I have Windows 2008 beta installed on a server with two LAN cards. LAN Card 1 is connected to a DSL modem. A router...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is connected to LAN Card 2. I want all of my wireless laptops to be authenticated by my Windows Server before they can use the Internet; hence, I want to use my Windows Server as an Internet proxy server. Any pointers on how I can achieve this?
You have several options for creating the network you describe. Perhaps the most interesting option is to use the Network Access Protection (NAP) feature built into Windows 2008.
With NAP, your Windows Server will run Network Policy Server (NPS) software. NPS is a replacement for Microsoft's older IAS RADIUS server. It fits into the NAP architecture, letting you not just authenticate your wireless clients, but actually check their system health before permitting access. You don't have to assess system health in order to control access using NPS. But if your wireless clients happen to run Windows Vista, then you already have the pieces you'd need to put this into place.
Whether you try your hand at NAP or stick with basic wireless client authentication, you'll also need a wireless AP with 802.1X. By configuring your AP to require 802.1X authentication before clients can use the network, you'll be preventing unknown users and devices from getting past the AP onto your LAN or the Internet. Just configure AP's security settings to require WPA-Enterprise or WPA2-Enterprise, entering your Windows server's IP address as the RADIUS server address. The AP will now forward all WLAN access requests to NPS for approval.
But to use 802.1X, your wireless clients must have 802.1X Supplicant software. If all of your wireless clients run Windows XP or Vista, you've already got what you need to make this happen. Otherwise, look at the wireless adapter on each client to see whether they can support 802.1X. You probably want to use 802.1X with Protected EAP (PEAP) for login/password authentication. If you have a client that cannot support 802.1X, then you'll need to fall back to another method for controlling either WLAN or Internet access. For example, you could use a MAC ACL to let your wireless printer onto the network, while still authenticating XP/Vista wireless clients.
To learn more about Windows 2008 NPS, NAP, and 802.1X, check out these Microsoft Step-by-Step test instructions.
Dig Deeper on Wireless LAN Implementation
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.