Manualshelf

Secure Access Configuration Guide For Wireless Clients Part Two: Wireless Data Privacy and Monitored Logon 2003-03

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
Configuring Scenario 6: Monitored Logon 802.1x Authentication
Scenario 6 consists of a wireless, Dynamic WEP, Windows XP client authenticating via 802.1x
Monitored logon. In this example, the AP 420 is the authenticator for the client and the ACS
monitors the logon process. 802.1 x logon authentications require both a RADIUS server (with
authentication policy) and an LDAP database of users. In this example, we will be using
Microsoft’s IAS (RADIUS) and Active Directory to accomplish this.
Note: This scenario requires the installation and configuration of services that will not be shown
here, with the exception of specific changes required by the configuration scenario. Refer to
product documentation for more information.
The steps required for Scenario 6 are:
On the Enterprise Server, create a user account in Active Directory and associate it
with a group.
On the Enterprise Server, create a new RADIUS client (in this case, the AP 420).
On the Enterprise Server, create a Remote Access Policy for authentication.
On the ACS, define a RADIUS Authentication Service and associate it to the System
Authentication Policy
On the ACS, create an 802.1x Authentication Service and associate it to the System
Authentication Policy.
From the ACS, configure the ProCurve Access Control xl Module with the DHCP
Server IP Address to allow clients to use Real IP addresses.
On the AP 420, configure Dynamic WEP/802.1x and add the RADIUS Server IP
address and RADIUS Key.
On the wireless Windows XP client, configure the client for 802.1x authentication,
connect and verify authentication.
1) On the Enterprise Server, create a user account in Active Directory and
associate it with a group.
a. Refer to Scenario 2 in Part One of this guide for details on creating a User
and Group affiliation in Active Directory.
2) On the Enterprise Server, create a new RADIUS client (in this case, the
AP 420).
Note: The Enterprise Server is configured as a Domain Controller named
“samcorp.com”.
a. To create a new RADIUS client on the Enterprise Server, open IAS (Start
Æ Administrative Tools Æ Internet Authentication Service). Right click on
RADIUS Clients and select New RADIUS Client.
© Copyright 2005 Hewlett-Packard Company, LP. 44