802.1x Wireless Implementation

 

802.1x Wireless Implementation using PEAP, Windows 2003 IAS, and Windows 2003 Enterprise CA, GPO Certificate Autoenrollment, Cisco Aironet 1231AP

Compiled by Ace Fekay, 2/9/2006
MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer

Delaware County Computer Consulting
ace@delcocomputerconsulting.com
www.delcocomputerconsulting.com
http://mvp.support.microsoft.com

 

Abstract

This document describes the steps and configuration settings to implement an 802.1x wireless solution using PEAP, Windows 2003 IAS, Windows 2003 Enterprise CA, GPO for User & Computer Certificate Autoenrollment, GPO to create two Wireless SSID settings for corporate internal access, and guest DMZ access, using a Cisco Aironet 1231AP

 

The document consists of 11 sections:

  1. How to  Install and Configure an Offline Standalone CA Root
  2. How to install and configure and Enterprise Subordinate CA
  3. How to Create an Autoenrollment User Certificate Template
  4. How to Create an Autoenrollment Computer Certificate Template
  5. How to Import an Offline Root CA Certificate into the AD using a GPO
  6. How to Periodically Update the CRL to the Enterprise Subordinate CA
  7. How to configure a GPO For Autoenrollment & Wireless SSID Settings
  8. How to configure an NPS/IAS RADIUS Server
  9. How to Request a User and Computer Certificate for EAP 802.1x Authentication on the IAS/NPS/RADIUS server.
  10. How to Configure the User Account’s Dial-in Settings Properties in AD
  11. Overview and Screenshots of all of the Cisco 1231AP Aironet 802.1x PEAP and RADIUS Settings

 

Document disclaimer:

The document is protected from copying, selecting, editing or saving. It is for reference only. Each 802.1x wireless implementation is unique, therefore the solution presented may or may not be the exact solution for your infrastructure, depending on your company’s requirements.

 

Document PDF link: http://sdrv.ms/S86GuA 

The password to open the PDF is WirelessDoc

 

Third Party Wireless Solutions

There are third party wireless solutions that make this much easier, that encompasses everything reducing administration and resource overhead. Example solutions are shown below but other solutions are available not limited by this list.

Cisco’s CiscoWorks Wireless LAN Solution Engine (WLSE)
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html 

Meraki Cloud Managed Wireless, 802.11n Wireless LAN Built for Management
http://www.meraki.com/products/wireless/

Deep Blue Communications Hotel Wireless Solutions
http://www.deepbluecommunications.com/hotel-wireless-solutions/

 

Troubleshooting:

Thread: "Event ID 13 – Autoenrollment Error"
Good discussion on certificate template settings
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/689081ab-b95f-4667-9bef-26ba94d8e980

Thread: "Windows XP Wireless GPO rollout" 9/9/2012
Good outline on wireless 802.1x in a post by Lawrence Lv
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/63e204e1-5683-44ff-bf38-6b7fd5e18428

Technical Support:

The Microsoft Technet Forum are your best bet for assistance from the technical community, including Microsoft MVPs and Microsoft engineers.
http://social.technet.microsoft.com/Forums/en-US/winserversecurity

If you are not able to come up with a resolution from the forum, and the problem is affecting business productivity and must be resolved ASAP, then the next best bet is to contact Microsoft PSS:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS 

 

Suggestions, comments, corrections, etc., are welcomed.

Thank you,
Ace Fekay

Leave a Reply