What's New in 802.1X Authenticated Wireless Access
Applies To: Windows 8.1, Windows Server 2012 R2
This topic provides information about the new features for 802.1X Authenticated Wireless Access in Windows Server 2012 R2 and Windows 8.1.
IEEE 802.1X authentication provides an additional security barrier for your intranet that you can use to prevent guest, rogue, or unmanaged computers that cannot perform a successful authentication from connecting to your intranet.
For the same reason that administrators deploy IEEE 802.1X authentication for IEEE 802.3 wired networks—enhanced security—network administrators want to implement the IEEE 802.1X standard to help protect their wireless network connections. Just as an authenticated wired client must submit a set of credentials to be validated before being allowed to send frames over the wired Ethernet intranet, an IEEE 802.1X wireless client must also perform authentication prior to being able to send traffic over its wireless access point (AP) port, and over the network.
What's New in 802.1X Authenticated Wireless Access in Windows Server 2012 R2
The following table provides a list of the new features for Wireless Access.
Feature/functionality |
New or updated? |
Description |
---|---|---|
New |
802.11ac provides better bandwidth and faster connections than previous standards. |
|
New |
Wirelessly project your laptop or tablet screen for viewing on larger monitors and televisions. |
|
Extending the use of passwords for Enterprise wireless access |
New |
Your organization employees can bring their own non-domain joined wireless devices running Windows Server 2012 R2 and Windows 8.1 to work and enter passwords only once during their wireless session. |
Support for 802.11ac
Wireless connections in Windows® 8.1 and Windows Server® 2012 R2 now support Institute of Electrical and Electronics Engineers (IEEE) 802.11ac wireless access.
802.11ac provides higher speeds, throughput, reliability, and quality of wireless communications than previous standards, such as 802.11n, 802.11g, and 802.11b. This is possible because 802.11ac uses wider RF bandwidths, more spatial streams, multi user multiple in, multiple out (MIMO), and enhanced high density modulation.
802.11ac allows better performance for applications that require higher bandwidth, such as wireless display, streaming high fidelity videos, distribution of HDTV and other content between devices, rapid upload and download of files, and playing online games.
Note
To see the benefits of using 802.11ac connections, your other wireless network hardware, such as wireless network adapters and wireless access points, must also support 802.11ac. In addition, 802.11ac functions regardless of whether you have deployed 802.1X authentication; the two technologies are not related.
The following table provides a comparison between 802.11n and 802.11ac.
Feature |
802.11n |
802.11ac |
---|---|---|
Operation frequency |
2.4 GHz and 5 GHz |
5 GHz Only |
Channel width |
20 MHz, 40 MHz |
20 MHz, 40 MHz, 80 MHz; 160 MHz optional |
Modulation schemes |
64 QAM |
BPSK, QPSK, 16QAM, 64 QAM, 256 QAM (optional) |
Spatial streams |
4 spatial MIMO |
Up to 8 Spatial MIMO |
Multi User MIMO |
No |
Yes |
In Windows® 8.1 and Windows Server® 2012 R2, the following Network Shell (netsh) commands in the netsh wlan context are modified to include information about 802.11ac:
-
When you run the netsh wlan show drivers command, if the drivers support 802.11ac, the command output item Radio types supported now includes 802.11ac.
-
When you run the netsh wlan show networks command with the mode parameter set to bssid, if the network driver supports 802.11ac, the command output item Radio types supported now includes 802.11ac. Following is an example of this command with the mode parameter.
netsh wlan show networks mode=bssid
-
When you run the netsh wlan show profiles command, if the profile includes the radio type 802.11ac, the command output item Radio type now includes 802.11ac.
Wireless Display
You can use Wireless Display to wirelessly project the screen from your computer or device that is running Windows 8.1 or Windows® RT 8.1 to any Miracast-compatible display, such as a television, monitor, or projector. This capability is especially useful in circumstances where your source device has a small screen and you are projecting onto a device with a larger screen, allowing you to easily share experiences and information with others.
Note
Wireless Display is available in Windows 8.1 and Windows® RT 8.1. In addition, Wireless Display functions regardless of whether you have deployed 802.1X authentication; the two technologies are not related.
For example, at home you can use Wireless Display to project your laptop or tablet screen to your large screen television, allowing your family to engage in planning a family vacation, view photos, watch videos, or surf the Internet together.
In the office you can use Wireless Display to connect to a projector from your laptop or tablet, then run Microsoft PowerPoint and other applications for your presentation.
Wireless Display is compatible with the WFA Miracast specification and works with Miracast-certified receivers. For more information, see Certified Products.
To use Wireless Display, you must move your computer or device running Windows 8.1 or Windows RT 8.1 within range of a Miracast-compatible display, and then access the Project menu by pressing the Windows key and K simultaneously (Win+K). The Project screen opens and provides a list of compatible devices to which you can connect. If you have not previously connected to a device, click Add a Wireless Display to add a device.
Note
If you have upgraded your computer or device from Windows 8 to Windows 8.1, it is recommended that you obtain and install the most recent drivers for your devices from Windows Update or your product manufacturer before you use Wireless Display.
For more information, see Project to a wireless display with Miracast.
Extending the use of passwords for Enterprise wireless access
If you have deployed password-based 802.1X authentication methods for wired and wireless connections through Ethernet switches and wireless access points, users with non-domain joined computers and devices that are running Windows 8.1 and Windows Server 2012 R2 can bring their own devices to your organization and enjoy the advantages of password-based credential reuse.
When password-based Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) authentication methods are deployed, end users can provide their credentials the first time they connect to your organization’s network, then connect to all the resources they want to without being prompted repeatedly for their credentials, because the credentials are stored on the local computer for reuse.
This is especially useful for users who are connecting to multiple network resources, such as Enterprise intranet Web sites, Enterprise printers, and line of business applications.
For security reasons, when the user’s computer or device disconnects from the network, the stored credentials are discarded.
This feature is available for non-domain joined computers and devices that are running Windows 8.1 and Windows Server 2012 R2 when you have deployed the following authentication methods on your network.
EAP with Microsoft Challenge Handshake Protocol version 2 (EAP-MS-CHAP v2)
PEAP-EAP-MS-CHAP v2
EAP-TTLS with EAP-MS-CHAP v2
In Windows 8.1 and Windows Server 2012 R2, this feature is enabled by default. You can use the following registry key to disable or re-enable user password storing if you have previously disabled it:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Configuration
Name |
Type |
Default |
Exists by default |
---|---|---|---|
DisableUsrPwdStoring |
DWORD (1 or 0) |
0 (false) |
No |
When this registry key is set to 1 (true) EAP methods do not store any credential information in Credential Manager.