I have Windows 2008 beta installed on a server with two LAN cards. LAN Card 1 is connected to a DSL modem. A router...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
is connected to LAN Card 2. I want all of my wireless laptops to be authenticated by my Windows Server before they can use the Internet; hence, I want to use my Windows Server as an Internet proxy server. Any pointers on how I can achieve this?
You have several options for creating the network you describe. Perhaps the most interesting option is to use the Network Access Protection (NAP) feature built into Windows 2008.
With NAP, your Windows Server will run Network Policy Server (NPS) software. NPS is a replacement for Microsoft's older IAS RADIUS server. It fits into the NAP architecture, letting you not just authenticate your wireless clients, but actually check their system health before permitting access. You don't have to assess system health in order to control access using NPS. But if your wireless clients happen to run Windows Vista, then you already have the pieces you'd need to put this into place.
Whether you try your hand at NAP or stick with basic wireless client authentication, you'll also need a wireless AP with 802.1X. By configuring your AP to require 802.1X authentication before clients can use the network, you'll be preventing unknown users and devices from getting past the AP onto your LAN or the Internet. Just configure AP's security settings to require WPA-Enterprise or WPA2-Enterprise, entering your Windows server's IP address as the RADIUS server address. The AP will now forward all WLAN access requests to NPS for approval.
But to use 802.1X, your wireless clients must have 802.1X Supplicant software. If all of your wireless clients run Windows XP or Vista, you've already got what you need to make this happen. Otherwise, look at the wireless adapter on each client to see whether they can support 802.1X. You probably want to use 802.1X with Protected EAP (PEAP) for login/password authentication. If you have a client that cannot support 802.1X, then you'll need to fall back to another method for controlling either WLAN or Internet access. For example, you could use a MAC ACL to let your wireless printer onto the network, while still authenticating XP/Vista wireless clients.
To learn more about Windows 2008 NPS, NAP, and 802.1X, check out these Microsoft Step-by-Step test instructions.
Dig Deeper on Wireless LAN Implementation
Related Q&A from Lisa Phifer
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.