Share via

Checklist: Configure NAP Enforcement for 802.1X Wired

  • Article

Applies To: Windows Server 2008

Configure NAP Enforcement for 802.1X Wired

This checklist provides the steps required to deploy 802.1X authenticating switches with Network Policy Server (NPS) and Network Access Protection (NAP).

Task Reference

Install and configure 802.1X authenticating switches on your network.

RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation

Determine whether you want to use PEAP-MS-CHAP v2 or PEAP-TLS as the authentication method.

RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; PEAP Overview; and your hardware documentation

Autoenroll a server certificate to NPS servers or, if you are using PEAP-MS-CHAP v2, optionally purchase a server certificate rather than deploying your own CA.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication (https://go.microsoft.com/fwlink/?LinkId=33675)

If you are using PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers.

Deploy Client Computer Certificates and Deploy User Certificates

Configure 802.1X wired clients using Group Policy.

Configure 802.1X Wired Clients Running Windows Vista with Group Policy

Configure 802.1X authenticating switches as RADIUS clients in NPS.

Add a New RADIUS Client and RADIUS Clients

Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the switches.

Create a Group for a Network Policy

On NAP-capable client computers, enable the Network Access Protection service and change the startup type to automatic.

Enable the Network Access Protection Service on Clients

On NAP-capable client computers, enable the EAP enforcement client.

Enable and Disable NAP Enforcement Clients

If you are using the Windows Security Health Validator (WSHV) in your NAP deployment, enable Security Center on NAP-capable clients using Group Policy.

Enable Security Center in Group Policy

In NPS, if your NAP deployment requires it, configure the WSHV.

Windows Security Health Validator

Install and configure other system health agents (SHAs) and system health validators (SHVs).

System Health Validators

In NPS, configure health policies, connection request policies, and network policies that enforce NAP for 802.1X wired access.

Create NAP Policies with a Wizard

In NPS, if you are deploying remediation servers so that clients can automatically update their configuration in compliance with health policy, configure Remediation Server Groups.

Configure Remediation Server Groups