in User Service (RADIUS). In the addition, this guide provides deployment information about how to configure:
Wireless security groups in the Active Directory Users and Computers MMC snap-in.
Wireless client security and connectivity setting on wireless network adapters by using the wireless Group Policy extension, Wireless Network (IEEE 802.11) Policies.
Authentication methods such as EAP and PEAP for use with 802.1X wireless deployments.
Content availability
Available in HTML format in the Windows Server 2008 Technical Library: https://go.microsoft.com/fwlink/?LinkId=134848.
Netsh Commands for Wireless Local Area Network (WLAN)
The Netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings for computers running Windows Vista® and Windows Server® 2008. You can use the Netsh WLAN commands to configure the local computer or to configure multiple computers by using a logon script. You can also use the netsh WLAN commands to view applied wireless Group Policy settings.
Content availability
The Netsh Commands for Wireless Local Area Network (WLAN) reference is available in HTML format at https://go.microsoft.com/fwlink/?LinkID=81752