Vous êtes sur la page 1sur 45

HOW TO CONFIGURE 802.

1X / PEAP WITH RADIUS SERVER (IAS) AND ACTIVE DIRECTORY USING WIRELESS SWITCH THROUGH OF THE WIRELESS SWITCH MANAGER

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

WIRELESS SWITCH MANAGER 1. Configuring the Access Point Select the TAB Configuration Select the option Wireless Select the option Access Points Select the option Create Select the option Directly Connected MAP Uses wizard to configure to choose the AP model

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

2. Access Point Configured - Deploy the configuration to the Wireless Switch - Select the option Deploy

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

3. Configuring the Service Profile Open


NOTE: - This step is necessary to verify if the connection from Wireless Client to the AP connected on WX is working in an open SSID without authentication. It can be deleted when the 802.1X is working correctly.

Select the TAB Configuration Select the option Wireless Select the option Wireless Services Select the option Create Select the option Open Access Service Profile Uses wizard to configure the SSID Open

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

4. Service Profile Open with the SSID Open Configured - Deploy the configuration to the Wireless Switch - Select the option Deploy

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

5. -

Configuring the RADIUS Client on WX Select the TAB Configuration Select the option AAA Select the option Radius Select the option Create Select the option Radius Server Uses wizard to configure the Radius

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

6. Radius Configured - Deploy the configuration to the Wireless Switch - Select the option Deploy
NOTE: The IP Address is the IP from the Radius Server (ie. IAS) The Key configured here must be the same configured on Radius Server (ie. IAS)

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

7. -

Configuring the the Service Profile 802.1X Select the TAB Configuration Select the option Wireless Select the option Wireless Services Select the option Create Select the option 802.1X Service Profile

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

8. Do not forget to select the Radius in the Service Profile 802.1X wizard - Select the EAP Type: External RADIUS Server - Select the Server Group configured previously on Avaliable RADIUS Server Groups

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

9. Service Profile 802.1X Configured - Deploy the configuration to the Wireless Switch - Select the option Deploy

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

ACTIVE DIRECTORY 10. Configuring the group on Active Directory - Open the Active Directory Users and Computers - Select Users under Domain (ie LAB3COM) - Right-Click in Users - Select New / Group

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the Group name

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

11. Configuring the Users on Active Directory - Select Users under Domain (ie LAB3COM) - Right-Click in Users - Select New / User

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the First Name Enter with the User logon name

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the Password for the user created

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

12. Configuring the user to the group on Active Directory - Double-click in the user created - Select the TAB Member Of

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Click on Add

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the name of the group created in the option Enter the object names to select

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

User added to the group

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the TAB Dial-in Select the option Allow Access

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

IAS RADIUS 1. Configuring the Radius Client on IAS - Right-Click on RADIUS Client - New RADIUS Client

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the name Enter with IP from Radius Client (This the IP from Wireless Switch)

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the Client-Vendor Enter with the Shared secret (This the same configured on Wireless Switch). The key configuration on WX was described on item 6 of this manual.

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Radius Client configured on IAS

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

2. Configuring the Remote Access Policies on IAS - Right-Click on Remote Access Policies - Select New Remote Access Policy

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the policy nama

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the Access Method

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the option add

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the name of the group in the item Enter the object names to select

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Group selected Click on Next

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select PEAP Select Configure

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the certificate

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Click Finish The policy has been created

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

3. Configuring the IAS to use the AD - Right-Click on Internet Authentication Service (Local) - Select Register Server in Active Directory

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

WIRELESS CLIENT CENTRINO 1. Configuring the Client - Open the Wireless Connection - Select Properties

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the TAB Wireless Networks Click on Add

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Enter with the SSID Select the Network Authentication Select Data Encryption

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the TAB Authentication Select the EAP Type / PEAP

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the option Properties

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Uncheck the option Validate server certificate Select the Authentication Method (EAP-MSCHAPv2) Click on Configure

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Uncheck the option automatically use my Windows logon name and password (and domain if any).

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

EVENT VIEWER 1. Troubleshooting - The event viewer can be used to verify if the Radius packet is being analyzed by the Radius Server - Select Administrative Tools / Event Viewer

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Select the TAB System under Event Viewer (Local)

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)

Double-click on event to verify if the client was authenticated or reject

3COM BRAZIL Author: Juliano Forti (juliano_forti@3com.com)