how to configure dot1x

8/4/2019 How to Configure Dot1x

1/45

3COM BRAZILAuthor: Juliano Forti ([email protected])

HOW TO CONFIGURE 802.1X / PEAPWITH RADIUS SERVER (IAS) AND ACTIVE DIRECTORY USING

WIRELESS SWITCH THROUGH OF THE WIRELESS SWITCHMANAGER


2/45


WIRELESS SWITCH MANAGER

1. Configuring the Access Point

- Select the TAB Configuration- Select the option Wireless- Select the option Access Points- Select the option Create- Select the option Directly Connected MAP- Uses wizard to configure to choose the AP model


3/45


2. Access Point Configured- Deploy the configuration to the Wireless Switch- Select the option Deploy


4/45


3. Configuring the Service Profile OpenNOTE:- This step is necessary to verify if the connection from Wireless Client to the AP

connected on WX is working in an open SSID without authentication. It can be deletedwhen the 802.1X is working correctly.

- Select the TAB Configuration- Select the option Wireless- Select the option Wireless Services- Select the option Create- Select the option Open Access Service Profile- Uses wizard to configure the SSID Open


5/45


4. Service Profile Open with the SSID Open Configured- Deploy the configuration to the Wireless Switch- Select the option Deploy


6/45


5. Configuring the RADIUS Client on WX- Select the TAB Configuration- Select the option AAA- Select the option Radius

- Select the option Create- Select the option Radius Server- Uses wizard to configure the Radius


7/45


6. Radius Configured- Deploy the configuration to the Wireless Switch- Select the option Deploy- NOTE:- The IP Address is the IP from the Radius Server (ie. IAS)

- The Key configured here must be the same configured on Radius Server (ie. IAS)


8/45


7. Configuring the the Service Profile 802.1X- Select the TAB Configuration- Select the option Wireless- Select the option Wireless Services

- Select the option Create- Select the option 802.1X Service Profile


9/45


8. Do not forget to select the Radius in the Service Profile 802.1X wizard- Select the EAP Type: External RADIUS Server- Select the Server Group configured previously on Avaliable RADIUS Server

Groups


10/45


9. Service Profile 802.1X Configured- Deploy the configuration to the Wireless Switch- Select the option Deploy


11/45


ACTIVE DIRECTORY

10. Configuring the group on Active Directory- Open the Active Directory Users and Computers

- Select Users under Domain (ie LAB3COM)- Right-Click in Users- Select New / Group


12/45


- Enter with the Group name


13/45


11. Configuring the Users on Active Directory- Select Users under Domain (ie LAB3COM)- Right-Click in Users- Select New / User


14/45


- Enter with the First Name- Enter with the User logon name


15/45


- Enter with the Password for the user created


16/45


12. Configuring the user to the group on Active Directory- Double-click in the user created- Select the TAB Member Of


17/45


- Click on Add


18/45


- Enter with the name of the group created in the option Enter the objectnames to select


19/45


- User added to the group


20/45


- Select the TAB Dial-in- Select the option Allow Access


21/45


IAS RADIUS

1. Configuring the Radius Client on IAS- Right-Click on RADIUS Client

- New RADIUS Client


22/45


- Enter with the name- Enter with IP from Radius Client (This the IP from Wireless Switch)


23/45


- Select the Client-Vendor- Enter with the Shared secret (This the same configured on Wireless Switch).

The key configuration on WX was described on item 6 of this manual.


24/45


- Radius Client configured on IAS


25/45


2. Configuring the Remote Access Policies on IAS- Right-Click on Remote Access Policies- Select New Remote Access Policy


26/45


- Enter with the policy nama


27/45


- Select the Access Method


28/45


- Select the option add


29/45


- Enter with the name of the group in the item Enter the object names toselect


30/45


- Group selected- Click on Next


31/45


- Select PEAP- Select Configure


32/45


- Select the certificate


33/45


- Click Finish- The policy has been created


34/45


3. Configuring the IAS to use the AD- Right-Click on Internet Authentication Service (Local)- Select Register Server in Active Directory


35/45



36/45


WIRELESS CLIENT CENTRINO

1. Configuring the Client- Open the Wireless Connection- Select Properties


37/45


- Select the TAB Wireless Networks- Click on Add


38/45


- Enter with the SSID- Select the Network Authentication- Select Data Encryption


39/45


- Select the TAB Authentication- Select the EAP Type / PEAP


40/45


41/45


- Uncheck the option Validate server certificate- Select the Authentication Method (EAP-MSCHAPv2)- Click on Configure


42/45


- Uncheck the option automatically use my Windows logon name andpassword (and domain if any).


43/45


EVENT VIEWER

1. Troubleshooting- The event viewer can be used to verify if the Radius packet is being analyzed

by the Radius Server

- Select Administrative Tools / Event Viewer


44/45


- Select the TAB System under Event Viewer (Local)


45/45

- Double-click on event to verify if the client was authenticated or reject

how to configure dot1x

Documents