Configure NPS Policy for Wireless Radius Authentication.
Configure Network Policy for EAP Authentication
If
you are planning to use an SSL certificate that is not self-signed, make sure
it is installed on the server before continuing to the rest of this section.
Follow the below steps to Install the NPS Role.
1.Click
on Server Manager> Add Roles and Features > Select Network and Policy Access Services.
2. Select
Network Policy Server and Click on Next to Continue.
3. Click
on Install to start the installation and then Click on Close to complete.
Configuring NPS
Policies:
NPS
policies determine how devices and users may connect and gain network access.
There are several different types of policies:
Connection Request
policies -
Describe who/what/how a NAS client may connect.
Network policies - Sets conditions and
requirements for wireless devices and/or users before network access is granted.
Health policies - Determines whether/how a
client passes health check.
If
a client fails the first policy, it tries the next and so on until all policies
have been tried. The first match wins, even if there are other policies that
could match. Make sure your policies are placed in the correct order!
Configuration
Steps:
Go
to Tools> Network Policy Server.
Under
Standard configuration> Select 802.1X
Wireless and Click Configure 802.1x
to Continue.
Give the policy a name, I’ll call it “Wireless”. Leave the type of network access server as Unspecified,Click Next to continue.
Next you’ll be prompted with below screen to add Radius Client, Click Add to continue.
You
can add your Wi-Fi Controller details
here, Enter a friendly name (You can also use the hostname of WLC) and the
IP address of the WLC. Enter a password in the Shared secret field. We’ll need to
make a note of this password later you’ll need this to configure the wireless LAN controller.
Click
on OK and Next to continue.
Now You’ll be presented with below screen, Select EAP(PEAP) and Click Next to continue.
Now you need to define some group for authorized users, Hear I’m adding all my Domain Users to have access but it is recommended to define a separate group for authorized users and add them to hear.
You will be presented with below screen, Where you have an option to define Traffic Control.
Click
on Next to Continue.
Click on Next to Continue.
You can verify your configurations and click on Finish to complete the configuration.
Post
completion you’ll be able to find able
to find WLC added to Radius Client and both
Connection request Policy and Network Policies created in the name of “Wireless” . Now the most important
part is you need to Register NPS to
Active directory to ensure the user credentials are validated with your AD
Server.
Do
a right mouse click on NPS > Register server in Active Directory.
And
you’ll be prompted with a notification that is has been registered, click OK to continue.
NPS
is now installed and permitted to interact with Active Directory. Your NPS server will validate the Authentications
request with your AD Server.
You
are all set with NPS and Policies, Now let’s configure WLC with AAA Server.
Create
Wireless Controller to use Radius Authentication.
Setting up Wireless Controller with isn’t a
difficult process, First we have to link our Wireless controller with Radius
server and the next step is to configure WLAN Profile to use WPA2-Enterprise
Mode.
Click
no Configure> Navigate to AAA Server.
You
can hit Create New and add new Authentication server. I’ve already
created one in the name of “WiFiTest”
Here you need to enter the IP address and the shared secret
(password) that you created when you configured the RADIUS client in NPS, let
the Port numbers generated be default.
Click Apply to
continue.
You
have Successfully Linked WLC with your Radius Server, Lets validate the
connectivity using a test account created in AD.
Connectivity
successfully validated, Lets now Create a WLAN for Wireless devices to connect.
Configure a WLAN:
Create
a WLAN in the name of “Test-Radius” by
mapping the Authentication Server as
“WiFiTest” to Validate the connections request with Radius Server.
That’s
all you have to configure on the Wireless LAN Controller. Since we have already
validated the connectivity to the RADIUS
server from the WLC , We can move on and test wireless client to connectivity
to our wireless network.
Validating the
Connectivity on Wireless Client(Windows 8.1)
Look for the wireless icon in the taskbar, select the wireless network Test-Radius which we’ve created earlier and click on Connect.
You
will see a pop-up that asks for your Credentials.Enter
the username and password that you configured in Active
Directory and click on OK.
The
RADIUS server will present a certificate
to the wireless users so that they can verify if they are talking to the
correct RADIUS server. You can view
the Certificate by clicking on Show Certificate details.
Click
on Connect to Continue.
And
you will see that you are now connected to Test-Radius
Congratulations! You just authenticated a user
through PEAP. Hope this document will help you setup 802.1x Radius
Authentication in your Network.
No comments:
Post a comment