I have Windows 2008 beta installed on a server with two LAN cards. LAN Card 1 is connected to a DSL modem. A router...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
is connected to LAN Card 2. I want all of my wireless laptops to be authenticated by my Windows Server before they can use the Internet; hence, I want to use my Windows Server as an Internet proxy server. Any pointers on how I can achieve this?
You have several options for creating the network you describe. Perhaps the most interesting option is to use the Network Access Protection (NAP) feature built into Windows 2008.
With NAP, your Windows Server will run Network Policy Server (NPS) software. NPS is a replacement for Microsoft's older IAS RADIUS server. It fits into the NAP architecture, letting you not just authenticate your wireless clients, but actually check their system health before permitting access. You don't have to assess system health in order to control access using NPS. But if your wireless clients happen to run Windows Vista, then you already have the pieces you'd need to put this into place.
Whether you try your hand at NAP or stick with basic wireless client authentication, you'll also need a wireless AP with 802.1X. By configuring your AP to require 802.1X authentication before clients can use the network, you'll be preventing unknown users and devices from getting past the AP onto your LAN or the Internet. Just configure AP's security settings to require WPA-Enterprise or WPA2-Enterprise, entering your Windows server's IP address as the RADIUS server address. The AP will now forward all WLAN access requests to NPS for approval.
But to use 802.1X, your wireless clients must have 802.1X Supplicant software. If all of your wireless clients run Windows XP or Vista, you've already got what you need to make this happen. Otherwise, look at the wireless adapter on each client to see whether they can support 802.1X. You probably want to use 802.1X with Protected EAP (PEAP) for login/password authentication. If you have a client that cannot support 802.1X, then you'll need to fall back to another method for controlling either WLAN or Internet access. For example, you could use a MAC ACL to let your wireless printer onto the network, while still authenticating XP/Vista wireless clients.
To learn more about Windows 2008 NPS, NAP, and 802.1X, check out these Microsoft Step-by-Step test instructions.
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.