Implementing 802.1x on Wireless Networks with Cisco and Microsoft

Server Setup

    Windows XP currently has the only available 802.1x client implementation available today, but there are other implementation in the works, including the open source Open1x, and another commercial implementation SecureSupplicant. These instructions assume that you're connecting with a windows 2000 server backend authentication, as setup in these instructions.

Step 1 - Get Client Certificate

• Connect the client to a network that doesn't require port authentication.

• Open up Microsoft Explorer in Windows XP, and go to http://<yourserver>/certsrv

• Authenticate to the server using your account that you created at the end of the server setup.

• Ensure that Request a certificate is selected, and click Next.

• Ensure that User certificate request: User Certificate is selected, and click Next.

• Click Submit.

• You'll see status messages on the screen, then your certificate will be returned to you.  Click Install this certificate.

• You'll receive a confirmation message about accepting the certificate, click Yes.

Step 2 - Enable 802.1x authentication for wireless card

• Open up the properties for your wireless connection, either by

  • Right-click on My Network Places on the desktop, select Properties, or

  • Open up the Control Panel, select Network Connections (located under Network and Internet Connections if in Category View)

• Right Click on the Wireless Network Connection, and select Properties.

• Select the Authentication Tab, and ensure that Enable network access control using IEEE 802.1X is selected, and Smart Card or other Certificate is selected from the EAP type.

Step 3  - Enable Encryption (Optional - See notes on using dynamic WEP with Windows XP and Cisco APs)

• Encryption is enabled for each specific wireless network to which you connect.  To enable encryption for a wireless network, click on the Wireless Networks tab. 

• Select the wireless network on which you want to enable dynamic WEP from under Available Networks, and select Configure.

• Select Data encryption (WEP enabled), and ensure The key is provided for me automatically is also selected.

Now you're ready to configure your Access Point, and authenticate via 802.1x.

This howto is still under development, comments, questions, and feedback welcomed at mvanopst@cs.umd.edu
Last updated January 29th, 2002 by Mike van Opstal