Troubleshooting guide

Connecting to Wi-Fi Networks
41
802.1x Authentication
IEEE 802.1x is an authentication standard that greatly reduces the security
vulnerabilities associated with connections to IEEE 802.11 wireless
networks. The IEEE 802.11 wireless network standards specify two
authentication methods: one that is based on identification of the wireless
adapter (open system authentication) and the other that is based on a proof
of knowledge of a secret key (shared key authentication). 802.1x enforces
the authentication of the credentials of a wireless computer or user before
allowing access to the wireless network and, depending on the actual
authentication method used, determines encryption keys for wireless
communication. If you connect to an 802.11 wireless local area network
(WLAN) without 802.1x authentication enabled, the data that you send is
more vulnerable to attacks.
Enabling EAP-TTLS for Windows 2000 and Windows XP
Note: To utilize EAP-TTLS you must already have an account in a domain
that is setup to support EAP authentication.
To enable EAP-TTLS, follow these steps:
1. Make sure your operating system supports EAP-TTLS
2. Enable trust of the domain by going to the Certificate Server. Using
Internet Explorer open
http://certificateserver.yourdomain.com/certsrv. Enter your domain
username (in the form domain\user if a domain field is not present)
your password, and the domain name if the domain field is present.
3. Once authenticated, select Retrieve the CA certificate and click next.
4. Click on Install this CA certification path. You may be asked to let
"Microsoft Certificate Enrollment Control" execute, or to allow
certificates installation from this web site, both of which you should
allow.
5. When the "Root Certificate Store" dialog appears, select Yes and a
message will be displayed saying that CA certificate has been
successfully installed.
6. Return to http://certificateserver.yourdomain.com/certsvc, and select
Request a certificate.
7. At the "Choose Request Type" dialog, select Advanced request.
8. On the "Advanced Certificate Requests" dialog, select Submit a
certificate request to this CA using a form, click Next.
9. On the next dialog, choose User as the "Certificate Template",
Microsoft Enhanced Cryptographic Provider v1.0 as the "CSP", 2048 as