Problem solve Get help with specific problems with your technologies, process and projects.

Can I use my Windows Server as an Internet proxy server?

To use your Windows Server as an Internet proxy server, what do you need to do? Find out from our wireless expert, Lisa Phifer.

I have Windows 2008 beta installed on a server with two LAN cards. LAN Card 1 is connected to a DSL modem. A router...

is connected to LAN Card 2. I want all of my wireless laptops to be authenticated by my Windows Server before they can use the Internet; hence, I want to use my Windows Server as an Internet proxy server. Any pointers on how I can achieve this?

You have several options for creating the network you describe. Perhaps the most interesting option is to use the Network Access Protection (NAP) feature built into Windows 2008.

With NAP, your Windows Server will run Network Policy Server (NPS) software. NPS is a replacement for Microsoft's older IAS RADIUS server. It fits into the NAP architecture, letting you not just authenticate your wireless clients, but actually check their system health before permitting access. You don't have to assess system health in order to control access using NPS. But if your wireless clients happen to run Windows Vista, then you already have the pieces you'd need to put this into place.

Whether you try your hand at NAP or stick with basic wireless client authentication, you'll also need a wireless AP with 802.1X. By configuring your AP to require 802.1X authentication before clients can use the network, you'll be preventing unknown users and devices from getting past the AP onto your LAN or the Internet. Just configure AP's security settings to require WPA-Enterprise or WPA2-Enterprise, entering your Windows server's IP address as the RADIUS server address. The AP will now forward all WLAN access requests to NPS for approval.

But to use 802.1X, your wireless clients must have 802.1X Supplicant software. If all of your wireless clients run Windows XP or Vista, you've already got what you need to make this happen. Otherwise, look at the wireless adapter on each client to see whether they can support 802.1X. You probably want to use 802.1X with Protected EAP (PEAP) for login/password authentication. If you have a client that cannot support 802.1X, then you'll need to fall back to another method for controlling either WLAN or Internet access. For example, you could use a MAC ACL to let your wireless printer onto the network, while still authenticating XP/Vista wireless clients.

To learn more about Windows 2008 NPS, NAP, and 802.1X, check out these Microsoft Step-by-Step test instructions.

This was last published in September 2007

Dig Deeper on Wireless LAN Implementation