Required Components

Previous page
Table of content
Next page

Required Components

The following components are required for an intranet wireless deployment using PEAP-MS-CHAP v2:

  • Wireless client computers running Windows.

    Wireless client computers must be running Microsoft Windows XP Service Pack 1 (SP1) and later, Windows Server 2003, or Windows 2000 with Microsoft 802.1X Authentication Client.

  • At least two Internet Authentication Service servers.

    At least two Internet Authentication Service (IAS) servers (one primary and one secondary) are recommended to provide fault tolerance for Remote Authentication Dial-In User Service (RADIUS) based authentication. If only one IAS server is configured and it becomes unavailable, wireless access clients cannot connect. By using two IAS servers and configuring all wireless access points (APs) acting as the RADIUS clients for both the primary and secondary IAS servers, the wireless APs can detect when the primary RADIUS server is unavailable and then automatically fail over to the secondary IAS server. You can use either Windows Server 2003 or Windows 2000 Server IAS. IAS servers running Windows 2000 must have SP3 or later and Microsoft 802.1X Authentication Client installed. IAS is not included with Windows Server 2003, Web Edition.

  • Active Directory directory service domains.

    Active Directory domains contain the user accounts, computer accounts, and dial-in properties that each IAS server requires to authenticate credentials and evaluate authorization. Although not a requirement, IAS should be installed on Active Directory domain controllers to optimize IAS authentication and authorization response times and minimize network traffic.

    You can use either Windows Server 2003 or Windows 2000 Server domain controllers. Windows 2000 domain controllers must have SP3 or later installed.

  • Computer certificates installed on the IAS servers.

    To authenticate the IAS server to the wireless client during phase 1 of PEAP-based authentication, a computer certificate must be installed on the IAS server computers. The phases of PEAP authentication are described in Chapter 2, Wireless Security.

  • Root certification authority certificates on each wireless client.

    If not already installed, you must install root certification authority (CA) certificates for the issuing CA of the computer certificates being used by the IAS servers on the wireless client computers so that the computer certificates of the IAS servers are trusted for authentication.

  • Wireless remote access policy.

    A remote access policy is configured for wireless connections so that wireless users and their computers can access the organization s intranet.

  • Multiple wireless APs.

    Multiple wireless APs provide wireless access in different coverage areas of an organization. The wireless APs must support IEEE 802.1X, Wired Equivalent Privacy (WEP), RADIUS, and, optionally, Wi-Fi Protected Access (WPA).

Figure 10-1 shows the components of PEAP-MS-CHAP v2 authentication.

figure 10-1 the components of peap-ms-chap v2 authentication.

Figure 10-1. The components of PEAP-MS-CHAP v2 authentication.


Previous page
Table of content
Next page
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
ISBN: 0735619395
EAN: 2147483647
Year: 2000
Pages: 123
Authors: Joseph Davies
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Extending and Embedding PHP
.NET System Management Services
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy