Before you deploy your wireless APs, consider your wireless AP requirements; the channel separation; the presence of signal propagation modifiers and sources of interference; and the number of wireless APs needed to meet your wireless coverage, bandwidth, and redundancy requirements.
To deploy your wireless APs, estimate wireless AP locations using building plans and knowledge of signal propagation modifiers and interference sources. Install your wireless APs in their temporary locations and perform a site survey, noting the areas with inadequate coverage. Change the locations of your wireless APs, signal propagation modifiers, or sources of interference and verify coverage by performing an additional site survey. After your final wireless AP locations are determined, update your building plans with their locations and note remaining areas of decreased bandwidth or signal strength.
Intranet Wireless Deployment Using EAP-TLS
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is used for certificate-based wireless authentication when a public key infrastructure (PKI) is available to issue computer and
The following components are required for an intranet wireless deployment using EAP-TLS:
Wireless client computers must be running Microsoft Windows XP, Windows Server 2003, or Windows 2000 with Microsoft 802.1X Authentication Client.
At least two IAS servers (one primary and one secondary) are recommended to provide fault tolerance for Remote Authentication Dial-In
You can use either Windows Server 2003 or Windows 2000 Server IAS. IAS servers running Windows 2000 must have Service Pack 3 (SP3) or later installed. (IAS is not included with Windows Server 2003, Web Edition.)
Active Directory domains contain the user accounts, computer accounts, and dial-in properties that each IAS server requires to authenticate credentials and evaluate authorization. Although not a requirement, IAS should be installed on Active Directory domain controllers to optimize IAS authentication and authorization response times and to minimize network traffic.
You can use either Windows Server 2003 or Windows 2000 Server domain controllers. Windows 2000 domain controllers must have SP3 or later installed.
To authenticate the IAS server to the wireless client during EAP-TLS authentication, a computer certificate must be installed on the IAS server computers.
To authenticate the wireless client computer or user during EAP-TLS authentication, a computer or user certificate must be installed on the wireless client computers.
A remote access policy is configured for wireless connections so that wireless users and their computers can access the organization’s intranet.
Multiple third-party wireless APs provide wireless access in different coverage areas of an organization. The wireless APs must support IEEE 802.1X, Wired Equivalent Privacy (WEP), RADIUS, and,
Figure 8-1 shows the components of EAP-TLS authentication.
If you use EAP-TLS authentication, do not also use Protected EAP-TLS (PEAP-TLS) for wireless connections. Allowing both protected and