2

I need to evaluate in a lab environment the use of Windows Server 2008 R2's NPS for 802.1x authentication with Cisco Catalyst 3750 switches; the general idea is to only let clients connect to the company network if they can provide valid domain logon credentials, placing them in a restricted VLAN instead if they can't. NAP would also be a bonus, but it can be evaluated later; the main point now is only 802.1x authentication.

Although I have very good knowledge of Windows and Active Directory (on the Microsoft side) and quite good knowledge of Catalyst switches (on the Cisco side), I'm totally new to 802.1x; I'd really like some general guidelines and help here, and some sort of implementation guide would also be very useful.

Massimo
  • 68,714
  • 56
  • 196
  • 319

1 Answers1

3

I posted a copy of my configuration notes to my blog at http://windowshell.wordpress.com/2011/01/04/a-sample-802-1x-configuration-guide/. Hopefully you'll find this useful. Sorry, due to the length of the text, I didn't think it appropriate to post here.

It describes how to configure a nominal Windows domain to use 802.1X with computer certificates and username/password. No NAP, but you would be halfway there. It was tested on Windows 2008 R2 Enterprise servers, Windows XP SP3 and Windows 7 clients, and Cisco 3750 and 2960 switches.

Please let me know if you have any questions and I will try to help you along. 802.1X can be one hairy beast!

newmanth
  • 3,913
  • 4
  • 25
  • 46
  • Thanks to various deities, I didn'have to follow that project to completin. I'm anyway accepting your answer, it's useful :-) – Massimo Mar 10 '11 at 13:54